Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tons of programs re-installing every day!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Kitty-Nin

Kitty-Nin

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 29 March 2015 - 03:06 PM

I'm having a huge problem where I have a whole series of unwanted programs re-install themselves (without any installation windows popping up, and a few that do pop up install windows but install anyway even if you click cancel or close the installer with task manager) and even though I uninstall them, they come back every. Single. Day. I've been running both Malwarearrow-10x10.png Bytes and AdwCleaner, and using Revo Uninstaller to remove the programs, but they keep coming back. I don't know where to go from here, because I've never really had an issue that Malware Bytes couldn't fix. 

 

Here's a list of things that keep installingarrow-10x10.png:

 

EppInk

Space Equals Sign

Games Desktop

Zombie News

Super Optimizer

SmartWeb

QuickRef

Optimizer Proarrow-10x10.png

Bid Forward

Stormwatch

 

And there's more, there are some programs that come back every time, and then a seemingly random rotating set that I get rid of and then something different takes their place. I'm having things change my Chrome settings and getting new tabs opening when I click basically anything online. I have no idea where this came from or how I got infected with this, or even what it is that's the source of all this crap, but it's making my computer practically unusable.

 

 



BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:06 PM

Posted 02 April 2015 - 12:20 PM

Hi Kitty, let's run these next.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Kitty-Nin

Kitty-Nin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 02 April 2015 - 08:51 PM

MiniToolBox:

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Alex (administrator) on 02-04-2015 at 16:06:52
Running from "C:\Users\Alex\Desktop"
Microsoft Windows 7 Starter  Service Pack 1 (X86)
Model: 1015PX Manufacturer: ASUSTeK Computer INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Minecraft (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="Minecraft" address=169.254.117.3 mask=255.255.0.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Seashell
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Minecraft:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : F4-6D-04-B7-EE-3C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : E0-B9-A5-02-B6-8B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::25b5:ab8b:6b0e:354a%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.8(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 31, 2015 10:59:23 PM
   Lease Expires . . . . . . . . . . : Thursday, April 09, 2015 4:06:18 PM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 249608613
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-02-94-67-E0-B9-A5-02-B6-8B
   DNS Servers . . . . . . . . . . . : 75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Name:    google.com
Addresses:  2607:f8b0:4006:80b::1005
 173.194.123.36
 173.194.123.37
 173.194.123.34
 173.194.123.39
 173.194.123.41
 173.194.123.46
 173.194.123.38
 173.194.123.32
 173.194.123.40
 173.194.123.33
 173.194.123.35
 
 
Pinging google.com [216.58.219.206] with 32 bytes of data:
Reply from 216.58.219.206: bytes=32 time=34ms TTL=54
Reply from 216.58.219.206: bytes=32 time=57ms TTL=54
 
Ping statistics for 216.58.219.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 57ms, Average = 45ms
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=100ms TTL=51
Reply from 98.139.183.24: bytes=32 time=113ms TTL=51
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 100ms, Maximum = 113ms, Average = 106ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...f4 6d 04 b7 ee 3c ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
 10...e0 b9 a5 02 b6 8b ......Atheros AR9285 Wireless Network Adapter
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.8     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.8    281
         10.0.0.8  255.255.255.255         On-link          10.0.0.8    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.8    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.8    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    281 fe80::/64                On-link
 10    281 fe80::25b5:ab8b:6b0e:354a/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 09 C:\windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/02/2015 09:00:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2015 09:00:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/31/2015 10:59:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
gfilterdrv
 
Error: (03/31/2015 10:59:22 PM) (Source: Service Control Manager) (User: )
Description: The SCWFPFilter service failed to start due to the following error: 
%%2
 
Error: (03/31/2015 10:58:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%3
 
Error: (03/31/2015 10:58:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1069
 
Error: (03/31/2015 10:58:41 PM) (Source: Service Control Manager) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/31/2015 10:58:40 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (03/31/2015 10:58:40 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/31/2015 10:58:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/31/2015 10:58:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/31/2015 10:58:10 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/02/2015 09:00:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\WSCTool.exe
 
Error: (04/02/2015 09:00:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\WSCHandler.exe
 
Error: (04/02/2015 09:00:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\VizorShortCut.exe
 
Error: (04/02/2015 09:00:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\VizorHtmlDialog.exe
 
Error: (04/02/2015 09:00:47 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\SupportTool.exe
 
Error: (04/02/2015 09:00:47 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\ShorcutLauncher.exe
 
Error: (04/02/2015 09:00:47 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\trend micro\BackUp\UCPlugin\c12t1206v0.0.0l1p5889r1o1\Remove.exe
 
Error: (04/02/2015 09:00:46 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiWinMgr.exe
 
Error: (04/02/2015 09:00:46 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiWatchDog.exe
 
Error: (04/02/2015 09:00:46 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files\trend micro\BackUp\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiSeAgnt.exe
 
 
 
=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScreensaver (HKLM\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.04 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.04.01 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AxCrypt 1.7.2687.0 (HKLM\...\{9ED9D728-9D4A-46D8-AF73-264CB0090AEA}) (Version: 1.7.2687.0 - Axantum Software AB)
Broadcom Wireless Network Adapter (HKLM\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
calibre (HKLM\...\{8FAFEF8C-295D-4D71-95FC-91D9B7D75F3E}) (Version: 2.13.0 - Kovid Goyal)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
Complément Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.1 (HKLM\...\Eee Docking_is1) (Version: 3.8.1 - ASUSTek Computer Inc.)
ETDWare PS/2-x86 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.7.25.173 - VideACE Co.)
ExpressGateCloud (Version: 2.7.25.173 - VideACE Co.) Hidden
FileZilla Client 3.10.1.1 (HKLM\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GamesDesktop 025.374 (HKLM\...\gmsd_us_374_is1) (Version:  - GAMESDESKTOP)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.32 - AsusTek Computer Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2364 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch)
Jarte 5.2 (HKLM\...\Jarte_is1) (Version: 5.2 - Carolina Road Software L.L.C.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (Version: 2.8.31.13 - Oracle Corporation) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 3.4 (HKLM\...\{D64833F8-860D-4216-8EDC-DD08AD68C0B5}) (Version: 3.4.402 - LibreOffice)
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.25 - AsusTek Computer Inc.)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger ???? (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger ????? (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Editor 32 bits (HKLM\...\{4C2F0321-E959-47FB-9FF9-E2139B02B68A}) (Version: 1.9.8 - Axialmedia)
Minecraft1.4.7 (HKLM\...\Minecraft1.4.7) (Version:  - )
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.6 - Notepad++ Team)
OpenSSL 0.9.8l Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Opera 11.61 (HKLM\...\Opera 11.61.1250) (Version: 11.61.1250 - Opera Software ASA)
Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
qBittorrent 3.1.12 (HKLM\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6186 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8312 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Songbird 1.10.2 (Build 2199) (HKLM\...\Songbird-release-2199) (Version:  - )
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.16 - AsusTek Computer)
syncables desktop SE (HKLM\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Trend Micro Titanium (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 2.20 - Trend Micro Inc.)
Trend Micro Titanium (Version: 1.0 - Trend Micro Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ???? (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
??????? Windows Live Mesh ActiveX ??(????) (HKLM\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
??????? Windows Live Mesh ActiveX ??? (HKLM\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 49%
Total physical RAM: 2038.12 MB
Available physical RAM: 1021.75 MB
Total Pagefile: 4076.23 MB
Available Pagefile: 2606.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.6 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:100 GB) (Free:16.58 GB) NTFS
2 Drive d: () (Fixed) (Total:117.87 GB) (Free:0 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SEASHELL
 
Administrator            Alex                     Guest                    
 
 
**** End of log ****
 

 

 

RKill:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/02/2015 04:10:32 PM in x86 mode.
Windows Version: Windows 7 Starter Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\AsusService.exe (PID: 1752) [WD-HEUR]
 * C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\jnsuD229.tmp (PID: 2256) [UP-HEUR]
 * C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\nsnF03E.tmp (PID: 5332) [UP-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * SensrSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/02/2015 04:13:15 PM
Execution time: 0 hours(s), 2 minute(s), and 42 seconds(s)
 

 

 

AdwCleaner: This is only the latest log from today, let me know if you need older logs from the past week or so. 

 

# AdwCleaner v4.200 - Logfile created 02/04/2015 at 16:16:01
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Starter Service Pack 1 (x86)
# Username : Alex - SEASHELL
# Running from : C:\Users\Alex\Downloads\adwcleaner_4.200.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files\gmsd_us_374
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Found : C:\Users\Alex\AppData\Local\gmsd_us_374
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKLM\SOFTWARE\GAMESDESKTOP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_374_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Tutorials
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_374]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.118
 
 
*************************
 
AdwCleaner[R0].txt - [13120 bytes] - [27/03/2015 12:03:42]
AdwCleaner[R1].txt - [2297 bytes] - [28/03/2015 14:20:21]
AdwCleaner[R2].txt - [3883 bytes] - [31/03/2015 22:53:23]
AdwCleaner[R3].txt - [1367 bytes] - [02/04/2015 16:16:01]
AdwCleaner[S0].txt - [13456 bytes] - [27/03/2015 12:47:42]
AdwCleaner[S1].txt - [2224 bytes] - [28/03/2015 14:26:13]
AdwCleaner[S2].txt - [3842 bytes] - [31/03/2015 22:58:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1604 bytes] ##########
 

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Starter x86
Ran by Alex on Thu 04/02/2015 at 16:34:50.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Alex\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Alex\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Users\Alex\Local Settings\Application Data\thinstall"
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{74982048-8EC4-415C-B81C-EC90C44D1754}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{B9579B0D-9EAA-4F11-B615-EB3F67B5FC7F}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/02/2015 at 16:41:16.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

ESET Scanner:

 

C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_secureprotect_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_speeditup_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_stormpverti_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_taplika_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_zombie_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-FBO6M.tmp\gentlemjmp_ieeuu.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-II1F2.tmp\gentlemjmp_ieeuu.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-IND6E.tmp\package_pariente_secureprotect_bing_installer_multilang.exe Win32/AdWare.EoRezo.AW application
C:\Users\Alex\AppData\Local\Temp\is-K8UML.tmp\SupOptStats.dll a variant of Win32/SProtector.Q potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsa33BD.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsa959C.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsa9722.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsaBE70.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsaC218.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsc27AE.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nscB5E3.tmp\nsWeb_DispOffr.dll a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsf475D.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsf7D99.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsf8BAD.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsf9657.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsf978F.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsfB913.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsfEF21.tmp\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Alex\AppData\Local\Temp\nsfEF21.tmp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Alex\AppData\Local\Temp\nsfEF21.tmp\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Alex\AppData\Local\Temp\nsh1AA5.tmp\PIPInstaller_PF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Alex\AppData\Local\Temp\nsi9FFA.tmp\PIPInstaller_PF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Alex\AppData\Local\Temp\nsjCC64.tmp\nsWeb_DispWPag.dll a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsjF1DA.tmp\nsWeb_DispWPag.dll a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsk8CB6.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsk9676.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsm252D.tmp\nsWeb_DispOffr.dll a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nso7512.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsp89C9.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsp97CD.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nspABAB.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nspB4BF.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsu6F4.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsv9001.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsvBAF7.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsvC775.tmp\zplugins.dll Win32/Toolbar.Zugo.D potentially unwanted application
C:\Users\Alex\AppData\Local\Temp\nsw12C1.tmp\Helper.dll a variant of MSIL/Adware.PullUpdate.A application
C:\Users\Alex\AppData\Local\Temp\nsw12C1.tmp\ZombieNewsInstall.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\Users\Alex\AppData\Local\Temp\nsx1DAE.tmp\nsWeb_DispWPag.dll a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\Users\Alex\AppData\Roaming\SNRQKC JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Alex\AppData\Roaming\20425664-1427087672-5557-1232-F46D04B7EE3C\jnsuD229.tmp a variant of Win32/Adware.ConvertAd.DP application
C:\Users\All Users\07ef66f0e2664a29a2d1d971bbd8e35b\07ef66f0e2664a29a2d1d971bbd8e35b.exe a variant of Win32/Adware.PicColor.M application
C:\Users\All Users\InstallMate\{0950C754-719E-43FE-A115-39BCD2B3E5A2}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MW2OO1V\gsafe_update[1] a variant of Win32/Adware.BrAppWare.A application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MW2OO1V\search-update-d[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MW2OO1V\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISPFI0EF\genfix-e[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISPFI0EF\genfix2-a[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L73VZQX4\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application
C:\Windows\Temp\TBU003\ToolbarUpdate.exe Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\Temp\TBU004\ToolbarUpdate.exe Win32/Toolbar.Zugo.D potentially unwanted application
D:\SEASHELL\Backup Set 2015-01-04 190001\Backup Files 2015-01-04 190001\Backup files 4.zip Win32/Toolbar.Conduit.F potentially unwanted application
D:\SEASHELL\Backup Set 2015-01-04 190001\Backup Files 2015-02-01 190002\Backup files 4.zip a variant of Win32/Amonetize.DE potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\CT2260173\plugins\TBVerifier.dll.vir a variant of Win32/Toolbar.Conduit.AM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\PF\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Conduit\CT3072253\uTorrentControl2AutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\SmartWeb\__u.exe.vir a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\windows\system32\VCL.dll.vir a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined
C:\Program Files\gmsd_us_374\gamesdesktop_widget.exe a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\Program Files\gmsd_us_374\gmsd_us_374.exe a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\Program Files\gmsd_us_374\predm.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\ProgramData\07ef66f0e2664a29a2d1d971bbd8e35b\07ef66f0e2664a29a2d1d971bbd8e35b.exe a variant of Win32/Adware.PicColor.M application cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{0950C754-719E-43FE-A115-39BCD2B3E5A2}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\nsyC1DB.tmp Win32/AnyProtect.G potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\nszC675.tmp Win32/AnyProtect.G potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\20425664-1427073534-5557-1232-F46D04B7EE3C\onsl8881.tmp a variant of Win32/Adware.ConvertAd.DJ application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\20425664-1427073534-5557-1232-F46D04B7EE3C\snsw8870.tmp a variant of Win32/Adware.AdService.BL application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\gmsd_us_374\upgmsd_us_374.exe a variant of Win32/Adware.EoRezo.AJ application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000000 a variant of Win32/Amonetize.DE potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28XBCI4U\BlockAndSurf_2222-5510[1].exe a variant of Win32/Adware.AddLyrics.DX application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28XBCI4U\SmartWebInstaller[1].exe a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O50QSI9\20150331228907[1].exe a variant of Win32/InstallMonetizer.BC potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O50QSI9\bundle_353[1].exe a variant of Win32/Adware.Imali.B application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O50QSI9\quickref-setup-1.10.0.12[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O50QSI9\Stub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPQPWGXQ\AnyProtectSetup[1].exe Win32/AnyProtect.G potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPQPWGXQ\OfferInstaller_dotnet4[1].exe a variant of MSIL/Adware.Imali.A application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPQPWGXQ\Setup[2].exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPQPWGXQ\setup_gmsd_us[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPQPWGXQ\spstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDAW1B2T\VOsrv[1].exe a variant of Win32/Adware.AdService.BP application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2J3QDXE\kmdSetup[1].exe a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2J3QDXE\mediaplayer[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2J3QDXE\OrbiterInstaller[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2J3QDXE\Setup[1].exe a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BGFTD23H\landing[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BGFTD23H\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LDHOK0N3\cn_download[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LDHOK0N3\cn_download[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\33817484-BD6C-4535-5D26-18268010ACFB.exe a variant of Win32/Adware.AddLyrics.DY application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\390.exe a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\3xYnDPWgEt.exe a variant of Win32/Downloader.Agent.AI potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\685B5973-5FD3-B074-56EC-F466B848D180.exe a variant of Win32/Adware.AddLyrics.DY application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\BackupSetup.exe MSIL/MyPCBackup.D potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\CloudBackup5984.exe MSIL/MyPCBackup.D potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\crtD042.tmp.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\ICReinstall_nsnE8AF.tmp a variant of Win32/InstallCore.PK potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\ICReinstall_nsvA7EE.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\ICReinstall_nsx23F7.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\ICReinstall_nsz31B7.tmp a variant of Win32/InstallCore.PL potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\mVO2CD5.exe a variant of MSIL/Adware.Imali.A application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\mVOC7C1.exe a variant of MSIL/Adware.Imali.A application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\nsc17E3.tmp a variant of Win32/InstallMonetizer.BC potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nsc827A.tmp Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nsdC688.tmp a variant of Win32/InstallMonetizer.BC potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nse8D0D.tmp Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nskE7CE.tmp a variant of Win32/Adware.Imali.B application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\nsm8AA6.tmp Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nsmC17E.tmp a variant of Win32/Adware.Imali.B application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\nsnE8AF.tmp a variant of Win32/InstallCore.PK potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nsp80BB.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\nst699F.tmp Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nsuB19D.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\nsv25E7.tmp a variant of Win32/Adware.Imali.B application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\nsvA7EE.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nsx23F7.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nsyC1DB.tmp Win32/AnyProtect.G potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\nsz31B7.tmp a variant of Win32/InstallCore.PL potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\OnlineBackup.exe MSIL/MyPCBackup.D potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\optprosetup.exe a variant of Win32/OptimizerEliteMax.C potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\optsetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\supoptsetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\utt33F3.tmp.exe a variant of Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\yuStzLxW5v.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\ct3334335\ism.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_35.exe Win32/Toolbar.Conduit.R potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\ICReinstall\cnet_AxCrypt-1_7_2687_0-Win32-en-US_msi.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\ICReinstall\cnet_DAMsetup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\is-0HF5F.tmp\gentlemjmp_ieeuu.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\InstallManager.exe a variant of Win32/InstallMonetizer.BC potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\ism.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_airwebbar_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_browsergood_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_bubbledock_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_BubbleSound_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_CubepileShopperz_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_mountainbike_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_optimizerpro_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_pariente_secureprotect_bing_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_pariente_secureprotect_yahoo_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_quickref_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_quickref_p_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_SByoutube_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_sb_driverupdater_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_secureprotect_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_speeditup_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_stormpverti_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_superpc_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_taplika_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-87CFG.tmp\package_zombie_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_airwebbar_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_mountainbike_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_pariente_secureprotect_bing_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_plushd_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_quickref_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_quickref_p_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\is-COQBU.tmp\package_SByoutube_installer_multilang.exe Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:06 PM

Posted 02 April 2015 - 09:25 PM

Should be a lot better.

Remove what ADW found on this pass

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Empty your temp folders using TFC (Temporary File Cleaner)
    • Please download TFC by Old Timer and save it to your desktop.
      alternate download link
    • Save any unsaved work. (TFC will close ALL open programs including your browser!)
    • Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)
    • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
    Now I want to check that service.

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

Edited by boopme, 02 April 2015 - 09:26 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Kitty-Nin

Kitty-Nin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 04 April 2015 - 11:40 AM

Sorry it took so long to get around to doing this.

 

ADW:

 

# AdwCleaner v4.200 - Logfile created 04/04/2015 at 12:22:52
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Starter Service Pack 1 (x86)
# Username : Alex - SEASHELL
# Running from : C:\Users\Alex\Desktop\Do bleep\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files\gmsd_us_374
Folder Deleted : C:\Users\Alex\AppData\Local\gmsd_us_374
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_374_is1
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.118
 
 
*************************
 
AdwCleaner[R0].txt - [13120 bytes] - [27/03/2015 12:03:42]
AdwCleaner[R1].txt - [2297 bytes] - [28/03/2015 14:20:21]
AdwCleaner[R2].txt - [3883 bytes] - [31/03/2015 22:53:23]
AdwCleaner[R3].txt - [1683 bytes] - [02/04/2015 16:16:01]
AdwCleaner[R4].txt - [1668 bytes] - [04/04/2015 12:16:09]
AdwCleaner[S0].txt - [13456 bytes] - [27/03/2015 12:47:42]
AdwCleaner[S1].txt - [2224 bytes] - [28/03/2015 14:26:13]
AdwCleaner[S2].txt - [3842 bytes] - [31/03/2015 22:58:11]
AdwCleaner[S3].txt - [1611 bytes] - [04/04/2015 12:22:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1670  bytes] ##########
 
 
TFC:
 
Ran the program, then rebooted manually.
 
FSS:
 
Farbar Service Scanner Version: 17-01-2015
Ran by Alex (administrator) on 04-04-2015 at 12:38:17
Running from "C:\Users\Alex\Desktop"
Microsoft Windows 7 Starter  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\windows\system32\nsisvc.dll => File is digitally signed
C:\windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\windows\system32\dhcpcore.dll => File is digitally signed
C:\windows\system32\Drivers\afd.sys => File is digitally signed
C:\windows\system32\Drivers\tdx.sys => File is digitally signed
C:\windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\windows\system32\dnsrslvr.dll => File is digitally signed
C:\windows\system32\mpssvc.dll => File is digitally signed
C:\windows\system32\bfe.dll => File is digitally signed
C:\windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\windows\system32\SDRSVC.dll => File is digitally signed
C:\windows\system32\vssvc.exe => File is digitally signed
C:\windows\system32\wscsvc.dll => File is digitally signed
C:\windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\windows\system32\wuaueng.dll => File is digitally signed
C:\windows\system32\qmgr.dll => File is digitally signed
C:\windows\system32\es.dll => File is digitally signed
C:\windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\windows\system32\ipnathlp.dll => File is digitally signed
C:\windows\system32\iphlpsvc.dll => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#6 Kitty-Nin

Kitty-Nin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 04 April 2015 - 12:30 PM

I thought we were doing pretty good with getting this fixed as I hadn't had anything download since the first cleaning. However, just now my browser (Chrome) crashed while I was surfing around and the following suddenly brought up install  and setup windows:

 

zombie news
super optimizer
optimizer pro
3D bubble sound
Pro PC cleaner
media player z
Linkey
anyprotect
 
I clicked exit/cancel on all of them, but a few I had to kill with the task manager. The Linkey window just will not go away, as  it doesn't have an exit/cancel buttons (only continue....), it doesn't show up in task manager, and right clicking on it in the task bar and choosing 'close window' does nothing.
 
Despite exiting out of all installer windows and NOT choosing to continue or agreeing to TOS on any of them, the following programs have now shown up as installed anyway in Programs and Features:
 
shopperz
games desktop
super optimizer
smart web 
search protect
optimizer pro
bubblesound
any protect
 
In addition, my browser is being hijacked with ads from eppink and shopperz, and once again my home page and search setting have been changed from 'new tab' and 'google' to Trovi.
 
I'm really at my wits end with this. 


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:06 PM

Posted 16 April 2015 - 10:28 PM

51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.
/
Reset your web browser to its default settings

Edited by boopme, 16 April 2015 - 10:30 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Kitty-Nin

Kitty-Nin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 April 2015 - 03:21 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/17/2015
Scan Time: 9:15:02 AM
Logfile: mwb.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.04.17.03
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Alex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362099
Time Elapsed: 41 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 19
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}, Quarantined, [9710422bc4c6ab8be65b63d523e08b75], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9AE7A6AE-162E-44c4-9A2B-A6B4EF19909D}, Quarantined, [9710422bc4c6ab8be65b63d523e08b75], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}, Quarantined, [9710422bc4c6ab8be65b63d523e08b75], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.jshep.1, Quarantined, [9710422bc4c6ab8be65b63d523e08b75], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.jshep, Quarantined, [9710422bc4c6ab8be65b63d523e08b75], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5081D2D4-1637-404C-B74F-50526718257D}, Quarantined, [9710422bc4c6ab8be65b63d523e08b75], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [188f155893f73600ea31152edb288779], 
PUP.Optional.QuickRef.A, HKLM\SOFTWARE\QuickRef_1.10.0.12, Quarantined, [872098d5d6b41224b68bdbf0e91a47b9], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b3f4ef7e79111f17ea6f4e6f808342be], 
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\Crossbrowse, Quarantined, [f0b709648cfe43f3804636892cd7ea16], 
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\crossbrowse.exe, Quarantined, [693ef37a7e0c1026467e14ab3ec56b95], 
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [347395d8d8b2aa8c12f0bf922adb10f0], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\TUTORIALS, Quarantined, [852268053f4b9f9731ecd47a32d356aa], 
Rootkit.cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, Quarantined, [1b8c38358a00e6506906c507e023d42c], 
PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [4f5895d8d8b211255c576b580ef523dd], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [83248ce1d5b5122443700fb4ec17946c], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [f5b2bfae682225117142bc07e71ca759], 
PUP.Optional.Shopperz.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [c2e5e984fc8e1224b300c7fcbc4704fc], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [a304bbb2ee9ced4918c93f00fa0b6a96], 
 
Registry Values: 11
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5081D2D4-1637-404C-B74F-50526718257D}, C:\Program Files\shopperz\Firefox, Quarantined, [9710422bc4c6ab8be65b63d523e08b75]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{5081D2D4-1637-404C-B74F-50526718257D}, C:\Program Files\shopperz\Firefox, Quarantined, [9710422bc4c6ab8be65b63d523e08b75]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{5081D2D4-1637-404c-B74F-50526718257D}, Quarantined, [0c9b3d303753d26475cc7fb949baec14], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{5081D2D4-1637-404c-B74F-50526718257D}, Quarantined, [abfcd29bb9d1b185db665fd9fb08d22e], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_359, Quarantined, [aafd90dd2961261059cc3c9614ef837d], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_372, Quarantined, [96110865563413237fa62aa80cf7c43c], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_385, Quarantined, [61464528ee9c68cece57498953b006fa], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_391, Quarantined, [6f3855183d4dfc3a2cf924ae60a3649c], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_432, Quarantined, [386fbbb26d1d32040c19c50def1448b8], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_449, Quarantined, [32756a0397f392a4e243854d669d837d], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\TUTORIALS|HostGUID, 44BA6CD4-8D76-46FE-A7FB-170835D901B0, Quarantined, [852268053f4b9f9731ecd47a32d356aa]
 
Registry Data: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M8AC6F731-168F-46AD-9798-B2990591C694&SearchSource=55&CUI=&UM=8&UP=SP4F5ADB3C-6E0F-4E15-ADAD-2039D1540538&D=040415&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M8AC6F731-168F-46AD-9798-B2990591C694&SearchSource=55&CUI=&UM=8&UP=SP4F5ADB3C-6E0F-4E15-ADAD-2039D1540538&D=040415&SSPV=),Replaced,[5e4972fb5b2f7eb8943b13e2848143bd]
 
Folders: 8
PUP.Optional.Shopperz.A, C:\Program Files\shopperz, Quarantined, [5c4b620bfc8ed75f4e509024a95a669a], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\installer, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\language, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\logs, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\scan_results, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\swf, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.GUPlayer.A, C:\Program Files\GUPlayer, Quarantined, [c1e6d69719711c1afdcbcdeeae55817f], 
 
Files: 52
PUP.Optional.OptimizerPro, C:\ProgramData\{c174582d-c98f-cd74-c174-4582dc9860b7}\hqghumeaylnlf.exe, Quarantined, [990ea1ccaedc80b6e63cab95cc360ef2], 
PUP.Optional.OptimizerPro, C:\ProgramData\{f8c8db68-e377-394a-f8c8-8db68e376da3}\hqghumeaylnlf.exe, Quarantined, [9f086effb1d9f244d949f44cee14ac54], 
PUP.Optional.Winsock.Hijack, C:\Windows\System32\VCL.dll, Quarantined, [7136c8a57515f24414ff87b4cd3557a9], 
PUP.Optional.OfferInstaller.C, C:\Users\Alex\AppData\Local\Temp\mVO1573.exe, Quarantined, [9e0990ddd2b81521f99b42f75da59967], 
PUP.Optional.OfferInstaller.C, C:\Users\Alex\AppData\Local\Temp\mVO3C16.exe, Quarantined, [733489e42d5db0865b393306d230659b], 
PUP.Optional.OptimizerPro, C:\Users\Alex\AppData\Local\Temp\is-C51GA.tmp\optimizerpro_soft_partner.exe, Quarantined, [fea972fbfc8e7cba0d15a59b34ce3cc4], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\150.exe, Quarantined, [7136a7c6c7c39b9bd0615fa09f62d927], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\382.exe, Quarantined, [0c9b3c311a70ee48a48d9a653cc5d729], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_speeditup_installer_multilang.exe, Quarantined, [f9ae2e3f0783a88eb8799669679ac838], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, Quarantined, [0c9ba8c57812c1758ea359a607fa9868], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_superpc_installer_multilang.exe, Quarantined, [9d0a274626646fc73bf6b14e7a8713ed], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_zombie_installer_multilang.exe, Quarantined, [446394d98bffdc5a1b16ee11ac5526da], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [f0b7125bc0cafe3899989f60926fa65a], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_browsergood_installer_multilang.exe, Quarantined, [4265531acac0c076d35eb6491ae7b44c], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_bubbledock_installer_multilang.exe, Quarantined, [35726a034149c86e32ff4fb033ce8977], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_BubbleSound_installer_multilang.exe, Quarantined, [a502135a8208ed49cd64ff001ce5619f], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [0e9926476b1fe452cf62db240cf51ce4], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_mountainbike_installer_multilang.exe, Quarantined, [2f7876f79eec9e9865cc52ad38c9c937], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_optimizerpro_installer_multilang.exe, Quarantined, [6443caa32e5c83b360d1d926b05159a7], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_pariente_secureprotect_bing_installer_multilang.exe, Quarantined, [a00748255535e74f9d9432cd976a7f81], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_pariente_secureprotect_yahoo_installer_multilang.exe, Quarantined, [7f284f1edfab38fe0928ba4569982dd3], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_pcrossbrowser_installer_multilang.exe, Quarantined, [bbecce9f1d6d87af48e949b6db26bd43], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_psafeguard_installer_multilang.exe, Quarantined, [297e204d8efce1558aa706f97a87af51], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_quickref_installer_multilang.exe, Quarantined, [3c6beb820e7cfd39ea47dd220cf50af6], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_quickref_p_installer_multilang.exe, Quarantined, [099e115cfa90241255dc12ed35cc768a], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_SByoutube_installer_multilang.exe, Quarantined, [8027bdb0424885b13df41fe0e819ac54], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_sb_driverupdater_installer_multilang.exe, Quarantined, [7a2d0d6097f342f473bec639fd0407f9], 
PUP.Optional.Tuto4PC.A, C:\Users\Alex\AppData\Local\Temp\is-JDTDK.tmp\package_secureprotect_installer_multilang.exe, Quarantined, [3473d994becc989efa37996629d87a86], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_35.exe, Quarantined, [faade687d2b854e24ceefa53d031ff01], 
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\__u.exe, Quarantined, [caddcf9eb7d396a0be5e51af40c2a15f], 
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP1.job, Quarantined, [743344298ffba88e9ab3d7e9af54b24e], 
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP2.job, Quarantined, [02a585e87416a294c28b982844bfa55b], 
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP3.job, Quarantined, [485f224b11799e9874d9d1ef7f84b14f], 
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP1, Quarantined, [4265333ab4d6102685c915ab6b98728e], 
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP2, Quarantined, [9710501d8505c86e39157b45f50e17e9], 
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP3, Quarantined, [f1b63f2e375372c47dd1675927dcc33d], 
PUP.Optional.VCL.A, C:\Users\Alex\AppData\Local\Temp\VCL.log, Quarantined, [a50216578dfd39fd7401764a93707090], 
PUP.Optional.VCL.A, C:\Windows\Temp\VCL.log, Quarantined, [dbcc3b321d6d9d99da9bfec255aec63a], 
PUP.Optional.VCL.A, C:\Users\Alex\AppData\Local\Temp\VCLR.ini.log, Quarantined, [4661b4b9365421155e18e2dea3609070], 
PUP.Optional.VCL.A, C:\Users\Alex\AppData\Local\Temp\VCLr.log, Quarantined, [8621412ce6a40b2b86f113adaf549967], 
PUP.Optional.VCL.A, C:\Windows\Temp\VCLr.log, Quarantined, [90173c31a4e6fb3b067109b7eb18db25], 
PUP.Optional.Winsock.Hijack, C:\Windows\System32\VCLOff.ini, Quarantined, [a9fe85e83555de58fc7c833d679cd22e], 
PUP.Optional.SmartWeb.A, C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task, Quarantined, [2c7b1f4ea7e3e452caedd4ff847f09f7], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios.dll, Quarantined, [5c4b620bfc8ed75f4e509024a95a669a], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\installer\ab.test.json, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\installer\tempfile.t, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\language\de.xml, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\language\en.xml, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\language\fr.xml, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
PUP.Optional.AnyProtect.A, C:\Users\Alex\AppData\Roaming\AnyProtectEx\swf\mov01.swf, Quarantined, [8423d499c1c98babaae1c7f4679cda26], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:06 PM

Posted 17 April 2015 - 03:50 PM

How is it now kitty?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Kitty-Nin

Kitty-Nin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 18 April 2015 - 10:29 AM

Everything re-installed again this morning. I ran Malwarebytes again directly after everything installed, without uninstalling anything with add/remove programs. I'm typing this around like twelve ads right now :/
 
Here's the new Malwarebytes log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/18/2015
Scan Time: 10:35:27 AM
Logfile: mwb2.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.04.18.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Alex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363402
Time Elapsed: 24 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 14
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\SmartWebHelper.exe, 5372, , [f5156d019feb6ec839f469976c96ff01]
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\SmartWebApp.exe, 1476, , [af5bd29c8109df57230a22de6c960bf5]
PUP.Optional.OptimizerPro, C:\Users\Alex\AppData\Local\Temp\is-TCQ07.tmp\optimizerpro_soft_partner.exe, 5744, , [52b8b7b76129ed4991a078c87c861be5]
PUP.Optional.ZombieNews.A, C:\ProgramData\iwGkwRGg\QuGLRIBbjL.exe, 2628, , [23e7006e2c5eed491d5e4e7a1de4b24e]
PUP.Optional.GamesDesktop.A, C:\Program Files\gmsd_us_458\gmsd_us_458.exe, 5112, , [6aa0cba3ef9bec4ae8a6a52de32002fe]
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\wrex.exe, 4332, , [8486006e2d5d7abc009a5976dd26d927]
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\grunt.exe, 2148, , [ef1bf97588029a9c0018a12e1de645bb]
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\nseven.exe, 4928, , [df2b77f7fa905fd7f3ad527be41fc937]
Rootkit.Agent.A, C:\Program Files\shopperz\csrcc.exe, 6068, , [c6447bf30a80181e9287a9263bc80ff1]
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\upgmsd_us_458.exe, 5776, , [de2ce18df19967cfe695664b2ed5eb15]
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\upgmsd_us_458.exe, 2948, , [de2ce18df19967cfe695664b2ed5eb15]
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\Download\majmp_gentleeeuu.exe, 4676, , [de2ce18df19967cfe695664b2ed5eb15]
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\csrcc.exe, 6068, , [719984ea2169c0768d97edc89c670df3]
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\Service\insvc.exe, 4300, , [f3176e00acdeff37ee92e9d3a1620000]
 
Modules: 9
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\swhk.dll, , [67a3442a5f2b96a02c018b75b34f2fd1], 
PUP.Optional.Conduit.A, C:\Program Files\ORBTR\orbiter.dll, , [74964628870355e1af3f9f328c755ba5], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\kasumi32.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\liara.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\tsoni.dll, , [719984ea2169c0768d97edc89c670df3], 
 
Registry Keys: 51
PUP.Optional.ZombieNews.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\QuGLRIBbjL, , [23e7006e2c5eed491d5e4e7a1de4b24e], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [08025c121971e84e925d5be8768dcb35], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\CLSID\{5081D2D4-1637-404c-B74F-50526718257D}, , [0cfef876b5d5b581fee670c812f107f9], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}, , [0cfef876b5d5b581fee670c812f107f9], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}, , [0cfef876b5d5b581fee670c812f107f9], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}\INPROCSERVER32, , [0cfef876b5d5b581fee670c812f107f9], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.jshep.1, , [0cfef876b5d5b581fee670c812f107f9], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.jshep, , [0cfef876b5d5b581fee670c812f107f9], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5081D2D4-1637-404C-B74F-50526718257D}, , [0cfef876b5d5b581fee670c812f107f9], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [d436e28cf09a7cbadbe3142f57ac867a], 
PUP.Optional.SmartWeb.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SmartWeb, , [1deddd91fe8c0f27d35a28d8c43e43bd], 
PUP.Optional.Infonaut.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\innfd_1_10_0_14, , [bc4ecaa4ef9bb87ec521edd1e71c3cc4], 
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, , [e02afe70b0da46f0bf1905c7e320e51b], 
PUP.Optional.ZombieNews.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZombieNews, , [9a70224c375371c577d447fd22e3916f], 
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\Crossbrowse, , [67a3aec0692158de8db7239d7093b64a], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\GAMESDESKTOP, , [9476244a6129280ecb53c012689b5da3], 
PUP.Optional.Infonaut.A, HKLM\SOFTWARE\Infonaut_1.10.0.14, , [3dcdc5a9e5a5cd69d910b6083bc804fc], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\shopperz, , [9278a8c6563479bd6d34bf0e71922cd4], 
PUP.Optional.Crossbrowse.C, HKLM\SOFTWARE\CLASSES\CRSBRWSHTML, , [39d1c4aa93f72313b16ab30d52b1b54b], 
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\Crossbrowse, , [1eec313d1e6c48ee1830dce45da601ff], 
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\crossbrowse.exe, , [7c8eea845634b87e3d090eb2d62db050], 
PUP.Optional.Crossbrowse.C, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\crossbrowse.exe, , [818990de820826109b812b958a7916ea], 
PUP.Optional.Crossbrowse.C, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Crossbrowse, , [19f1501e6a20a4924dd4338d7a8932ce], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gmsd_us_458_is1, , [ed1dfa74a2e8a6906328349e50b3bb45], 
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [68a286e8fa9089adb869e46d897c07f9], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\TUTORIALS, , [5dad72fc6525f0464fedc985c144ad53], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\shopperz, , [c941cda1107a34026d73615e5aa910f0], 
PUP.Optional.Shopperz.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\70F4EEDB-1367-4b4f-8247-3133551A7415, , [ef1bf97588029a9c0018a12e1de645bb], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}, , [ef1bf97588029a9c0018a12e1de645bb], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D1661A59-E9D3-4603-8822-2FBEADA5E097}, , [ef1bf97588029a9c0018a12e1de645bb], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E309D526-009C-490B-9BB1-CF9D525F6854}, , [ef1bf97588029a9c0018a12e1de645bb], 
PUP.Optional.Shopperz.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\shopperz Updater, , [df2b77f7fa905fd7f3ad527be41fc937], 
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CSRCC, , [c6447bf30a80181e9287a9263bc80ff1], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, , [c6447bf30a80181e9287a9263bc80ff1], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, , [c6447bf30a80181e9287a9263bc80ff1], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, , [c6447bf30a80181e9287a9263bc80ff1], 
PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, , [ee1c214d8ffb1620d452e9dbec1708f8], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, , [1beff579fc8eb38390967c487093c838], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, , [7b8f73fbc7c3fc3ad056873d8a79649c], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [ec1e92dc41490f271cf566df19ec0ff1], 
PUP.Optional.Shopperz.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, , [b456442ac1c9c373f82e81434eb5a858], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TUTORIALS\updatetutorialeshp, , [7f8bcca20189bb7b8ab7c80172914eb2], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TUTORIALS\updatetutorialshp, , [dd2d402e5931d16549f909c03cc7d32d], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3254657708-2287284384-4047303455-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TUTORIALS\updv, , [f01a2846b9d1b284ac971cadfb0856aa], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\csrcc, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5081D2D4-1637-404c-B74F-50526718257D}_is1, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Infonaut.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Infonaut_1.10.0.14, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\insvc_1.10.0.14, , [f3176e00acdeff37ee92e9d3a1620000], 
 
Registry Values: 10
PUP.Optional.SmartWeb.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SmartWeb, C:\Users\Alex\AppData\Local\SmartWeb\SmartWebHelper.exe, , [f5156d019feb6ec839f469976c96ff01]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5081D2D4-1637-404C-B74F-50526718257D}, C:\Program Files\shopperz\Firefox, , [0cfef876b5d5b581fee670c812f107f9]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{5081D2D4-1637-404C-B74F-50526718257D}, C:\Program Files\shopperz\Firefox, , [0cfef876b5d5b581fee670c812f107f9]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{5081D2D4-1637-404c-B74F-50526718257D}, , [66a46e005b2ff145f6ee053316ed2ed2], 
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{5081D2D4-1637-404c-B74F-50526718257D}, , [ad5d99d598f21a1cb72d74c40300f808], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_458, "C:\Program Files\gmsd_us_458\gmsd_us_458.exe", , [6aa0cba3ef9bec4ae8a6a52de32002fe]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz, C:\Program Files\shopperz\wrex.exe, , [8486006e2d5d7abc009a5976dd26d927]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\TUTORIALS|HostGUID, 1B88C161-6AF2-4D62-B8E7-F549B857025D, , [5dad72fc6525f0464fedc985c144ad53]
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CSRCC|ImagePath, "C:\Program Files\shopperz\csrcc.exe", , [c6447bf30a80181e9287a9263bc80ff1]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upgmsd_us_458.exe, C:\Users\Alex\AppData\Local\gmsd_us_458\upgmsd_us_458.exe -runonce, , [de2ce18df19967cfe695664b2ed5eb15]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 102
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb, , [d03ab3bb107aa69040ba318fbb4825db], 
PUP.Optional.ZombieNews.A, C:\ProgramData\ZombieNews, , [9a70224c375371c577d447fd22e3916f], 
PUP.Optional.GamesDesktop.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP, , [749668062961cb6b5129258ccc3724dc], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\Download, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\gmsd_us_458, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\gmsd_us_458\1.20, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Program Files\gmsd_us_458, , [a26875f917733204ceae417019ea46ba], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, , [51b9a5c9aedcfe389ff6862ec1428d73], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep, , [51b9a5c9aedcfe389ff6862ec1428d73], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\libraries, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\resources, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\locale, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\locale\en-US, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\skin, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\defaults, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\defaults\preferences, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\libraries, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\resources, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat, , [d6344a2496f42c0af14c03b6dc27b050], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Extensions, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Installer, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\PepperFlash, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\VisualElements, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Users\Administrator\AppData\Local\Crossbrowse, , [bb4f303ee7a3033368c4a81449bac33d], 
PUP.Optional.Crossbrowse.C, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse, , [bb4f303ee7a3033368c4a81449bac33d], 
PUP.Optional.Crossbrowse.C, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse\User Data, , [bb4f303ee7a3033368c4a81449bac33d], 
PUP.Optional.Crossbrowse.C, C:\Users\Administrator\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, , [bb4f303ee7a3033368c4a81449bac33d], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Avatars, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Caps, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Cache, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\SwReporter, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Temp, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse, , [57b3c5a93a50dd5958d5fac226dda060], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\3rd Party Licenses, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\Service, , [f3176e00acdeff37ee92e9d3a1620000], 
 
Files: 352
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\SmartWebHelper.exe, , [f5156d019feb6ec839f469976c96ff01], 
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\SmartWebApp.exe, , [af5bd29c8109df57230a22de6c960bf5], 
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\swhk.dll, , [67a3442a5f2b96a02c018b75b34f2fd1], 
PUP.Optional.Conduit.A, C:\Program Files\ORBTR\orbiter.dll, , [74964628870355e1af3f9f328c755ba5], 
PUP.Optional.OptimizerPro, C:\Users\Alex\AppData\Local\Temp\is-TCQ07.tmp\optimizerpro_soft_partner.exe, , [52b8b7b76129ed4991a078c87c861be5], 
PUP.Optional.ZombieNews.A, C:\ProgramData\iwGkwRGg\QuGLRIBbjL.exe, , [23e7006e2c5eed491d5e4e7a1de4b24e], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\mseff32.dll, , [0cfef876b5d5b581fee670c812f107f9], 
PUP.Optional.SearchProtect.A, C:\Users\Alex\AppData\Local\Temp\nsp8BF8.exe, , [43c729453654bb7b45e82a8704fd8b75], 
PUP.Optional.OfferInstaller.C, C:\Users\Alex\AppData\Local\Temp\mVO6246.exe, , [f614422c77133cfaf5af7dbc35cd7d83], 
PUP.Optional.SearchProtect.A, C:\Users\Alex\AppData\Local\Temp\nskC658.tmp\SPtool.dll, , [0802d09e325874c25be2ccf08a771ee2], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_35.exe, , [9f6bf777533759ddd774ea63f60b966a], 
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\__u.exe, , [1deddd91fe8c0f27d35a28d8c43e43bd], 
PUP.Optional.Infonaut.A, C:\Windows\System32\drivers\innfd_1_10_0_14.sys, , [bc4ecaa4ef9bb87ec521edd1e71c3cc4], 
PUP.Optional.Crossbrowse.C, C:\Users\Public\Desktop\Crossbrowse.lnk, , [26e4125c612978be15fe685828db5fa1], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk, , [6c9eafbf8505280eb36319a7cd36df21], 
PUP.Optional.Crossbrowse.C, C:\Windows\System32\Tasks\Crossbrowse, , [5eac2e40791111252aed8a367e850cf4], 
PUP.Optional.Crossbrowse.C, C:\Windows\Tasks\Crossbrowse.job, , [42c84a24e1a99c9ada3eead6719249b7], 
PUP.Optional.Crossbrowse.A, C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk, , [d931432bb2d8e6504ffbe4dc04ff4fb1], 
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Local\SmartWeb\uninst.lnk, , [d03ab3bb107aa69040ba318fbb4825db], 
PUP.Optional.Shopperz.A, C:\Windows\System32\Tasks\gtaUpt, , [a3671a540f7b191dd76fe3e2986bd12f], 
Rootkit.Agent.A, C:\Windows\System32\drivers\cherimoya.sys, , [e02afe70b0da46f0bf1905c7e320e51b], 
PUP.Optional.SmartWeb.A, C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk, , [7e8cde90f4969e9821fc399bc83bf40c], 
PUP.Optional.SmartWeb.A, C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task, , [38d25b1348428babe53bf1e3db28a55b], 
PUP.Optional.ZombieNews.A, C:\ProgramData\ZombieNews\app.dat, , [9a70224c375371c577d447fd22e3916f], 
PUP.Optional.ZombieNews.A, C:\ProgramData\ZombieNews\data.dat, , [9a70224c375371c577d447fd22e3916f], 
PUP.Optional.ZombieNews.A, C:\ProgramData\ZombieNews\Uninstall.exe, , [9a70224c375371c577d447fd22e3916f], 
PUP.Optional.ZombieNews.A, C:\ProgramData\ZombieNews\ZombieNews.ico, , [9a70224c375371c577d447fd22e3916f], 
PUP.Optional.Vitruvian.A, C:\Users\Alex\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, , [b9510f5f93f7f640887cc2897b8ad22e], 
PUP.Optional.Vitruvian.A, C:\Users\Alex\AppData\Local\Temp\vitruvian-installer-install-v0003, , [39d1511de4a642f46b99321926dfda26], 
PUP.Optional.Vitruvian.A, C:\Users\Alex\AppData\Local\Temp\vitruvian-installer-processes-v0002, , [2fdb72fcbdcdff378381ed5e12f3b44c], 
PUP.Optional.Vitruvian.A, C:\Users\Alex\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, , [090190deaedc42f42bd996b541c48b75], 
PUP.Optional.Vitruvian.A, C:\Users\Alex\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, , [779371fdd4b674c26a9a87c43ec7fc04], 
PUP.Optional.GamesDesktop.A, C:\Program Files\gmsd_us_458\gmsd_us_458.exe, , [6aa0cba3ef9bec4ae8a6a52de32002fe], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\wrex.exe, , [8486006e2d5d7abc009a5976dd26d927], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\grunt.exe, , [ef1bf97588029a9c0018a12e1de645bb], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\nseven.exe, , [df2b77f7fa905fd7f3ad527be41fc937], 
Rootkit.Agent.A, C:\Program Files\shopperz\csrcc.exe, , [c6447bf30a80181e9287a9263bc80ff1], 
PUP.Optional.GamesDesktop.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP\GamesDesktop.lnk, , [749668062961cb6b5129258ccc3724dc], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\upgmsd_us_458.cyl, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\upgmsd_us_458.exe, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\user_profil.cyp, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\Download\majmp_gentleeeuu.exe, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Users\Alex\AppData\Local\gmsd_us_458\gmsd_us_458\1.20\cnf.cyl, , [de2ce18df19967cfe695664b2ed5eb15], 
PUP.Optional.GamesDesktop.A, C:\Program Files\gmsd_us_458\gamesdesktop_widget.exe, , [a26875f917733204ceae417019ea46ba], 
PUP.Optional.GamesDesktop.A, C:\Program Files\gmsd_us_458\predm.exe, , [a26875f917733204ceae417019ea46ba], 
PUP.Optional.GamesDesktop.A, C:\Program Files\gmsd_us_458\unins000.dat, , [a26875f917733204ceae417019ea46ba], 
PUP.Optional.GamesDesktop.A, C:\Program Files\gmsd_us_458\unins000.exe, , [a26875f917733204ceae417019ea46ba], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat, , [51b9a5c9aedcfe389ff6862ec1428d73], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\csrcc.exe, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\garrus.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\gcpum.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\kasumi32.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\kasumi64.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios64.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\liara.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\liara64.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\nfregdrv32.exe, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\tree.js, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\tsoni.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\tsoni64.dll, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\unins000.dat, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\unins000.exe, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\wrex64.exe, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\zaeed.bat, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome.manifest, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\icon.png, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\install.rdf, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\{5081D2D4-1637-404c-B74F-50526718257D}.xpi, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\main.js, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\main.xul, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\libraries\DataExchangeScript.js, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\content\resources\LocalScript.js, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\locale\en-US\overlay.dtd, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\chrome\skin\overlay.css, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\Firefox\defaults\preferences\defaults.js, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\libraries\DataExchangeScript.js, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.Shopperz.A, C:\Program Files\shopperz\resources\LocalScript.js, , [719984ea2169c0768d97edc89c670df3], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\RfndNSIS.dll, , [d6344a2496f42c0af14c03b6dc27b050], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\chrome.dat, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\master_preferences, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\VisualElementsManifest.xml, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\icudtl.dat, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\39.2.2171.95.manifest, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\39.4.2171.95.manifest, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\chrome.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\chrome_100_percent.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\chrome_200_percent.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\chrome_child.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\chrome_elf.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\d3dcompiler_46.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\delegate_execute.exe, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\ffmpegsumo.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\libegl.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\libexif.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\libglesv2.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\metro_driver.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\nacl64.exe, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\nacl_irt_x86_32.nexe, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\nacl_irt_x86_64.nexe, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\pdf.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\resources.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\secondarytile.png, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Extensions\external_extensions.json, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Installer\chrmstp.exe, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Installer\chrome.7z, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Installer\setup.exe, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\hi.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\am.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ar.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\bg.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\bn.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ca.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\cs.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\da.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\de.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\el.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\en-GB.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\en-US.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\es-419.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\es.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\et.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\fa.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\fi.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\fil.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\fr.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\gu.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\he.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\hr.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\hu.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\id.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\it.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ja.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\kn.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ko.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\lt.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\lv.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ml.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\mr.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ms.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\nb.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\nl.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\pl.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\pt-BR.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\pt-PT.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ro.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ru.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\sk.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\sl.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\sr.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\sv.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\sw.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\ta.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\te.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\th.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\tr.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\uk.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\vi.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\zh-CN.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Locales\zh-TW.pak, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\PepperFlash\manifest.json, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\PepperFlash\pepflashplayer.dll, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\VisualElements\logo.png, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\VisualElements\smalllogo.png, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\VisualElements\splash-620x300.png, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\google_plus.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\mail_live_msn.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\9gag.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\agoda.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\amazon.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\bbc.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\bestbuy.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\bing.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\booking.com.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\cnn.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\ebay.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\espn.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\etsy.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\expedia.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\facebook.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\forbes.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\gizmodo.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\gmail.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\google_news.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\google_translate.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\groupom.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\hotels.com.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\huffingtonpost.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\icon.json, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\ikea.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\imdb.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\kayak.com.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\linkedin.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\mail.ru.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\msn.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\nba.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\netflix.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\nfl.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\nytimes.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\pinterest.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\priceline.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\reddit.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\search.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\skype.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\target.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\ted.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\theguardian.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\tripadvisor.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\tumblr.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\twitter.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\walmart.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\weather_channel.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\wikipedia.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\yahoo.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\yahoo_finance.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\yahoo_mail.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\yahoo_search.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\yandex.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\yelp.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Program Files\Crossbrowse\Crossbrowse\Application\Icons\youtube.ico, , [44c69bd3b4d6df577cae407c4db6d32d], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\chrome.dat, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\First Run, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Local State, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cookies, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Session, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Current Tabs, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Favicons, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\History, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Session, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Last Tabs, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Preferences, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Shortcuts, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Top Sites, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Visited Links, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Last Tabs, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Bookmarks, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Bookmarks.bak, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Cookies, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Cookies-journal, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Current Session, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Current Tabs, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Favicons, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Google Profile.ico, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\History, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\History Provider Cache, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Last Session, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Login Data, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Login Data-journal, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Network Action Predictor, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Network Action Predictor-journal, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Origin Bound Certs, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Origin Bound Certs-journal, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Preferences, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Secure Preferences, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Shortcuts, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Top Sites, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Top Sites-journal, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Visited Links, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Web Data, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Web Data-journal, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Cache\data_0, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Cache\data_1, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Cache\data_2, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Cache\data_3, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Cache\index, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\manifest.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\background.html, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\change_sink.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\contentscript.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\document_iterator.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\dropdown_menu_icon_set.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\find_proxy.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\flags.gif, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\get_html_text.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\global_constants.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\name_injection_builder.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\numbers_common_active_icon_set.gif, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\numbers_common_inactive_icon_set.gif, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\numbers_free_icon_set.gif, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\number_injection_builder.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\skype.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\skype_name_icon_set.gif, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\space.gif, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\string_finder.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\craw_background.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\craw_window.js, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\manifest.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css\craw_window.css, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html\craw_window.html, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\flapper.gif, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\icon_128.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\icon_16.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_close.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_hover.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_maximize.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_pressed.png, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW\messages.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\Users\Alex\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata\verified_contents.json, , [73970d61c1c9ac8ac8645e5e669d827e], 
PUP.Optional.Crossbrowse.C, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse\Crossbrowse.lnk, , [57b3c5a93a50dd5958d5fac226dda060], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\terms-of-service.rtf, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\Uninstall.exe, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\3rd Party Licenses\buildcrx-license.txt, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\3rd Party Licenses\Info-ZIP-license.txt, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\3rd Party Licenses\JSON-simple-license.txt, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\3rd Party Licenses\nsJSON-license.txt, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\3rd Party Licenses\Nustache-license.txt, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\3rd Party Licenses\TaskScheduler-license.txt, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\3rd Party Licenses\UAC-license.txt, , [f3176e00acdeff37ee92e9d3a1620000], 
PUP.Optional.Infonaut.A, C:\Program Files\Infonaut_1.10.0.14\Service\insvc.exe, , [f3176e00acdeff37ee92e9d3a1620000], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Edit: Had to uninstall a bunch of thing and re-start in order to post this, as there was an ad covering the 'Post' button that wouldn't go away otherwise. 


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:06 PM

Posted 20 April 2015 - 01:50 PM

Sorry kitty, took my dad to the hospital.. If you still need help ... repost here and the MRT team will pick this up.

Include his link back to here.

http://www.bleepingcomputer.com/forums/t/571685/tons-of-programs-re-installing-every-day/#entry3684098

follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:06 PM

Posted 22 April 2015 - 09:24 AM

Kitty has posted in Malware Removal Logs here http://www.bleepingcomputer.com/forums/t/574047/various-programsadware-re-installing-periodically/page-1#entry3687404

Now that you have posted in MRL

Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient while waiting for assistance and NOT to make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member. Any modifications you make on your own can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

The Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the Malware Removal Team Team Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

This topic is closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users