Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Updatecheck.exe...Can't get rid of it..computer really slow


  • Please log in to reply
9 replies to this topic

#1 RoyalsFan

RoyalsFan

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 07 June 2015 - 04:15 PM

Help, please. I have something called updatecheck.exe as well a few other I cant get rid of. My computer is always running at 85% cpu. It took me forever to log on. It's causing my at&t router to mess up..so I have to leave this pc offline. I willl put it back online to run programs and to respond to whoever will help me. Thanks



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 07 June 2015 - 05:10 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 RoyalsFan

RoyalsFan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 09 June 2015 - 11:13 PM

Sorry..I will get to this in the morning..Thank u sooo much =)



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 10 June 2015 - 08:40 AM

:thumbup2:



#5 RoyalsFan

RoyalsFan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 10 June 2015 - 07:30 PM

Here are the scans...took forever. Thanks a lot...computer is running sooo much better.

 

Zemana AntiMalware 2.15.2.721 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/10
Operating System       : Windows 7 64-bit
Processor              : 2X AMD Athlon™ II X2 240 Processor
BIOS Mode              : Legacy
CUID                   : 000349746802484506427E
Scan Type              : Deep Scan
Duration               : 58m 11s
Scanned Objects        : 508028
Detected Objects       : 69
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Junke Jeccad
Status             : Scanned
Object             : HKCU\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EF9D9A325CF6DE15D4E8F9352F0C01A04C3D53B9\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKCU\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EF9D9A325CF6DE15D4E8F9352F0C01A04C3D53B9\Blob = 5C0000000100000004000000000800000F0000000100000014000000592C1C79A2C59719A8131ADF9C31399E1E908FC91400000001000000140000002549EEBD7FE4055EB9941DE1A02A5EF549AE27E5030000000100000014000000EF9D9A325CF6DE15D4E8F9352F0C01A04C3D53B919000000010000001000000090F6FC27F9C302C10F0746835E2AD81A04000000010000001000000007FD10DF5D9FAE5838DC2CCE697EEF662000000001000000310400003082042D30820315A003020102020900E0535A7F96DAA7C3300D06092A864886F70D0101050500306C311530130603550403130C4A756E6B65204A6563636164311E301C060355040A13154B6970777520416D796F67616D6572757620456675310B3009060355040613024742310F300D060355040813064D61706B6F6F311530130603550407130C4C6962696D65636D616B6375301E170D3135303630343132313435355A170D3235303630313132313435355A306C311530130603550403130C4A756E6B65204A6563636164311E301C060355040A13154B6970777520416D796F67616D6572757620456675310B3009060355040613024742310F300D060355040813064D61706B6F6F311530130603550407130C4C6962696D65636D616B637530820122300D06092A864886F70D01010105000382010F003082010A028201010096F515862E47449AA808C7036FA26CF1A5240CBF8CC2EE70DF926C090D7B48269DE9B0E312A1BC06F8A3C6B5C4BC5838880C84DA6CCBCC7A3CB5DE5C838E8955131EEB5E54951BDE5753CABC393053EC36FEBCADD15EDABFB362BA9A5094BAB66B4E9D2470F4409F69C0007EFC2718085B7302649E52176417F31373F60E04E4560E0F347C3451FD5F7DC4A72AD1A13E75AA9F6250F0378F380D5AB96B05FBBE59D1957956A486E798DC68759CDCA8F7298F2708CFE37A6F92EE9B5D8D148B14518D9CF40F7E0106C2F444D798E2D65D2E2E32C2E957DCFD8C8FE39BD87CEA3A81900D3269D6FAA44E6183394323592C21628C3FE9054FEB98EE2F83CE2ABD010203010001A381D13081CE301璉ؚ຃Ƥ�ƨؚðJunke Jeccad
Status             : Scanned
Object             : HKCU\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AF9F14C75C2B5C5524A018DC5DBE7BD8EF6ACA12\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKCU\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AF9F14C75C2B5C5524A018DC5DBE7BD8EF6ACA12\Blob = 0F000000010000001400000077F153E16094B68332269871285B7B6301A697331400000001000000140000003D8C279FA862506F96717A86C79CFA0549F5E23C030000000100000014000000AF9F14C75C2B5C5524A018DC5DBE7BD8EF6ACA121900000001000000100000007FA06CAC1E14A7263D517511E8C5BC5520000000010000002D0400003082042930820311A003020102020101300D06092A864886F70D0101050500306C311530130603550403130C4A756E6B65204A6563636164311E301C060355040A13154B6970777520416D796F67616D6572757620456675310B3009060355040613024742310F300D060355040813064D61706B6F6F311530130603550407130C4C6962696D65636D616B6375301E170D3135303630343132313530305A170D3138303630333132313530305A3070310B3009060355040613024742310F300D060355040813064D61706B6F6F311530130603550407130C4C6962696D65636D616B6375311E301C060355040A13154B6970777520416D796F67616D657275762045667531193017060355040313105775646661786A75772049646167666530820122300D06092A864886F70D01010105000382010F003082010A0282010100CF73978909278F4AFE89370406A23BABB92438AD87D99ADBCAFE9BAA027AD871C733739DAD631CDDE0A44E7833F2F76A563107A6AE3AF45ECA2CED1915B5087E0C68D8C9E59B825CC7116F3CE86C2E058D8B64D610AB4D7E2C3709D368EECF9E4DAF6E1A3D6CAAA520A98C6AF1C2D2612BEB83BB10EFDE35E19FBA7F6FED422FA24EF761ACCD26E24F5457822ECCA9343E221662D313E946F4DC68FCE2D9038C5937C96A6C571E8DCF0385800F69819370F79A48B5B460E0AB34ADB0C18A1E074444DDC859356B4E56E11D8634BD33B8D714331774640C59A7F96F5C27773F1E7310BED58F485F49E389B8913CCAAA9F2DF89E1ED0ED6666325154DBA38EE02B0203010001A381D13081CE301D0603551D0E041604143D8C279FA862506F96717A86C79CFA0549F5E23C30819E0603551D2304819630819380142549E璉ؚ຃Ƥ�ƨؚðJunke Jeccad
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EF9D9A325CF6DE15D4E8F9352F0C01A04C3D53B9\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EF9D9A325CF6DE15D4E8F9352F0C01A04C3D53B9\Blob = 04000000010000001000000007FD10DF5D9FAE5838DC2CCE697EEF661400000001000000140000002549EEBD7FE4055EB9941DE1A02A5EF549AE27E5030000000100000014000000EF9D9A325CF6DE15D4E8F9352F0C01A04C3D53B90F0000000100000014000000592C1C79A2C59719A8131ADF9C31399E1E908FC919000000010000001000000090F6FC27F9C302C10F0746835E2AD81A2000000001000000310400003082042D30820315A003020102020900E0535A7F96DAA7C3300D06092A864886F70D0101050500306C311530130603550403130C4A756E6B65204A6563636164311E301C060355040A13154B6970777520416D796F67616D6572757620456675310B3009060355040613024742310F300D060355040813064D61706B6F6F311530130603550407130C4C6962696D65636D616B6375301E170D3135303630343132313435355A170D3235303630313132313435355A306C311530130603550403130C4A756E6B65204A6563636164311E301C060355040A13154B6970777520416D796F67616D6572757620456675310B3009060355040613024742310F300D060355040813064D61706B6F6F311530130603550407130C4C6962696D65636D616B637530820122300D06092A864886F70D01010105000382010F003082010A028201010096F515862E47449AA808C7036FA26CF1A5240CBF8CC2EE70DF926C090D7B48269DE9B0E312A1BC06F8A3C6B5C4BC5838880C84DA6CCBCC7A3CB5DE5C838E8955131EEB5E54951BDE5753CABC393053EC36FEBCADD15EDABFB362BA9A5094BAB66B4E9D2470F4409F69C0007EFC2718085B7302649E52176417F31373F60E04E4560E0F347C3451FD5F7DC4A72AD1A13E75AA9F6250F0378F380D5AB96B05FBBE59D1957956A486E798DC68759CDCA8F7298F2708CFE37A6F92EE9B5D8D148B14518D9CF40F7E0106C2F444D798E2D65D2E2E32C2E957DCFD8C8FE39BD87CEA3A81900D3269D6FAA44E6183394323592C21628C3FE9054FEB98EE2F83CE2ABD010203010001A381D13081CE301D0603551D0E041604142549EEBD7FE40璉ؚ຃Ƥ�ƨؚðAdSupport
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C617E35B0390554B0B4997EAB9377CF074F05DA7\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C617E35B0390554B0B4997EAB9377CF074F05DA7\Blob = 1900000001000000100000000CDC1879C4FA2D8DD00D3E63B6A94E8E0F0000000100000014000000B96F2BB0DE370498D25A6D5547560B3A57DF3F1F030000000100000014000000C617E35B0390554B0B4997EAB9377CF074F05DA7140000000100000014000000C6CFF6AB142D4BFBD14C11663312E012EC31D1E22000000001000000600200003082025C308201C5A003020102020900E592A6D69AFA75AE300D06092A864886F70D01010505003047310B3009060355040613024742310F300D06035504080C064C6F6E646F6E31133011060355040A0C0A416420537570706F72743112301006035504030C094164537570706F7274301E170D3134313031363039323134315A170D3137313031353039323134315A3047310B3009060355040613024742310F300D06035504080C064C6F6E646F6E31133011060355040A0C0A416420537570706F72743112301006035504030C094164537570706F727430819F300D06092A864886F70D010101050003818D0030818902818100B71FA496C8C31CE9C444BBD507B5D4E3060C1315745518C362F119A00CC5A70EB308E0F4BAAA990F6FA92A8B438543BEBAEE25355C1ECEF152232D553202B8EC2B816CA26CAE8C69285B7FD42DE19C4A2707F30F34C89C93761F24250FEFCC1F524E69E34842CE516BFFA4F7CBB23603C4D1F05EAEFA740D1DFF5CC0751A6C690203010001A350304E301D0603551D0E04160414C6CFF6AB142D4BFBD14C11663312E012EC31D1E2301F0603551D23041830168014C6CFF6AB142D4BFBD14C11663312E012EC31D1E2300C0603551D13040530030101FF300D06092A864886F70D010105050003818100975823ED1D056074DFC7E837EB16836FE5C9313DEBF6EE2B852D1CEF38564664672AF69E8EDFAC45F997F16722663549A348EED6FDEF20178E4F03A4533C6EFE1E6ADDA71554D79B132FC8D04D2C3514D8EC21AB385CC364AB01814959950912E61EF75BAFF22A326C4D9D9B0170F7A39FBEC7B638DD51CE2DE2BAC694F894BB

Internet Explorer Search
Status             : Scanned
Object             : Cassiopesa - http://cassiopesa.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Search

Internet Explorer Search
Status             : Scanned
Object             : Cassiopesa - http://cassiopesa.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Search

Firefox Search
Status             : Scanned
Object             : Cassiopesa - http://cassiopesa.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Firefox Search

nibgwuy.exe
Status             : Scanned
Object             : %allusersprofile%\peiuce\nibgwuy.exe
MD5                : 76FF82E12E178AE97D05A8A5C6DE6AE4
Publisher          : Emo Cokoj
Size               : 208856
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\peiuce\nibgwuy.exe
                Process - 1612 - C:\ProgramData\PeiUce\nibgwuy.EXE
                Registry Entry - HKLM\System\CurrentControlSet\Services\dhjowko\ImagePath = "C:\ProgramData\PeiUce\nibgwuy.exe" -cms

MeapPiuhti.exe
Status             : Scanned
Object             : %allusersprofile%\peiuce\meappiuhti.exe
MD5                : 1C89900262ADF0A79AB3006E1381ACCC
Publisher          : Emo Cokoj
Size               : 255448
Version            : -
Detection          : Malware:Win32/Quarand!Ttkt
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\peiuce\meappiuhti.exe
                Process - 1636 - C:\ProgramData\PeiUce\MeapPiuhti.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\DijuAcirl\ImagePath = "C:\ProgramData\PeiUce\MeapPiuhti.exe" -cmd

FlashBeat.exe
Status             : Scanned
Object             : %allusersprofile%\flashbeat\flashbeat.exe
MD5                : FF7D936803CFA255005D7B244251FE4E
Publisher          : -
Size               : 812032
Version            : 0.11.47.0
Detection          : Malware:Win64/Cognito.A!Lklr
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\flashbeat\flashbeat.exe
                Process - 2084 - C:\ProgramData\FlashBeat\FlashBeat.exe
                Process - 2156 - C:\ProgramData\FlashBeat\FlashBeat.exe
                Scheduled Task - GPZMERTTIY1.job

UpdateCheck.exe
Status             : Scanned
Object             : %programfiles%\coupoon\updatecheck.exe
MD5                : A9A44226715526BAC2B78852F1E5EEE2
Publisher          : Coupoon
Size               : 53040
Version            : -
Detection          : Malware:Win32/Quarand!Clca
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\coupoon\updatecheck.exe
                Process - 2384 - C:\Program Files (x86)\Coupoon\UpdateCheck.exe
                Registry Entry - HKLM\System\CurrentControlSet\Services\UpdateCheck\ImagePath = C:\Program Files (x86)\Coupoon\UpdateCheck.exe run

PuriceLeasos
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\4a4oucj7.default\extensions\yk@si.net\content\bg.js
MD5                : 1B00E0211C832AD383E82C55DDE5AD20
Publisher          : -
Size               : 17749
Version            : -
Detection          : Adware:Generic/Hellium.A!Aimt
Cleaning Action    : Repair
Traces             :
                File - %appdata%\mozilla\firefox\profiles\4a4oucj7.default\extensions\yk@si.net\content\bg.js
                Browser Extension - PuriceLeasos

Unydfe119.sys
Status             : Scanned
Object             : %systemroot%\system32\drivers\unydfe119.sys
MD5                : 001124CF8B1CBFD3308E5AF03541289F
Publisher          : Jambo Digital ltd
Size               : 24696
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\system32\drivers\unydfe119.sys
                Registry Entry - HKLM\System\CurrentControlSet\Services\Unydfe119\ImagePath = \??\C:\Windows\system32\Drivers\Unydfe119.sys

roboot64.exe
Status             : Scanned
Object             : %systemroot%.old\windows\system32\roboot64.exe
MD5                : D8B85CC423236928CE06C0BFAA1A55B8
Publisher          : Systweak Inc.
Size               : 20280
Version            : 3.0.0.5326
Detection          : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\windows\system32\roboot64.exe

EliteUnzip.exe
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\eliteunzip.exe
MD5                : 5BBDC8EFD3C2B3FEC24317B3DB200942
Publisher          : Mindspark Interactive Network
Size               : 1056608
Version            : 1.1.7640.260
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\eliteunzip.exe
                Reference - C:\Windows.old\Users\debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elite Unzip\Elite Unzip.lnk

rcp_300711562528749945.exe
Status             : Scanned
Object             : %systemroot%.old\users\debbie\downloads\rcp_300711562528749945.exe
MD5                : 45719F37D43C274C6528F2AC1C0A137F
Publisher          : The Phone Support Pvt. Ltd.
Size               : 4330352
Version            : 6.21.0.0
Detection          : Scareware:Win32/FakeAV.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\users\debbie\downloads\rcp_300711562528749945.exe

DarowsMinecraftinstallerv3.exe
Status             : Scanned
Object             : %systemroot%.old\users\debbie\documents\ea games\the sims™ 2 ultimate collection\downloads\5.15.13\darowsminecraftbeta1.3_01-fixed\darowsminecraftinstallerv3.exe
MD5                : 8A26A44D0873A0B7E35944AAACEECE04
Publisher          : -
Size               : 77824
Version            : 1.1.0.2
Detection          : Malware:Win32/Saruth.A!Llir
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\users\debbie\documents\ea games\the sims™ 2 ultimate collection\downloads\5.15.13\darowsminecraftbeta1.3_01-fixed\darowsminecraftinstallerv3.exe

LogicNP.FolderView.WPF.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\logicnp.folderview.wpf.dll
MD5                : 033C36EBC80B0E6567B4B81E4582DA5B
Publisher          : Mindspark Interactive Network
Size               : 358240
Version            : 13.0.0.0
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\logicnp.folderview.wpf.dll

LogicNP.FileView.WPF.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\logicnp.fileview.wpf.dll
MD5                : C1817F00D0E9D90073A7162E512A26D5
Publisher          : Mindspark Interactive Network
Size               : 484704
Version            : 13.0.0.0
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\logicnp.fileview.wpf.dll

IAC.Helpers.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\iac.helpers.dll
MD5                : FE11043C7D2CFBFCFA6B2A1F697784E8
Publisher          : Mindspark Interactive Network
Size               : 78688
Version            : 1.0.7640.260
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\iac.helpers.dll

uninstall.exe
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\uninstall.exe
MD5                : 6F21A65B40FBA1BEAE08A597CF23935C
Publisher          : Mindspark Interactive Network
Size               : 1352032
Version            : 9.2.0.0
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\uninstall.exe

UnifiedLogging.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\unifiedlogging.dll
MD5                : 99F9F0717836B20CA5A79373E8302489
Publisher          : Mindspark Interactive Network
Size               : 67424
Version            : 1.1.7640.260
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\unifiedlogging.dll

SevenZipSharp.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\sevenzipsharp.dll
MD5                : 7E6F84DF0ED1F27FA76F0351AD6576B4
Publisher          : Mindspark Interactive Network
Size               : 162144
Version            : 0.64.5290.16086
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\sevenzipsharp.dll

Resources.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\resources.dll
MD5                : D1F10BC96BB8A5FD0CF825D10612D52B
Publisher          : Mindspark Interactive Network
Size               : 22368
Version            : 1.0.0.0
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\resources.dll

RebootRequired.exe
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\rebootrequired.exe
MD5                : B7FAF22D20228A13C7833987B8F982C1
Publisher          : Mindspark Interactive Network
Size               : 104288
Version            : 1.0.0.1
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\rebootrequired.exe

LogicNP.ShComboBox.WPF.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\logicnp.shcombobox.wpf.dll
MD5                : 6FEB5AAAFBEBDD5E6945EFED7EFC29C6
Publisher          : Mindspark Interactive Network
Size               : 149856
Version            : 13.0.0.0
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\logicnp.shcombobox.wpf.dll

7z.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\7z.dll
MD5                : D58926BC8DC9867F8CCB339012FD8E9E
Publisher          : Mindspark Interactive Network
Size               : 1135968
Version            : -
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\7z.dll

DesktopSdk.dll
Status             : Scanned
Object             : %systemroot%.old\program files (x86)\eliteunzip\desktopsdk.dll
MD5                : EBE9840F13EB7BEACA54C3463A6FA3D6
Publisher          : Mindspark Interactive Network
Size               : 196448
Version            : 1.0.7640.260
Detection          : Adware:Win32/Mindspark!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\program files (x86)\eliteunzip\desktopsdk.dll

rcp_300711561084179735.exe
Status             : Scanned
Object             : %systemroot%.old\users\debbie\downloads\rcp_300711561084179735.exe
MD5                : 45719F37D43C274C6528F2AC1C0A137F
Publisher          : The Phone Support Pvt. Ltd.
Size               : 4330352
Version            : 6.21.0.0
Detection          : Scareware:Win32/FakeAV.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%.old\users\debbie\downloads\rcp_300711561084179735.exe

netfilter64.sys
Status             : Scanned
Object             : %systemroot%\system32\drivers\netfilter64.sys
MD5                : 9E34BF0784E087F7366DBD2BDA01C8EB
Publisher          : ADPEAK, INC.
Size               : 46376
Version            : 1.4.3.1
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\system32\drivers\netfilter64.sys

setup_644.exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\setup_644.exe
MD5                : 40B747F6FD23DB287B81D911C7A9B058
Publisher          : Coupoon
Size               : 323648
Version            : 0.0.0.0
Detection          : Malware:Win32/Quarand!Clca
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\setup_644.exe

nsCBHTML5.dll
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\nsy7041.tmp\nscbhtml5.dll
MD5                : FE3F848E2A306D586AB8F5433738D8DB
Publisher          : -
Size               : 58368
Version            : -
Detection          : Malware:Win32/Blackoat.A!Keel
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\nsy7041.tmp\nscbhtml5.dll

HackTool2k15__11652_il69278.exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\rar$exa0.856\hacktool2k15__11652_il69278.exe
MD5                : 70416465C4B20558D9C884E1AADAA460
Publisher          : LLC "HALKON PLYUS"
Size               : 747024
Version            : 1.1.5.26
Detection          : Adware:Win32/Amonetize!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\rar$exa0.856\hacktool2k15__11652_il69278.exe

NSISHelper.dll
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\nsw3a33.tmp\nsishelper.dll
MD5                : DF6C65E1163FD3E5D0F199E2AAC8D86F
Publisher          : -
Size               : 539136
Version            : 0.11.47.0
Detection          : Adware:Win32/Bailoat.A!Krie
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\nsw3a33.tmp\nsishelper.dll

SPtool.dll
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\nsb9df5.tmp\sptool.dll
MD5                : 7201B0E1C83C029745E6A17F12945556
Publisher          : ClientConnect LTD
Size               : 3044624
Version            : 2.23.30.9
Detection          : Adware:Win32/ClientConnect!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\nsb9df5.tmp\sptool.dll

newversion.exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\newversion.exe
MD5                : 2CB40AAAB42DB97B6FDF162EF16417F5
Publisher          : -
Size               : 10208444
Version            : 0.0.0.0
Detection          : Adware:Win32/EoRezo!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\newversion.exe

adv_35.exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\f9626892-7a78-3199-abd2-97bbce96297b\extracted\adv_35.exe
MD5                : 9FB9D49C2DB7EDD1084AB765D619F5C6
Publisher          : Conduit Ltd.
Size               : 66368
Version            : 1.1.1.0
Detection          : Adware:Win32/Conduit!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\f9626892-7a78-3199-abd2-97bbce96297b\extracted\adv_35.exe

bitool.dll
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\bitool.dll
MD5                : C0157AD57D34D1D608ADEA523B228266
Publisher          : -
Size               : 59904
Version            : -
Detection          : Adware:Win32/Blackoat.A!Ttae
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\bitool.dll

8dad91c96db44ed19257ea70ef9fb55a180006.exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\8dad91c96db44ed19257ea70ef9fb55a180006.exe
MD5                : 9CDC7A08E26C0EC8B069E68ACFD9B46A
Publisher          : -
Size               : 2142300
Version            : -
Detection          : Malware:Win32/Imprezz.A!Tekr
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\8dad91c96db44ed19257ea70ef9fb55a180006.exe

1182.exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\temp\1182.exe
MD5                : 3EB2CE17BF3E241B56B961AE9BF5FD48
Publisher          : Digit Network (Extreme White Limited)
Size               : 133120
Version            : 1.36.1.22
Detection          : Adware:Win32/DigitExtreme!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\temp\1182.exe

VuuPC_VO2_8907[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\u3uoy2qn\vuupc_vo2_8907[1].exe
MD5                : 5E616126B4283FA12D083CB4D107FA28
Publisher          : -
Size               : 229816
Version            : -
Detection          : Adware:Win32/Generic!Ckek
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\u3uoy2qn\vuupc_vo2_8907[1].exe

Update_Notifier[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\u3uoy2qn\update_notifier[1].exe
MD5                : BC614A66AC15864E11F8BDBDAACA7F59
Publisher          : -
Size               : 437760
Version            : -
Detection          : Malware:Win32/Cardunia.A!Crca
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\u3uoy2qn\update_notifier[1].exe

setup26[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\u3uoy2qn\setup26[1].exe
MD5                : 40B747F6FD23DB287B81D911C7A9B058
Publisher          : Coupoon
Size               : 323648
Version            : 0.0.0.0
Detection          : Malware:Win32/Quarand!Clca
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\u3uoy2qn\setup26[1].exe

BiTool[1].dll
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\bitool[1].dll
MD5                : C0157AD57D34D1D608ADEA523B228266
Publisher          : -
Size               : 59904
Version            : -
Detection          : Adware:Win32/Blackoat.A!Ttae
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\bitool[1].dll

spstub[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\u3uoy2qn\spstub[1].exe
MD5                : 6848CFD6D1075C23B9C571FB85F9DE11
Publisher          : ClientConnect LTD
Size               : 177760
Version            : 2.5.1.2
Detection          : Adware:Win32/ClientConnect!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\u3uoy2qn\spstub[1].exe

Setup[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\3bwfe6ra\setup[1].exe
MD5                : 4AE5F690EBE6DAE5A9977BDE4421783A
Publisher          : ClientConnect LTD
Size               : 8634656
Version            : 2.23.30.9
Detection          : Adware:Win32/ClientConnect!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\3bwfe6ra\setup[1].exe

setup[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\setup[1].exe
MD5                : 3EB2CE17BF3E241B56B961AE9BF5FD48
Publisher          : Digit Network (Extreme White Limited)
Size               : 133120
Version            : 1.36.1.22
Detection          : Adware:Win32/DigitExtreme!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\setup[1].exe

setup[2].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\setup[2].exe
MD5                : EBF412ACF81E9DBD97E437B496291B6D
Publisher          : SITE ON SPOT Ltd.
Size               : 430272
Version            : 1.0.0.1
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\setup[2].exe

Setup[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\setup[1].exe
MD5                : 528234F33A8031297E0BFFEFFDC56F23
Publisher          : -
Size               : 2310191
Version            : 1.0.0.141
Detection          : Adware:Win32/Generic!Raar
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\setup[1].exe

SearchUpdater[2].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\searchupdater[2].exe
MD5                : 2B7E81CA001F50067FBEFB27A23BA9E6
Publisher          : -
Size               : 164242
Version            : -
Detection          : Malware:Win32/Nevoros.B!Kiee
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\searchupdater[2].exe

ninja-setup-3.0.6.exe
Status             : Scanned
Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
Publisher          : -
Size               : 2507200
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe

cmmdWriter[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\cmmdwriter[1].exe
MD5                : BC906DD90CEB4862014FBD9161908BA6
Publisher          : -
Size               : 41471
Version            : -
Detection          : Malware:Win32/Fooster.A!Rkra
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\cmmdwriter[1].exe

Iminent[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\iminent[1].exe
MD5                : B7A158AFE058DC873ABA35C2FA3A7147
Publisher          : Iminent Technology SRL
Size               : 678552
Version            : 8.8.3.3
Detection          : Win32/Adware.Iminent!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\iminent[1].exe

policyname[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\policyname[1].exe
MD5                : 2587BB1AC164044A1D82910CAD74CDC4
Publisher          : -
Size               : 81894
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\policyname[1].exe

ProPCCleaner.exe
Status             : Scanned
Object             : %appdata%\pro pc cleaner\pro pc cleaner 2.5.5\install\d90887d\propccleaner.exe
MD5                : 96D34646EA0FB92CBE81C7633995A3CF
Publisher          : Rainmaker Software Group LLC
Size               : 5750840
Version            : 2.5.5.0
Detection          : Adware:Win32/Quarand!Trct
Cleaning Action    : Quarantine
Traces             :
                File - %appdata%\pro pc cleaner\pro pc cleaner 2.5.5\install\d90887d\propccleaner.exe

ciwr[2].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\ciwr[2].exe
MD5                : FD32FBB72E6B4A29BB4A575935CAA3A8
Publisher          : -
Size               : 68563
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\ciwr[2].exe

rvwr[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\rvwr[1].exe
MD5                : F388AF34D48F9006B6702A23650F3899
Publisher          : -
Size               : 129873
Version            : -
Detection          : Heur.Malicious!Pb
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\rvwr[1].exe

SearchUpdater[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\searchupdater[1].exe
MD5                : BB63CF5D38447CED375B322EC7526939
Publisher          : -
Size               : 158218
Version            : -
Detection          : Heur.Malicious!Pb
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\34lx1hi0\searchupdater[1].exe

ciwr[1].exe
Status             : Scanned
Object             : %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\ciwr[1].exe
MD5                : 5D2B327E882A53B50CACDF61B189C3BC
Publisher          : -
Size               : 68550
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\dvpe\appdata\local\microsoft\windows\temporary internet files\content.ie5\0z13o72x\ciwr[1].exe

oo2.exe
Status             : Scanned
Object             : %homedrive%\users\abby jacob neena\appdata\local\temp\oo2.exe
MD5                : 8F629260F997770F000BCF2B486B2529
Publisher          : -
Size               : 779776
Version            : 2015.329.1239.2
Detection          : Adware:Win32/OutBrowse!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\abby jacob neena\appdata\local\temp\oo2.exe

setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\setup.exe
MD5                : E693ED8ACC0477046C80A46298517934
Publisher          : Pour Over Digital
Size               : 670200
Version            : 4.0.0.1
Detection          : Win32/Adware.PourOver!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\setup.exe

Unydfe.sys
Status             : Scanned
Object             : %allusersprofile%\peiuce\unydfe.sys
MD5                : 001124CF8B1CBFD3308E5AF03541289F
Publisher          : Jambo Digital ltd
Size               : 24696
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\peiuce\unydfe.sys

Unydfed.sys
Status             : Scanned
Object             : %allusersprofile%\peiuce\unydfed.sys
MD5                : 001124CF8B1CBFD3308E5AF03541289F
Publisher          : Jambo Digital ltd
Size               : 24696
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\peiuce\unydfed.sys

FRST.exe
Status             : Scanned
Object             : %homedrive%\users\abby jacob neena\downloads\frst.exe
MD5                : 7D003AA90B9C33020BF869A25A96E2FB
Publisher          : -
Size               : 1141552
Version            : -
Detection          : Malware:Win32/Generic!Lrer
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\abby jacob neena\downloads\frst.exe

Hawker_v1.11[1].exe
Status             : Scanned
Object             : %homedrive%\users\abby jacob neena\appdata\local\microsoft\windows\temporary internet files\content.ie5\ebft9wqa\hawker_v1.11[1].exe
MD5                : FA31C9E400C363522288D06268D9FF30
Publisher          : -
Size               : 196300
Version            : 4.1.0.0
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\users\abby jacob neena\appdata\local\microsoft\windows\temporary internet files\content.ie5\ebft9wqa\hawker_v1.11[1].exe

efaatmawfyj.exe
Status             : Scanned
Object             : %allusersprofile%\peiuce\efaatmawfyj.exe
MD5                : 45EB9B9F47242565E0B69B8703725478
Publisher          : Emo Cokoj
Size               : 251352
Version            : 85.0.0.0
Detection          : Heur.Malicious!Pb
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\peiuce\efaatmawfyj.exe

nibgduyu.dll
Status             : Scanned
Object             : %allusersprofile%\peiuce\nibgduyu.dll
MD5                : B4398E6CCEC4F1AC8D05B2E804845CC7
Publisher          : -
Size               : 430080
Version            : 85.9.9.11
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\peiuce\nibgduyu.dll

utils.exe
Status             : Scanned
Object             : %allusersprofile%\peiuce\utils.exe
MD5                : 8EE0F221FDC64D1A797FA4B9999D630F
Publisher          : -
Size               : 218849
Version            : 1.1.0.31
Detection          : Malware:Win32/Generic!Keii
Cleaning Action    : Quarantine
Traces             :
                File - %allusersprofile%\peiuce\utils.exe

gcpum.dll
Status             : Scanned
Object             : %programw6432%\shopperz\gcpum.dll
MD5                : 83741AC97727D47D4A5DB311460D41CC
Publisher          : Lucuma
Size               : 89448
Version            : -
Detection          : Malware:Win32/Quarand!Mrei
Cleaning Action    : Quarantine
Traces             :
                File - %programw6432%\shopperz\gcpum.dll
 

 

 

10 Jun 2015 13:08:36 [1290] - **********************************************************
10 Jun 2015 13:08:36 [1290] - MWAV - eScanAV AntiVirus Toolkit.
10 Jun 2015 13:08:36 [1290] - Copyright © MicroWorld Technologies
10 Jun 2015 13:08:36 [1290] - **********************************************************
10 Jun 2015 13:08:36 [1290] - Source: C:\Users\debbie\Downloads\mwav.exe
10 Jun 2015 13:08:36 [1290] - Version 14.0.178 (C:\USERS\DEBBIE\APPDATA\LOCAL\TEMP\MEXE.COM)
10 Jun 2015 13:08:36 [1290] - Log File: C:\Users\debbie\AppData\Local\Temp\MWAV.LOG
10 Jun 2015 13:08:36 [1290] - MWAV Registered: TRUE
10 Jun 2015 13:08:36 [1290] - User Account: debbie (Administrator Mode)
10 Jun 2015 13:08:36 [1290] - OS Type: Windows Workstation [InstallType: Client]
10 Jun 2015 13:08:36 [1290] - OS: Windows 7 64-Bit [OS Install Date: 17 Dec 2014 21:00:10]
10 Jun 2015 13:08:36 [1290] - Ver: Professional Service Pack 1 (Build 7601)
10 Jun 2015 13:08:36 [1290] - System Up Time: 20 Minutes, 11 Seconds


10 Jun 2015 13:08:36 [1290] - Parent Process Name : C:\Users\debbie\Downloads\mwav.exe
10 Jun 2015 13:08:36 [1290] - Windows Root  Folder: C:\Windows
10 Jun 2015 13:08:36 [1290] - Windows Sys32 Folder: C:\Windows\system32
10 Jun 2015 13:08:36 [1290] - DHCP NameServer: 192.168.1.254
10 Jun 2015 13:08:36 [1290] - Interface0 DHCPNameServer: 192.168.1.254
10 Jun 2015 13:08:36 [1290] - Local Fixed Drives: c:\
10 Jun 2015 13:08:36 [1290] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
10 Jun 2015 13:08:36 [1290] - [CREATED ZIP FILE: C:\Users\debbie\AppData\Local\Temp\pinfect.zip]
10 Jun 2015 13:08:36 [1290] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
10 Jun 2015 13:08:38 [1290] - ** Changed Value of "Path"
10 Jun 2015 13:08:39 [1290] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\debbie\AppData\Local\Temp\ESCANDB.LOG]
10 Jun 2015 13:08:40 [1290] - Loaded/Created FileScan Cache Database...
10 Jun 2015 13:08:40 [1290] - Loading AV Library [DB]...
10 Jun 2015 13:09:33 [1290] - ArchiveScan: DISABLED
10 Jun 2015 13:09:34 [1290] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
10 Jun 2015 13:09:34 [1290] - MWAV doing self scanning...
10 Jun 2015 13:09:34 [1290] - MWAV files are clean.
10 Jun 2015 13:09:44 [1290] - ArchiveScan: DISABLED
10 Jun 2015 13:09:44 [1290] - Virus Database Date: 02 Mar 2015
10 Jun 2015 13:09:44 [1290] - Virus Database Count: 6701505
10 Jun 2015 13:09:44 [1290] - Sign Version: 7.59505 [518257]
 
10 Jun 2015 13:10:16 [1290] - **********************************************************
10 Jun 2015 13:10:16 [1290] - MWAV - eScanAV AntiVirus Toolkit.
10 Jun 2015 13:10:16 [1290] - Copyright © MicroWorld Technologies
10 Jun 2015 13:10:16 [1290] -
10 Jun 2015 13:10:16 [1290] - Support: support@escanav.com
10 Jun 2015 13:10:16 [1290] - Web: http://www.escanav.com
10 Jun 2015 13:10:16 [1290] - **********************************************************
10 Jun 2015 13:10:16 [1290] - Version 14.0.178[DB] (C:\USERS\DEBBIE\APPDATA\LOCAL\TEMP\MEXE.COM)
10 Jun 2015 13:10:16 [1290] - Log File: C:\Users\debbie\AppData\Local\Temp\MWAV.LOG
10 Jun 2015 13:10:16 [1290] - User Account: debbie (Administrator Mode)
10 Jun 2015 13:10:16 [1290] - Parent Process Name : C:\Users\debbie\Downloads\mwav.exe
10 Jun 2015 13:10:16 [1290] - Windows Root  Folder: C:\Windows
10 Jun 2015 13:10:16 [1290] - Windows Sys32 Folder: C:\Windows\system32
10 Jun 2015 13:10:16 [1290] - OS: Windows 7 64-Bit [OS Install Date: 17 Dec 2014 21:00:10]
10 Jun 2015 13:10:16 [1290] - Ver: Professional Service Pack 1 (Build 7601)
10 Jun 2015 13:10:16 [1290] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
10 Jun 2015 13:10:22 [1254] - Options Selected by User:
10 Jun 2015 13:10:22 [1254] - Memory Check: Enabled
10 Jun 2015 13:10:22 [1254] - Registry Check: Enabled
10 Jun 2015 13:10:22 [1254] - StartUp Folder Check: Enabled
10 Jun 2015 13:10:22 [1254] - System Folder Check: Enabled
10 Jun 2015 13:10:22 [1254] - Services Check: Enabled
10 Jun 2015 13:10:22 [1254] - Scan Spyware: Enabled
10 Jun 2015 13:10:22 [1254] - Scan Archives: Disabled
10 Jun 2015 13:10:22 [1254] - Drive Check: Disabled
10 Jun 2015 13:10:22 [1254] - All Drive Check :Enabled
10 Jun 2015 13:10:22 [1254] - Folder Check: Disabled
10 Jun 2015 13:10:22 [1254] - SCAN: All_Files [ANSI]
10 Jun 2015 13:10:22 [1254] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
10 Jun 2015 13:10:22 [1254] - Scanning DNS Records...
10 Jun 2015 13:10:22 [1254] - Scanning Master Boot Record (User)...
10 Jun 2015 13:10:22 [1254] - Scanning Logical Boot Records...
10 Jun 2015 13:10:23 [1254] - ***** Scanning For Hidden Rootkit Processes *****
10 Jun 2015 13:10:23 [1254] - ***** Scanning For Hidden Rootkit Services *****
10 Jun 2015 13:10:32 [1254] - Name: dhjowko (HIDDEN)
10 Jun 2015 13:10:32 [1254] - Display Name: dhjowko
10 Jun 2015 13:10:32 [1254] - Image Path: "C:\ProgramData\PeiUce\nibgwuy.exe" -cms
10 Jun 2015 13:10:32 [1254] - Start: 2
 
10 Jun 2015 13:10:32 [1254] - Name: DijuAcirl (HIDDEN)
10 Jun 2015 13:10:32 [1254] - Display Name: DijuAcirl
10 Jun 2015 13:10:32 [1254] - Image Path: "C:\ProgramData\PeiUce\MeapPiuhti.exe" -cmd
10 Jun 2015 13:10:32 [1254] - Start: 2
 
10 Jun 2015 13:10:32 [1254] - Name: pozghjul (HIDDEN)
10 Jun 2015 13:10:32 [1254] - Display Name: pozghjul
10 Jun 2015 13:10:32 [1254] - Image Path: "C:\ProgramData\PeiUce\nibgauy.exe" /ts2=1
10 Jun 2015 13:10:32 [1254] - Start: 2
 
10 Jun 2015 13:10:32 [1254] - Service Name: dhjowko
10 Jun 2015 13:10:32 [1254] - Service Image: "C:\ProgramData\PeiUce\nibgwuy.exe" -cms
10 Jun 2015 13:10:32 [1254] - Service Name: DijuAcirl
10 Jun 2015 13:10:32 [1254] - Service Image: "C:\ProgramData\PeiUce\MeapPiuhti.exe" -cmd
10 Jun 2015 13:10:32 [1254] - Service Name: pozghjul
10 Jun 2015 13:10:32 [1254] - Service Image: "C:\ProgramData\PeiUce\nibgauy.exe" /ts2=1
 
10 Jun 2015 13:10:32 [1254] - ***** Scanning Memory Files *****
10 Jun 2015 13:10:34 [1254] - Scanning File C:\ProgramData\PeiUce\nibgwuy.exe
10 Jun 2015 13:10:34 [1254] - ERROR!!! ScanFile Failed Once. Trying to scan again...
10 Jun 2015 13:10:34 [1254] - Scanning File C:\ProgramData\PeiUce\nibgwuy.exe
10 Jun 2015 13:10:34 [1254] - ERROR!!! ScanFile Failed Twice. Trying to scan again...
10 Jun 2015 13:10:34 [1254] - Scanning File C:\ProgramData\PeiUce\nibgwuy.exe
10 Jun 2015 13:10:34 [1254] - ERROR!!! ScanFile Failed Thrice!!!
10 Jun 2015 13:10:34 [1254] - Scanning File C:\ProgramData\PeiUce\MeapPiuhti.exe
10 Jun 2015 13:10:34 [1254] - ERROR!!! ScanFile Failed Once. Trying to scan again...
10 Jun 2015 13:10:35 [1254] - Scanning File C:\ProgramData\PeiUce\MeapPiuhti.exe
10 Jun 2015 13:10:35 [1254] - ERROR!!! ScanFile Failed Twice. Trying to scan again...
10 Jun 2015 13:10:35 [1254] - Scanning File C:\ProgramData\PeiUce\MeapPiuhti.exe
10 Jun 2015 13:10:35 [1254] - ERROR!!! ScanFile Failed Thrice!!!
 
10 Jun 2015 13:10:41 [1254] - ***** Scanning Registry Files *****
 
10 Jun 2015 13:10:48 [1254] - ***** Scanning StartUp Folders *****
10 Jun 2015 13:15:40 [166c] - Scanning File C:\ProgramData\PeiUce\MeapPiuhti.exe
10 Jun 2015 13:15:40 [1648] - Scanning File C:\ProgramData\PeiUce\nibgwuy.EXE
10 Jun 2015 13:15:42 [0cac] - Scanning File C:\ProgramData\PeiUce\Uninstaller.exe
10 Jun 2015 13:15:42 [0cac] - File C:\ProgramData\PeiUce\Uninstaller.exe infected by "Gen:Variant.Adware.MPlug.7 (DB)" Virus! Action Taken: File Deleted.

 
10 Jun 2015 13:16:22 [1254] - ***** Scanning Service Files *****
10 Jun 2015 13:16:23 [1254] - ERROR(2)!!! Invalid Entry "C:\Program Files\shopperz\Anneliese.exe". Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\1DEA2C4A-8529-46b5-ACC0-C3873ED068E6.
10 Jun 2015 13:16:33 [1254] - ERROR(2)!!! Invalid Entry system32\drivers\cherimoya.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\cherimoya.
10 Jun 2015 13:16:36 [1254] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\dhjowko].
10 Jun 2015 13:16:36 [1254] - Giving rights© to [HKLM64\SYSTEM\CurrentControlSet\Services\dhjowko].
10 Jun 2015 13:16:36 [1254] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\DijuAcirl].
10 Jun 2015 13:16:37 [1254] - Giving rights© to [HKLM64\SYSTEM\CurrentControlSet\Services\DijuAcirl].
10 Jun 2015 13:16:39 [1254] - ERROR(2)!!! Invalid Entry C:\Users\Dvpe\AppData\Local\CE1D8D24-1432487588-11DF-ABFA-D4303FC75D46\cnsjC637.tmp. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\gerugefu.
10 Jun 2015 13:16:41 [1254] - ERROR(2)!!! Invalid Entry system32\drivers\innfd_1_10_0_14.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\innfd_1_10_0_14.
10 Jun 2015 13:16:47 [1254] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\pozghjul].
10 Jun 2015 13:16:47 [1254] - Giving rights© to [HKLM64\SYSTEM\CurrentControlSet\Services\pozghjul].
10 Jun 2015 13:16:51 [1254] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\sptd\Cfg].
10 Jun 2015 13:16:53 [1254] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
10 Jun 2015 13:16:59 [1254] - ***** Scanning Registry and File system for Adware/Spyware *****
10 Jun 2015 13:17:00 [1254] - Loading Spyware Signatures from new External Database [Name: C:\Users\debbie\AppData\Local\Temp\spydb.avs, Size: 464717]...
10 Jun 2015 13:17:00 [1254] - Indexed Spyware Databases Successfully Created...
 
10 Jun 2015 13:17:15 [1254] - Offending file found: C:\Users\debbie\AppData\Roaming\Pro PC Cleaner\Pro PC Cleaner 2.5.5\install\D90887D\Helper.dll
10 Jun 2015 13:17:15 [1254] - System found infected with Banker.d Worm (Helper.dll)! Action taken: File Deleted.
10 Jun 2015 13:17:15 [1254] - Object "Banker.d Worm" found in File System! Action Taken: File Deleted.

10 Jun 2015 13:17:23 [1254] - Offending Folder found: C:\Users\debbie\Documents\Electronic Arts\The Sims 3\Downloads\TSR
10 Jun 2015 13:17:23 [1254] - Deltree of Folder C:\Users\debbie\Documents\Electronic Arts\The Sims 3\Downloads\TSR...
10 Jun 2015 13:17:31 [1254] - Object "SurfAssistant Spyware/Adware" found in File System! Action Taken: Entries Removed.

 
10 Jun 2015 13:17:39 [1254] - ***** Scanning Registry Files *****
10 Jun 2015 13:17:40 [1254] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
10 Jun 2015 13:17:40 [1254] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
10 Jun 2015 13:17:40 [1254] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
10 Jun 2015 13:17:40 [1254] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
10 Jun 2015 13:17:40 [1254] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
10 Jun 2015 13:17:40 [1254] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
10 Jun 2015 13:17:40 [1254] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
10 Jun 2015 13:17:40 [1254] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
 
10 Jun 2015 13:17:40 [1254] - ***** Scanning System32 Folders *****
 
 
10 Jun 2015 13:19:18 [1254] - ***** Scanning All Drives *****
10 Jun 2015 13:19:18 [1254] - ***** C: *****
10 Jun 2015 13:19:18 [1254] - Scanning C:\ Drive
10 Jun 2015 13:28:43 [1648] - ScanFile (C:\Program Files\CCleaner\uninst.exe) took 7534 ms
10 Jun 2015 13:28:44 [166c] - ScanFile (C:\Program Files\Common Files\Adobe\Adobe\AdobePatchFiles\{69180779-4C0C-441D-95BB-A21324A89D46}.zip) took 7753 ms
10 Jun 2015 13:40:27 [1ea4] - Scanning File C:\ProgramData\PeiUce\MeapPiuhti.exe
10 Jun 2015 13:40:27 [1648] - Scanning File C:\ProgramData\PeiUce\nibgwuy.EXE
10 Jun 2015 13:40:34 [1ea4] - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
10 Jun 2015 13:40:37 [1648] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:40:37 [0cac] - Scanning File C:\System Volume Information\{5f1b86bd-0c94-11e5-b2eb-e0cb4e671b5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:40:37 [1ea4] - Scanning File C:\System Volume Information\{340356c7-0cd1-11e5-a555-e0cb4e671b5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:40:37 [166c] - Scanning File C:\System Volume Information\{3ad737e7-0895-11e5-908d-e0cb4e671b5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:40:37 [1648] - Scanning File C:\System Volume Information\{c725a0cb-027c-11e5-8595-e0cb4e671b5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:40:37 [0cac] - Scanning File C:\System Volume Information\{e099acf0-094c-11e5-a83f-e0cb4e671b5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:40:37 [1ea4] - Scanning File C:\System Volume Information\{e099acf4-094c-11e5-a83f-e0cb4e671b5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:40:37 [166c] - Scanning File C:\System Volume Information\{e587dd72-0f98-11e5-a2d1-e0cb4e671b5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:40:37 [1648] - Scanning File C:\System Volume Information\{e587dd76-0f98-11e5-a2d1-e0cb4e671b5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
10 Jun 2015 13:58:20 [1ea4] - ScanFile (C:\Users\abby jacob neena\Downloads\Adaware_Installer.exe) took 5523 ms
10 Jun 2015 13:58:32 [166c] - C:\Users\debbie\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp not Scanned. Possibly password protected...
10 Jun 2015 13:58:32 [0cac] - C:\Users\debbie\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat not Scanned. Possibly password protected...
10 Jun 2015 14:02:51 [1ea4] - ScanFile (C:\Users\debbie\Downloads\setup.exe) took 6334 ms
10 Jun 2015 14:04:10 [1648] - ScanFile (C:\Users\Dvpe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3UOY2QN\opt_content[3].js) took 5258 ms
10 Jun 2015 14:05:48 [1ea4] - C:\Users\Dvpe\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_35.zip not Scanned. Possibly password protected...
10 Jun 2015 14:12:04 [0cac] - C:\Users\DvpeTM\AppData\Local\Mozilla\Firefox\Profiles\tx6jw68m.default\cache2\entries\0DC37E12F186FCCFFD37202BC608828876718F17 not Scanned. Possibly password protected...
10 Jun 2015 14:12:50 [1ea4] - C:\Users\DvpeTM\AppData\Local\Mozilla\Firefox\Profiles\tx6jw68m.default\cache2\entries\46DD00488F52F03B2C528EA47480F95B8CC2BD40 not Scanned. Possibly password protected...
10 Jun 2015 14:13:35 [1ea4] - C:\Users\DvpeTM\AppData\Local\Mozilla\Firefox\Profiles\tx6jw68m.default\cache2\entries\8B980F78678074050389BEAD450B9EC53126A54E not Scanned. Possibly password protected...
10 Jun 2015 14:25:25 [166c] - ScanFile (C:\Users\FubzehPvP\AppData\Local\Unity\WebPlayer\Uninstall.exe) took 8955 ms
10 Jun 2015 14:39:51 [166c] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed\0D741DA1E0EBC6D3CA11466FCD14361F\4.5.50709\clrjit_dll_x86) took 5569 ms
10 Jun 2015 14:41:41 [1ea4] - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
10 Jun 2015 14:41:41 [1648] - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
10 Jun 2015 14:43:48 [0cac] - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
10 Jun 2015 14:43:48 [166c] - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
10 Jun 2015 14:45:48 [166c] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_004171f7f652c29b\usbaaplrc.dll) took 9906 ms
10 Jun 2015 14:48:14 [1648] - C:\Windows\Tasks\a7b9841f-66df-4371-b165-8b86228c6129-10_user.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [1ea4] - C:\Windows\Tasks\a7b9841f-66df-4371-b165-8b86228c6129-1-6.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [0cac] - C:\Windows\Tasks\a7b9841f-66df-4371-b165-8b86228c6129-4.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [166c] - C:\Windows\Tasks\a7b9841f-66df-4371-b165-8b86228c6129-1-7.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [0cac] - C:\Windows\Tasks\Adobe Flash Player Updater.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [166c] - C:\Windows\Tasks\Crossbrowse.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [1648] - C:\Windows\Tasks\a7b9841f-66df-4371-b165-8b86228c6129-5.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [1ea4] - C:\Windows\Tasks\a7b9841f-66df-4371-b165-8b86228c6129-5_user.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [0cac] - C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [166c] - C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [1648] - C:\Windows\Tasks\GPZMERTTIY1.job not Scanned. Possibly password protected...
10 Jun 2015 14:48:14 [0cac] - C:\Windows\Tasks\Tny_cassiopesa.job not Scanned. Possibly password protected...
10 Jun 2015 14:50:50 [1ea4] - ScanFile (C:\Windows\winsxs\amd64_microsoft-windows-ehome-mcweblauncher_31bf3856ad364e35_6.1.7600.16385_none_5846a8771b202706\MediaCenterWebLauncher.exe) took 5648 ms
10 Jun 2015 15:00:08 [166c] - ScanFile (C:\Windows\winsxs\Backup\x86_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_9b0ce353451f4255_d2d1.dll_ef77984b) took 8206 ms
10 Jun 2015 15:23:09 [1ea4] - ScanFile (C:\Windows.old\Users\debbie\AppData\Local\Roblox\Versions\version-0aae98b55b324621\boost.dll) took 6848 ms
10 Jun 2015 15:27:58 [1ea4] - ScanFile (C:\Windows.old\Users\debbie\AppData\Local\Temp\drm_dyndata_7400009.dll) took 9282 ms
10 Jun 2015 15:27:58 [166c] - ScanFile (C:\Windows.old\Users\debbie\AppData\Local\Temp\drm_dialogs.dll) took 9407 ms
10 Jun 2015 15:33:44 [0cac] - ScanFile (C:\Windows.old\Users\debbie\Documents\EA Games\The Sims™ 2 Ultimate Collection\Downloads\5.15.13\DarowsMinecraftBeta1.3_01-FIXED\DarowsMinecraftinstallerv3.exe) took 7270 ms
10 Jun 2015 15:33:44 [166c] - ScanFile (C:\Windows.old\Users\debbie\Documents\EA Games\The Sims™ 2 Ultimate Collection\Downloads\5.15.13\AIO_Pser_Util.exe) took 9251 ms
10 Jun 2015 15:33:44 [1ea4] - ScanFile (C:\Windows.old\Users\debbie\Documents\EA Games\The Sims™ 2 Ultimate Collection\Downloads\5.15.13\DarowsMinecraftBeta1.3_01-FIXED\minecraft\bin\natives\jinput-dx8.dll) took 5117 ms
10 Jun 2015 15:35:01 [0cac] - Scanning File C:\Windows.old\Users\debbie\Documents\EA Games\The Sims™ 2 Ultimate Collection\Downloads\5fb5facc_¦½¦+-¢¦ã«Â¾+¦Ã-¦íÁ­¦Ã.package.package
10 Jun 2015 15:41:42 [0cac] - ScanFile (C:\Windows.old\Users\debbie\Downloads\ChromeSetup.exe) took 9407 ms
10 Jun 2015 15:41:45 [166c] - ScanFile (C:\Windows.old\Users\debbie\Downloads\CFSetup356.exe) took 11559 ms
10 Jun 2015 15:43:52 [0cac] - ScanFile (C:\Windows.old\Windows\ehome\MediaCenterWebLauncher.exe) took 5803 ms
10 Jun 2015 15:49:36 [0cac] - ScanFile (C:\Windows.old\Windows\System32\DriverStore\FileRepository\c7112964.inf_amd64_neutral_29fd1f329041cbba\B112566\atiadlxy.dll) took 13431 ms
10 Jun 2015 15:49:36 [1ea4] - ScanFile (C:\Windows.old\Windows\System32\DriverStore\FileRepository\c7112964.inf_amd64_neutral_29fd1f329041cbba\B112566\aticalrt.dll) took 5273 ms
10 Jun 2015 15:49:36 [1648] - ScanFile (C:\Windows.old\Windows\System32\DriverStore\FileRepository\c7112964.inf_amd64_neutral_29fd1f329041cbba\B112566\aticaldd.dll) took 6427 ms
10 Jun 2015 15:49:36 [166c] - ScanFile (C:\Windows.old\Windows\System32\DriverStore\FileRepository\c7112964.inf_amd64_neutral_29fd1f329041cbba\B112566\aticalcl.dll) took 13260 ms
10 Jun 2015 15:50:26 [0cac] - ScanFile (C:\Windows.old\Windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_2719a99241841d30\RTLCPAPI.dll) took 7098 ms
10 Jun 2015 15:52:06 [1ea4] - ScanFile (C:\Windows.old\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_ca639d07023cb608\usbaaplrc.dll) took 8767 ms
10 Jun 2015 15:53:26 [1ea4] - ScanFile (C:\Windows.old\Windows\System32\OxpsConverter.exe) took 7051 ms
10 Jun 2015 16:05:02 [0cac] - ScanFile (C:\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-d2d_31bf3856ad364e35_7.1.7601.18327_none_9b0ce353451f4255_d2d1.dll_ef77984b) took 7504 ms
 
10 Jun 2015 16:13:17 [1254] - Closing all applications and shutting down PC...
 
10 Jun 2015 16:13:21 [1254] - ***** Checking for specific ITW Viruses *****
 
10 Jun 2015 16:13:22 [1254] - ***** Scanning complete. *****
 
10 Jun 2015 16:13:22 [1254] - Total Objects Scanned: 601177
10 Jun 2015 16:13:22 [1254] - Total Critical Objects: 3
10 Jun 2015 16:13:22 [1254] - Total Disinfected Objects: 0
10 Jun 2015 16:13:22 [1254] - Total Objects Renamed: 0
10 Jun 2015 16:13:22 [1254] - Total Deleted Objects: 3
10 Jun 2015 16:13:22 [1254] - Total Errors: 10
10 Jun 2015 16:13:22 [1254] - Time Elapsed: 03:00:28
10 Jun 2015 16:13:22 [1254] - Virus Database Date: 02 Mar 2015
10 Jun 2015 16:13:22 [1254] - Virus Database Count: 6701505
10 Jun 2015 16:13:22 [1254] - Sign Version: 7.59505 [518257]
 
10 Jun 2015 16:13:22 [1254] - Scan Completed.
10 Jun 2015 16:41:36 [16f0] - **********************************************************
10 Jun 2015 16:41:36 [16f0] - MWAV - eScanAV AntiVirus Toolkit.
10 Jun 2015 16:41:36 [16f0] - Copyright © MicroWorld Technologies
10 Jun 2015 16:41:36 [16f0] - **********************************************************
10 Jun 2015 16:41:36 [16f0] - Version 14.0.178 (C:\USERS\DEBBIE\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
10 Jun 2015 16:41:36 [16f0] - Log File: C:\Users\debbie\AppData\Local\Temp\MWAV.LOG
10 Jun 2015 16:41:36 [16f0] - Last Scan Date and Time: 10.06.2015 13:10:22
10 Jun 2015 16:41:36 [16f0] - MWAV Registered: TRUE
10 Jun 2015 16:41:36 [16f0] - User Account: debbie (Administrator Mode)
10 Jun 2015 16:41:36 [16f0] - OS Type: Windows Workstation [InstallType: Client]
10 Jun 2015 16:41:36 [16f0] - OS: Windows 7 64-Bit [OS Install Date: 17 Dec 2014 21:00:10]
10 Jun 2015 16:41:36 [16f0] - Ver: Professional Service Pack 1 (Build 7601)
10 Jun 2015 16:41:36 [16f0] - System Up Time: 26 Minutes, 55 Seconds


10 Jun 2015 16:41:36 [16f0] - Parent Process Name : c:\Windows\explorer.exe
10 Jun 2015 16:41:36 [16f0] - Windows Root  Folder: C:\Windows
10 Jun 2015 16:41:36 [16f0] - Windows Sys32 Folder: C:\Windows\system32
10 Jun 2015 16:41:36 [16f0] - DHCP NameServer: 192.168.1.254
10 Jun 2015 16:41:36 [16f0] - Interface0 DHCPNameServer: 192.168.1.254
10 Jun 2015 16:41:36 [16f0] - Local Fixed Drives: c:\
10 Jun 2015 16:41:36 [16f0] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
10 Jun 2015 16:41:36 [16f0] - [CREATED ZIP FILE: C:\Users\debbie\AppData\Local\Temp\pinfect.zip]
10 Jun 2015 16:41:36 [16f0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
10 Jun 2015 16:41:36 [16f0] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\debbie\AppData\Local\Temp\ESCANDB.LOG]
10 Jun 2015 16:41:38 [16f0] - Loaded/Created FileScan Cache Database...
10 Jun 2015 16:41:38 [16f0] - Loading AV Library [DB]...
10 Jun 2015 16:41:44 [16f0] - ArchiveScan: DISABLED
10 Jun 2015 16:41:44 [16f0] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
10 Jun 2015 16:41:44 [16f0] - MWAV doing self scanning...
10 Jun 2015 16:41:45 [16f0] - MWAV files are clean.
10 Jun 2015 16:41:45 [16f0] - ArchiveScan: DISABLED
10 Jun 2015 16:41:45 [16f0] - Virus Database Date: 02 Mar 2015
10 Jun 2015 16:41:45 [16f0] - Virus Database Count: 6701505
10 Jun 2015 16:41:45 [16f0] - Sign Version: 7.59505 [518257]
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Professional x64
Ran by debbie on Wed 06/10/2015 at 18:33:59.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cherimoya
Successfully deleted: [Service] cherimoya
Successfully stopped: [Service] csrcc
Successfully deleted: [Service] csrcc
Successfully stopped: [Service] shopperz updater
Successfully deleted: [Service] shopperz updater



~~~ Tasks

Failed to delete: [Task] C:\Windows\tasks\a7b9841f-66df-4371-b165-8b86228c6129-1-6.job
Failed to delete: [Task] C:\Windows\tasks\a7b9841f-66df-4371-b165-8b86228c6129-1-7.job
Failed to delete: [Task] C:\Windows\tasks\a7b9841f-66df-4371-b165-8b86228c6129-10_user.job
Failed to delete: [Task] C:\Windows\tasks\a7b9841f-66df-4371-b165-8b86228c6129-4.job
Failed to delete: [Task] C:\Windows\tasks\a7b9841f-66df-4371-b165-8b86228c6129-5.job
Failed to delete: [Task] C:\Windows\tasks\a7b9841f-66df-4371-b165-8b86228c6129-5_user.job
Failed to delete: [Task] C:\Windows\tasks\Crossbrowse.job
Failed to delete: [Task] C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
Failed to delete: [Task] C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
Failed to delete: [Task] C:\Windows\tasks\Tny_cassiopesa.job
Successfully deleted: [Task] C:\Windows\system32\tasks\a7b9841f-66df-4371-b165-8b86228c6129-1-6
Successfully deleted: [Task] C:\Windows\system32\tasks\Crossbrowse
Successfully deleted: [Task] C:\Windows\system32\tasks\HDNINSTSCHD
Successfully deleted: [Task] C:\Windows\system32\tasks\IE_ERR4WDR
Successfully deleted: [Task] C:\Windows\system32\tasks\LaunchPreSignup
Successfully deleted: [Task] C:\Windows\system32\tasks\Run_Bobby_Browser
Successfully deleted: [Task] C:\Windows\system32\tasks\SmartWeb Upgrade Trigger Task
Successfully deleted: [Task] C:\Windows\system32\tasks\Tny_cassiopesa
Successfully deleted: [Task] C:\Windows\system32\tasks\UPDTEXE4_WDR
Successfully deleted: [Task] C:\Windows\system32\tasks\Winfix 10 Auto Start Logon
Successfully deleted: [Task] C:\Windows\system32\tasks\Winfix Helper



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2395B860-45E4-42fd-96E6-50BA597C1C42}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{853130B6-1A29-4D9D-9513-2A461287651E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{853130B6-1A29-4D9D-9513-2A461287651E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{853130B6-1A29-4D9D-9513-2A461287651E}



~~~ Files

Successfully deleted: [File] C:\clarainstaller.txt
Successfully deleted: [File] C:\end
Successfully deleted: [File] C:\Windows\verson_hawker.txt
Successfully deleted: [File] C:\Users\debbie\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Windows\system32\LavasoftTcpService64.dll
Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpService.dll
Successfully deleted: [File] C:\Users\debbie\desktop\continue live installation.lnk



~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\ge-force
Failed to delete: [Folder] C:\Program Files (x86)\hawker
Failed to delete: [Folder] C:\Windows\syswow64\number of results
Successfully deleted: [Folder] C:\Program Files (x86)\app_setup
Successfully deleted: [Folder] C:\Program Files (x86)\CinemaPlus-3.2cV24.05
Successfully deleted: [Folder] C:\Program Files (x86)\consumer input
Successfully deleted: [Folder] C:\Program Files (x86)\coupoon
Successfully deleted: [Folder] C:\Program Files (x86)\globalupdate
Successfully deleted: [Folder] C:\Program Files (x86)\itibiti soft phone
Successfully deleted: [Folder] C:\Program Files (x86)\Optimizer Pro 3.93
Successfully deleted: [Folder] C:\Program Files (x86)\pcp
Successfully deleted: [Folder] C:\Program Files (x86)\portable weatherapp
Successfully deleted: [Folder] C:\Program Files (x86)\predm
Successfully deleted: [Folder] C:\Program Files (x86)\PuriceLeasos [BHO.Multiplug]
Successfully deleted: [Folder] C:\Program Files (x86)\safeguard
Successfully deleted: [Folder] C:\Program Files (x86)\shopperpro
Successfully deleted: [Folder] C:\Program Files (x86)\super optimizer
Successfully deleted: [Folder] C:\Program Files (x86)\winfix 10 pro
Successfully deleted: [Folder] C:\Program Files (x86)\ytdownloader
Successfully deleted: [Folder] C:\ProgramData\abc
Successfully deleted: [Folder] C:\ProgramData\flashbeat
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\hawker
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\knctr
Successfully deleted: [Folder] C:\ProgramData\shopperpro
Successfully deleted: [Folder] C:\Users\debbie\appdata\local\boost
Successfully deleted: [Folder] C:\Users\debbie\appdata\locallow\smartweb
Successfully deleted: [Folder] C:\Users\debbie\AppData\Roaming\compuclever
Successfully deleted: [Folder] C:\Users\debbie\AppData\Roaming\opencandy
Successfully deleted: [Folder] C:\Users\debbie\AppData\Roaming\pro pc cleaner
Successfully deleted: [Folder] C:\Users\debbie\AppData\Roaming\tny_cassiopesa
Successfully deleted: [Folder] C:\Users\debbie\documents\propccleaner
Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e
Successfully deleted: [Folder] C:\ProgramData\841a6e9fc7334b5aa886ffd57efc6604
Successfully deleted: [Folder] C:\Users\debbie\appdata\local\gmsd_us_619 [Adware.EoRezo]
Successfully deleted: [Folder] C:\Users\debbie\appdata\locallow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} [Adware.JS]



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/10/2015 at 18:37:13.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v4.206 - Logfile created 10/06/2015 at 19:19:06
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : debbie - DEBBIE-PC
# Running from : C:\Users\debbie\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\DesktopSearch
Folder Deleted : C:\ProgramData\{506d8ebd-dc39-e82d-506d-d8ebddc33af7}
Folder Deleted : C:\ProgramData\{628855dc-2324-d82a-6288-855dc2325770}
Folder Deleted : C:\ProgramData\{fcae992e-bca0-02d2-fcae-e992ebca64ba}
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Program Files (x86)\Priceless
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SwiftMediaConverter
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Program Files\WebBar
Folder Deleted : C:\Program Files\BubbleSound
Folder Deleted : C:\Program Files\coupoon
Folder Deleted : C:\Users\abby jacob neena\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\abby jacob neena\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\abby jacob neena\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\debbie\AppData\Local\SwiftMediaConverter
Folder Deleted : C:\Users\Dvpe\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Dvpe\AppData\Local\BoBrowser
Folder Deleted : C:\Users\Dvpe\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Dvpe\AppData\Local\Consumer Input
Folder Deleted : C:\Users\Dvpe\AppData\Local\WebBar
Folder Deleted : C:\Users\Dvpe\AppData\Local\BrowserHelper
Folder Deleted : C:\Users\Dvpe\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Dvpe\AppData\Local\SafeGuard
Folder Deleted : C:\Users\Dvpe\AppData\Local\Alerts_LLC
Folder Deleted : C:\Users\Dvpe\AppData\Local\PC_Privacy_Dock
Folder Deleted : C:\Users\Dvpe\AppData\Local\gmsd_us_619
Folder Deleted : C:\Users\Dvpe\AppData\Local\CE1D8D24-1432487600-11DF-ABFA-D4303FC75D46
Folder Deleted : C:\Users\Dvpe\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Dvpe\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Dvpe\AppData\Roaming\Developerts LLC USA
Folder Deleted : C:\Users\Dvpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Deleted : C:\Users\Dvpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
Folder Deleted : C:\Users\Dvpe\Documents\PCPrivacyDock
Folder Deleted : C:\Users\DvpeTM\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\FubzehPvP\AppData\Local\BrowserHelper
Folder Deleted : C:\Users\FubzehPvP\AppData\Local\SafeGuard
Folder Deleted : C:\Users\FubzehPvP\AppData\Local\DesktopSearch
Folder Deleted : C:\Users\FubzehPvP\AppData\Local\gmsd_us_619
Folder Deleted : C:\Users\FubzehPvP\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\FubzehPvP\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Guest\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
Folder Deleted : C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\Extensions\Yk@SI.net
Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\knx0rtwh.default\Extensions\Yk@SI.net
Folder Deleted : C:\Users\abby jacob neena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\DvpeTM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\ProgramData\cijogmpfkomfcgkahpfgnnjablamncho
File Deleted : C:\Users\abby jacob neena\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
File Deleted : C:\Users\Dvpe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Deleted : C:\Users\Dvpe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Deleted : C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\searchplugins\trovi.xml
File Deleted : C:\Users\abby jacob neena\AppData\Roaming\Mozilla\Firefox\Profiles\8gbg9yij.default\user.js
File Deleted : C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\user.js
File Deleted : C:\Users\abby jacob neena\AppData\Roaming\Mozilla\Firefox\Profiles\8gbg9yij.default\searchplugins\cassiopesa.xml

***** [ Scheduled tasks ] *****

Task Deleted : Crossbrowse
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : Run_Bobby_Browser
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : LaunchPreSignup
Task Deleted : Tny_cassiopesa
Task Deleted : a7b9841f-66df-4371-b165-8b86228c6129-1-6
Task Deleted : a7b9841f-66df-4371-b165-8b86228c6129-1-7
Task Deleted : a7b9841f-66df-4371-b165-8b86228c6129-10_user
Task Deleted : a7b9841f-66df-4371-b165-8b86228c6129-4
Task Deleted : a7b9841f-66df-4371-b165-8b86228c6129-5
Task Deleted : a7b9841f-66df-4371-b165-8b86228c6129-5_user

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\Tny_Cassiopesa
Key Deleted : HKCU\Software\SwiftMediaConverterApp
Key Deleted : HKCU\Software\SwiftMediaConverter
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\FlashBeat
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKLM\SOFTWARE\Hawker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\shopperz
Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
Key Deleted : [x64] HKLM\SOFTWARE\coupoon
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[8gbg9yij.default\prefs.js] - Line Deleted : user_pref("extensions.fMSZQJ5Ll0zt9k5M.scode", "(function(){try{if(window.location.href.indexOf(\"pds9qdk4rHC5qHn4rHn5pjwHqa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[4a4oucj7.default\prefs.js] - Line Deleted : user_pref("extensions.fMSZQJ5Ll0zt9k5M.scode", "(function(){try{if(window.location.href.indexOf(\"pds9qdk4rHC5qHn4rHn5pjwHqa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[fyifapth.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.cassiopesa.com/?f=1&a=csp_otbrw5_15_23&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyCyBtC0ByD0CtCtC0ByBtN0D0Tzu0StCtByDtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B[...]
[fyifapth.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14d8b2fca49d51e894a4df19061b2a62");
[fyifapth.default\prefs.js] - Line Deleted : user_pref("extensions.fMSZQJ5Ll0zt9k5M.scode", "(function(){try{if(window.location.href.indexOf(\"pds9qdk4rHC5qHn4rHn5pjwHqa\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[tx6jw68m.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.cassiopesa.com/?f=1&a=csp_otbrw5_15_23&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyCyBtC0ByD0CtCtC0ByBtN0D0Tzu0StCtByDtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B[...]
[si9in79b.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.cassiopesa.com/?f=1&a=csp_otbrw5_15_23&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyCyBtC0ByD0CtCtC0ByBtN0D0Tzu0StCtByDtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B[...]
[knx0rtwh.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.cassiopesa.com/?f=1&a=csp_otbrw5_15_23&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyCyBtC0ByD0CtCtC0ByBtN0D0Tzu0StCtByDtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B[...]

-\\ Google Chrome v

[C:\Users\debbie\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : cijogmpfkomfcgkahpfgnnjablamncho
[C:\Users\debbie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\DvpeTM\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\DvpeTM\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : cijogmpfkomfcgkahpfgnnjablamncho
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyCyBtC0ByD0CtB0EtA0DtN0D0Tzu0CtBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1074014504
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=341&systemid=406&sr=0&q={searchTerms}
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={D08490D1-CDE5-476A-8B4D-545500F530FE}&mid=aab2f05d838a1bcd67d920dd9f586b55-58cfbf5b977472e91523181647b4c7cc352a96ef&lang=en&ds=ft011&pr=sa&d=2012-03-12 19:39:12&v=10.2.0.3&sap=dsp&q={searchTerms}
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109935&tt=3012_5&babsrc=SP_ss&mntrId=48d92e3d000000000000e0cb4e671b5c
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3184201
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\FubzehPvP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : cijogmpfkomfcgkahpfgnnjablamncho
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : cijogmpfkomfcgkahpfgnnjablamncho

*************************

AdwCleaner[R0].txt - [17591 bytes] - [10/06/2015 18:56:14]
AdwCleaner[S0].txt - [17561 bytes] - [10/06/2015 19:19:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17621  bytes] ##########
 



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 10 June 2015 - 09:18 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#7 RoyalsFan

RoyalsFan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 11 June 2015 - 12:48 PM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_06_11_07_25_01
OS: Windows 7 - 64 Bit
Account Name: debbie
U0L0S43

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe_temp
Deleted - File - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.ini
Deleted - File - C:\program files (x86)\Wondershare\VideoEditor\Wondershare Helper Compact.exe
Deleted - File - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Video Editor\How to Use Wondershare Video Editor.lnk
Deleted - File - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Video Editor\Order Wondershare Video Editor On the Web.lnk
Deleted - File - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Video Editor\Uninstall Wondershare Video Editor.lnk
Deleted - File - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Video Editor\Wondershare Video Editor On the Web.lnk
Deleted - File - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Video Editor\Wondershare Video Editor.lnk
Deleted - Folder - C:\program files (x86)\Common Files\Wondershare
Deleted - Folder - C:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact
Deleted - Folder - C:\program files (x86)\Wondershare
Deleted - Folder - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Deleted - Folder - C:\ProgramData\Wondershare
Deleted - Folder - C:\ProgramData\Wondershare Video Editor
Deleted - Folder - C:\Users\debbie\Appdata\Local\Wondershare
Deleted - Folder - C:\Users\debbie\Appdata\Local\Wondershare\WSHelper
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:inno setup: app path
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:installlocation
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:inno setup: icon group
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:displayname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:displayicon
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:uninstallstring
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:quietuninstallstring
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:publisher
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:urlinfoabout
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:helplink
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\Wondershare Video Editor_is1:urlupdateinfo
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE:Wondershare
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall:Wondershare Video Editor_is1

\\ Finished
 

 

 

~ ZHPCleaner v2015.6.11.274 by Nicolas Coolman (2015\06\11)
~ Run by debbie (Administrator)  (11/06/2015 08:00:18)
~ Site : http://nicolascoolman.com/fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\debbie\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\debbie\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (3)
DELETED task: [GPZMERTTIY1] [C:\ProgramData\FlashBeat\FlashBeat.exe (Not File) ] (PUP.FlashBeat)
DELETED task: [JEQAT] [C:\ProgramData\841a6e9fc7334b5aa886ffd57efc6604\841a6e9fc7334b5aa886ffd57efc6604.exe (Not File) ] (Heuristic.CrossRider)
DELETED task: [Norwood] [C:\Program Files\shopperz\Cote.bat ,N/A,N/A,Enabled,Disabled,Stop On Battery Mode, No Start On Batteries,SYSTEM,Enabled,72:00:00,Scheduling data is not available in this format.,Daily ,5:23:00 PM,5/24/2015,N/A,Every 1 day(s),N/A,0 Hour(s), 6 Minute(s) (Not File) ] (PUP.Shopperz)


---\\  Explorer ( File, Folder) (16)
MOVED file: C:\Windows\Prefetch\FLASHBEAT.EXE-7F5ED19D.pf   (PUP.FlashBeat)
MOVED file: C:\Windows\Installer\56584.msi [globalupdate - Windows Installer XML Toolset (3.9.1208.0)] (PUP.GlobalUpdate)
MOVED file: C:\Documents and Settings\Dvpe\Local Settings\Application Data\Temp\comh.170057\goopdate.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate)
MOVED file: C:\Documents and Settings\Dvpe\Local Settings\Application Data\Temp\comh.170057\goopdateres_en.dll [globalUpdate - globalUpdate Update Resource DLL] (PUP.GlobalUpdate)
MOVED file: C:\Documents and Settings\Dvpe\Local Settings\Application Data\Temp\comh.170057\psmachine.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate)
MOVED file: C:\Documents and Settings\Dvpe\Local Settings\Application Data\Temp\comh.170057\psuser.dll [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate)
MOVED file: C:\Documents and Settings\Dvpe\Local Settings\Application Data\Temp\comh.170057\globalupdateBroker.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate)
MOVED file: C:\Documents and Settings\Dvpe\Local Settings\Application Data\Temp\comh.170057\globalupdateOnDemand.exe [globalUpdate - globalUpdate Update] (PUP.GlobalUpdate)
MOVED folder*: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVED folder*: C:\Users\abby jacob neena\Documents\ProPCCleaner (PUP.ProPCCleaner)
MOVED folder*: C:\Users\Dvpe\AppData\Local\CrashRpt (SUP.CrashReports)
MOVED folder*: C:\Users\Dvpe\AppData\Local\Temp\Edu App (PUP.Optional)
MOVED folder*: C:\Users\Dvpe\AppData\Local\Temp\Iminent (Adware.IMBooster)
MOVED folder: C:\Documents and Settings\abby jacob neena\Documents\ProPCCleaner (PUP.ProPCCleaner)
MOVED folder: C:\Documents and Settings\Dvpe\Local Settings\Application Data\Temp\Edu App (PUP.Optional)
MOVED folder: C:\Documents and Settings\Dvpe\Local Settings\Application Data\Temp\Iminent (Adware.IMBooster)


---\\  Registry ( Key, Value, Data) (35)
DELETED value: [X64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions\\{2395B860-45E4-42fd-96E6-50BA597C1C42} [C:\Program Files\shopperz\Firefox] (PUP.Shopperz)
DELETED value: [X64] HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\{2395B860-45E4-42fd-96E6-50BA597C1C42} [C:\Program Files\shopperz\Firefox] (PUP.Shopperz)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2395B860-45E4-42fd-96E6-50BA597C1C42} [shopperz Helper] (PUP.Shopperz)
DELETED key*: [X64] HKLM\Software\Classes\CLSID\{2395B860-45E4-42fd-96E6-50BA597C1C42} [shopperz] (PUP.Shopperz)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\CinemaPlus-3.2cV24.05-nv-ie [] (Adware.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hawker [C:\Program Files (x86)\Hawker\VersionControl.exe (Not File)] (PUP.Hawker)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\shopperz64 [C:\Program Files\shopperz\Brito64.exe (Not File)] (PUP.Shopperz)
DELETED key*: HKEY_USERS\S-1-5-21-3831792750-439723968-684418192-1001\Software\Pro PC Cleaner [] (PUP.DoctorPC)
DELETED key*: HKEY_USERS\S-1-5-21-3831792750-439723968-684418192-1001\Software\ProPCCleanerLanguage [] (PUP.ProPCCleaner)
DELETED key: HKCU\Software\Pro PC Cleaner [] (PUP.DoctorPC)
DELETED key: HKCU\Software\ProPCCleanerLanguage [] (PUP.ProPCCleaner)
DELETED key*: HKCU\Software\AppDataLow\Software\adawarebp [] (PUP.ToolbarCleaner)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\BinkilandHTML.JXQZISJTXP4N5S5GPJPLODTBZ [Binkiland HTML Document] (PUP.Binkiland)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ConsumerInput.OneClickProcessLauncherMachine [ConsumerInput.OneClickProcessLauncher] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ConsumerInput.OneClickProcessLauncherMachine.1.0 [ConsumerInput.OneClickProcessLauncher] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ConsumerInputUpdate.CredentialDialogMachine [ConsumerInputUpdate CredentialDialog] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ConsumerInputUpdate.CredentialDialogMachine.1.0 [ConsumerInputUpdate CredentialDialog] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ConsumerInputUpdate.OnDemandCOMClassMachineFallback [ConsumerInput Update Legacy On Demand] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0 [ConsumerInput Update Legacy On Demand] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ConsumerInputUpdate.Update3WebMachineFallback [ConsumerInputUpdate Update3Web] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ConsumerInputUpdate.Update3WebMachineFallback.1.0 [ConsumerInputUpdate Update3Web] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Extension.Treena [shopperz] (PUP.Shopperz)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Extension.Treena.1 [shopperz] (PUP.Shopperz)
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E [globalupdate Helper] (PUP.GlobalUpdate)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\CinemaPlus-3.2cV24.05 [] (Adware.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\ConsumerInput [] (PUP.ConsumerInput)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\GigaClicks [] (PUP.GigaClicks)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Infonaut_1.10.0.14 [] (PUP.Infonaut)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [globalupdate Inc.] (PUP.GlobalUpdate)
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{2395B860-45E4-42fd-96E6-50BA597C1C42}\InprocServer32 [C:\Program Files\shopperz\Sorensen64.dll (Not File)] (PUP.Shopperz)
DELETED value: HKLM64\Software\Classes\.htm\OpenWithProgIDs\\BinkilandHTML.JXQZISJTXP4N5S5GPJPLODTBZ [] (PUP.Binkiland)
DELETED value: HKLM64\Software\Classes\.html\OpenWithProgIDs\\BinkilandHTML.JXQZISJTXP4N5S5GPJPLODTBZ [] (PUP.Binkiland)
DELETED value: HKLM64\Software\Classes\.shtml\OpenWithProgIDs\\BinkilandHTML.JXQZISJTXP4N5S5GPJPLODTBZ [] (PUP.Binkiland)
DELETED value: HKLM64\Software\Classes\.webp\OpenWithProgIDs\\BinkilandHTML.JXQZISJTXP4N5S5GPJPLODTBZ [] (PUP.Binkiland)
DELETED value: HKLM64\Software\Classes\.xht\OpenWithProgIDs\\BinkilandHTML.JXQZISJTXP4N5S5GPJPLODTBZ [] (PUP.Binkiland)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 5875
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 54


End of clean at 08:01:10
===================
ZHPCleaner-[R]-11062015-08_01_10.txt
ZHPCleaner-[S]-11062015-07_57_23.txt
 

 

 

 

 Results of screen317's Security Check version 1.003  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Java 8 Update 31  
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by debbie (administrator) on 11-06-2015 at 08:14:07
Running from "C:\Users\debbie\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: AY138AAR-ABA CQ5320Y Manufacturer: Compaq-Presario
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : debbie-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : E0-CB-4E-67-1B-5C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:bd84:6010::45(Preferred)
   Lease Obtained. . . . . . . . . . : Thursday, June 11, 2015 7:41:37 AM
   Lease Expires . . . . . . . . . . : Friday, July 10, 2015 11:21:17 AM
   IPv6 Address. . . . . . . . . . . : 2602:306:bd84:6010:74f9:c3b2:f6ba:bd5a(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:bd84:6010:c096:fc9d:8233:1af3(Preferred)
   Link-local IPv6 Address . . . . . : fe80::74f9:c3b2:f6ba:bd5a%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.155(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, June 11, 2015 7:41:36 AM
   Lease Expires . . . . . . . . . . : Friday, June 12, 2015 7:41:36 AM
   Default Gateway . . . . . . . . . : fe80::e2b7:aff:fe53:1b60%11
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 249613134
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-24-05-88-E0-CB-4E-67-1B-5C
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    mitigated.att.net
Address:  144.160.219.71
Aliases:  google.com


Pinging mitigated.att.net [144.160.219.71] with 32 bytes of data:
Reply from 144.160.219.71: bytes=32 time=21ms TTL=57
Reply from 144.160.219.71: bytes=32 time=22ms TTL=57

Ping statistics for 144.160.219.71:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 22ms, Average = 21ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    mitigated.att.net
Address:  144.160.219.71
Aliases:  yahoo.com


Pinging mitigated.att.net [144.160.219.71] with 32 bytes of data:
Reply from 144.160.219.71: bytes=32 time=22ms TTL=57
Reply from 144.160.219.71: bytes=32 time=23ms TTL=57

Ping statistics for 144.160.219.71:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 23ms, Average = 22ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...e0 cb 4e 67 1b 5c ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.155     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.155    276
    192.168.1.155  255.255.255.255         On-link     192.168.1.155    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.155    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.155    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.155    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    276 ::/0                     fe80::e2b7:aff:fe53:1b60
  1    306 ::1/128                  On-link
 11     28 2602:306:bd84:6010::/64  On-link
 11     36 2602:306:bd84:6010::/64  fe80::e2b7:aff:fe53:1b60
 11    276 2602:306:bd84:6010::45/128
                                    On-link
 11    276 2602:306:bd84:6010:74f9:c3b2:f6ba:bd5a/128
                                    On-link
 11    276 2602:306:bd84:6010:c096:fc9d:8233:1af3/128
                                    On-link
 11    276 fe80::/64                On-link
 11    276 fe80::74f9:c3b2:f6ba:bd5a/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/11/2015 07:43:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2015 07:34:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0xf4c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (06/11/2015 07:20:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 07:22:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 06:28:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 06:21:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service DijuAcirl since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (06/10/2015 06:21:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service dhjowko since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (06/10/2015 04:15:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 00:56:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service DijuAcirl since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (06/10/2015 00:56:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service dhjowko since QueryServiceConfig API failed

System Error:
Access is denied.
.


System errors:
=============
Error: (06/11/2015 07:43:31 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service hung on starting.

Error: (06/11/2015 07:42:08 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/11/2015 07:42:07 AM) (Source: Service Control Manager) (User: )
Description: The pozghjul service failed to start due to the following error:
%%2

Error: (06/11/2015 07:42:07 AM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (06/11/2015 07:42:07 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (06/11/2015 07:41:37 AM) (Source: Service Control Manager) (User: )
Description: The DijuAcirl service failed to start due to the following error:
%%2

Error: (06/11/2015 07:41:37 AM) (Source: Service Control Manager) (User: )
Description: The dhjowko service failed to start due to the following error:
%%2

Error: (06/11/2015 07:35:25 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/11/2015 07:34:57 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/11/2015 07:21:54 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service hung on starting.


Microsoft Office Sessions:
=========================
Error: (06/11/2015 07:43:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2015 07:34:58 AM) (Source: Application Error)(User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1f4c01d0a4418471dae0C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll45128c30-1036-11e5-b9fd-e0cb4e671b5c

Error: (06/11/2015 07:20:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 07:22:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 06:28:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 06:21:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service DijuAcirl since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (06/10/2015 06:21:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service dhjowko since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (06/10/2015 04:15:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2015 00:56:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service DijuAcirl since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (06/10/2015 00:56:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service dhjowko since QueryServiceConfig API failed

System Error:
Access is denied.


CodeIntegrity Errors:
===================================
  Date: 2015-06-10 19:02:25.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_b5311f6ac8f7978e\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 19:02:25.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_b5311f6ac8f7978e\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 19:02:25.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_b5311f6ac8f7978e\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 19:02:25.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_b5311f6ac8f7978e\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 19:02:17.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_bf85c9bcfd585989\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 19:02:17.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_bf85c9bcfd585989\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 17:11:55.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_b5311f6ac8f7978e\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 17:11:55.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_b5311f6ac8f7978e\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 17:11:55.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_b5311f6ac8f7978e\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-10 17:11:55.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\SoftwareDistribution\Download\4a1393e567d30fe7c8759065d8382098\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18574_none_b5311f6ac8f7978e\appidapi.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
iExplorer 3.6.9.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.33.1010 - Electronic Arts Inc.)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 2015.05 - PrivacyRoot.com)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.721 - Zemana Ltd.)

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3071.3 MB
Available physical RAM: 1905.02 MB
Total Pagefile: 6140.8 MB
Available Pagefile: 4794.81 MB
Total Virtual: 4095.88 MB
Available Virtual: 3985.67 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:227.51 GB) NTFS
2 Drive d: (PATIENT_DATA) (CDROM) (Total:0.1 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\DEBBIE-PC

abby jacob neena         Administrator            debbie                   
Dvpe                     DvpeTM                   FubzehPvP                
Guest                    


**** End of log ****
 

 

 

 

C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\netfilter64.sys-k.mbam    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\netfilter64.sys-r.mbam    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\netfilter64.sys-u.mbam    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Windows.old\Users\debbie\Downloads\ccsetup418pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Windows.old\Users\debbie\Downloads\CheatEngine64.exe    a variant of Win32/OpenCandy.C potentially unsafe application    
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\csrcc.exe.vir    a variant of Win32/Toolbar.Perion.R potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Isaacson.dll.vir    a variant of Win32/Toolbar.Perion.Q potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir    Win32/Toolbar.Perion.K potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dvpe\AppData\Local\CE1D8D24-1432487600-11DF-ABFA-D4303FC75D46\pnsjED86.exe.vir    a variant of Win32/Adware.ConvertAd.QH application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dvpe\AppData\Local\CE1D8D24-1432487600-11DF-ABFA-D4303FC75D46\Uninstall.exe.vir    Win32/Adware.ConvertAd.PY application    cleaned by deleting - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\netfilter64.sys-k.mbam    a variant of Win64/NetFilter.A potentially unsafe application    cleaned by deleting - quarantined
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\netfilter64.sys-r.mbam    a variant of Win64/NetFilter.A potentially unsafe application    cleaned by deleting - quarantined
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\netfilter64.sys-u.mbam    a variant of Win64/NetFilter.A potentially unsafe application    cleaned by deleting - quarantined
C:\Users\debbie\Downloads\ccsetup506.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Dvpe\AppData\Local\avabvbxvh\pbqrmvbub    a variant of Win32/ClientConnect.A potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Dvpe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3UOY2QN\SU_Srv[1].exe    a variant of Win32/Adware.ConvertAd.QW application    cleaned by deleting - quarantined
C:\Users\Dvpe\AppData\Local\Mozilla\Firefox\Profiles\fyifapth.default\cache2\entries\D4332DA8C50C232ECF9B0F743345209E7153700F    JS/Toolbar.Crossrider.B potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Dvpe\AppData\Local\Temp\bitool.xxx    a variant of Win32/Somoto.K potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Dvpe\AppData\Local\Temp\is-9NJPU.tmp\tracker    Win32/Adware.RVplatform.A application    cleaned by deleting - quarantined
C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\91.js    JS/Toolbar.Crossrider.B potentially unwanted application    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\debbie\Downloads\ccsetup418pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Windows.old\Documents and Settings\debbie\Downloads\CheatEngine64.exe    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
C:\Windows.old\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting - quarantined
 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 11 June 2015 - 05:54 PM

You do not have an antivirus installed, I suggest that you install one of the following.

 

 

http://tiranium-antivirus.com/products.html

http://www.secureaplus.com/Main/index.php

http://www.360totalsecurity.com/en/

 

I also suggest that you install Crystal Security Alongside either of the antivurs you decide to install.

http://www.crystalsecurity.eu/

 

Now that you have an antivirus run a full scan with it, also run a advanced scan with crystal security.

 

Then do the following.

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

Uninstall Java 8 Update 31


Edited by InadequateInfirmity, 11 June 2015 - 06:11 PM.


#9 RoyalsFan

RoyalsFan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 18 June 2015 - 03:09 PM

Here are the scans..sorry took me so long to get back. Thanks

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/18/2015
Scan Time: 8:15:38 AM
Logfile: mwl.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.18.04
Rootkit Database: v2015.06.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: debbie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 632293
Time Elapsed: 1 hr, 13 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 52
PUP.Optional.Shopperz.A, HKU\S-1-5-21-3831792750-439723968-684418192-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2395B860-45E4-42FD-96E6-50BA597C1C42}, Quarantined, [2507f9c3701a54e23969ab04a45fe11f],
PUP.Optional.Shopperz.A, HKU\S-1-5-21-3831792750-439723968-684418192-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2395B860-45E4-42FD-96E6-50BA597C1C42}, Quarantined, [2507f9c3701a54e23969ab04a45fe11f],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [fd2ff1cb66246dc90650b68e7d874fb1],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [919b88342e5c49ed8acc60e433d1de22],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [97953587b5d5bd799db949fb4aba6a96],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [1616e5d75337c86e243264e01aea06fa],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [80acc7f52f5b3cfae076ce7606fed52b],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [41eb7745385278be0056291bc83ced13],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [ac80f3c91575f73f88cedf65f2129f61],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [919bc3f9fa903cfa3c1a3d07e123718f],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [bf6d02bab3d7072f76e03d07659fe31d],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [ce5e7646f19951e54016ed57e51f3fc1],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [59d377452e5cd0668a7b3cb948bb9769],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [35f7219b2b5f5cdafc5acc78fe06f20e],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [2c00d1eb1575e0560c4a61e3699b8b75],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [3af25864fe8c1323f5617fc55da7dd23],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [1517813b6f1ba492b4a26adaef1518e8],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [be6ef5c79cee9b9b3125ba8a25dfb64a],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [919ba21a711984b2ada91f25b1532cd4],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [111b4e6e87030e284c0aa4a05ba957a9],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [70bc9b21aae03ff78fc71133a26219e7],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [2dffd6e6078351e553031430ca3a669a],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [b973596398f251e593c3cf759470827e],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV24.05-nv-ie, Quarantined, [0923e4d8fa90cb6b3f24ab60828251af],
PUP.Optional.Coupoon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\coupoon, Quarantined, [09239b210288a19522c4008631d4df21],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [35f74c70e8a259ddfa5cb8d2bf46f20e],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-3831792750-439723968-684418192-1003\SOFTWARE\CinemaPlus-3.2cV24.05, Quarantined, [66c6bffd1c6eb87eed7651ba1ce8be42],
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-3831792750-439723968-684418192-1003\SOFTWARE\Crossbrowse, Quarantined, [49e315a70e7ca5913c203dbae1227b85],
PUP.Optional.ProPCCleaner.A, HKU\S-1-5-21-3831792750-439723968-684418192-1003\SOFTWARE\ProPCCleanerLanguage, Quarantined, [80ac229a93f7e155f6c98dfef213df21],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3831792750-439723968-684418192-1003\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [919b76464248df5732f71cdba3607888],
PUP.Optional.InstallCore.C, HKU\S-1-5-21-3831792750-439723968-684418192-1005\SOFTWARE\InstallCore, Quarantined, [76b6eecec5c580b683100c8541c46898],
PUP.Optional.BoBrowser.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\BoBrowser, Quarantined, [ef3dba02b4d62d09f81ca36101038b75],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\CinemaPlus-3.2cV24.05, Quarantined, [77b5fac2d5b56accf86b848794709967],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\CinemaPlus-3.2cV24.05-nv-ie, Quarantined, [54d88537deac0432a9ba10fbfb09926e],
PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\ConsumerInput, Quarantined, [d05c2a92bbcfdd59bf811ed9669d629e],
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\Crossbrowse, Quarantined, [4fddebd12763dd5981dbe41310f3817f],
PUP.Optional.EduApp.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\Edu App, Quarantined, [74b804b82466181ef08f14e2ae55926e],
PUP.Optional.HighDefAction.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\HighDefAction, Quarantined, [c9637c40404ad85e0569fe90f90c5ea2],
PUP.Optional.Iminent.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\Iminent, Quarantined, [2a02ab11e9a14ee88340d37023e1c63a],
PUP.Optional.PCPrivacyDock.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\PCPrivacyDockLanguage, Quarantined, [bd6f833915751a1c9211355a5ea7817f],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\TutoTag, Quarantined, [60cc447897f393a38ba576046e974fb1],
PUP.Optional.YorkNewCin.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\YorkNewCin, Quarantined, [95970cb04941fb3bf28736587194fc04],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [290388348dfdaa8cff8a96d6d92c0000],
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\ARENAHD, Quarantined, [1e0ebefefa90b08698ba97f3ec19c13f],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [81ab9527dab06bcb8c9d6e89f1122ad6],
PUP.Optional.Hawker.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\HAWKER, Quarantined, [5ad2eece4941a294dbbd741cfc09916f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [38f43488b4d6d660721175a0fa0a8e72],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema PlusV24.05, Quarantined, [c3693983444663d36a791feb8d77db25],
PUP.Optional.Trovi.C, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [ec4085373159d36341977d0ed82d54ac],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [909cb3091a70ba7c39fd19e7d4301ee2],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\TUTORIALS\updatetutorialshp, Quarantined, [3eeed8e4503acd699f984ab62ed62bd5],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\TUTORIALS\updv, Quarantined, [1c10fcc04a403bfbfa3e619f20e4e818],

Registry Values: 10
PUP.Optional.Cassiopesa.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Tny_Cassiopesa\\, Quarantined, [87a53488c7c396a0072deda346bf0ff1]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3831792750-439723968-684418192-1003\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, Quarantined, [919b76464248df5732f71cdba3607888]
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\ARENAHD|value, 1, Quarantined, [1e0ebefefa90b08698ba97f3ec19c13f]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [81ab9527dab06bcb8c9d6e89f1122ad6]
PUP.Optional.Hawker.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\HAWKER|FirefoxInstallPath, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{B5643E87-4502-60E2-A32A-6E126145609B}, Quarantined, [5ad2eece4941a294dbbd741cfc09916f]
PUP.Optional.PCTuner.C, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [31fb3587751596a019439af006ffcc34]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M0D603288-5A62-446C-A9D7-7DE6DF2F6EF9&SearchSource=58&CUI=&UM=8&UP=SP56117204-D629-4DE2-AE7A-462E6E0998F0&D=052515&q={searchTerms}&SSPV=SP22340TA_sp_ie, Quarantined, [d05c5a622a606fc70ec0ccb93ec72ed2]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [58d49e1e17733303cce7d22416edba46]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, Quarantined, [1418dae26f1b84b2bb13a7de5fa65ba5]
PUP.Optional.Hawker.A, HKU\S-1-5-21-3831792750-439723968-684418192-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Hawker, C:\Program Files (x86)\Hawker\VersionControl.exe, Quarantined, [1b118a327b0f31054ec1246cb15418e8]

Registry Data: 0
(No malicious items detected)

Folders: 37
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\defaults, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\defaults\preferences, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\userCode, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\locale, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\locale\en-US, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\defaults, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\defaults\preferences, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\userCode, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\locale, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\locale\en-US, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\locale, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\locale\en-US, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.GlobalUpdate.A, C:\Users\Dvpe\AppData\Local\Temp\comh.170057, Quarantined, [1616b00ce9a1af87e1eec60d6f9405fb],
PUP.Optional.SearchProtect.A, C:\Users\Dvpe\AppData\Local\avabvbxvh, Quarantined, [9e8e9d1f5a30a393427ee00ba75cd828],
PUP.Optional.Hawker.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{B5643E87-4502-60E2-A32A-6E126145609B}, Quarantined, [b874ecd05733122424c8b04143c0b64a],
PUP.Optional.Hawker.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{B5643E87-4502-60E2-A32A-6E126145609B}\chrome, Quarantined, [b874ecd05733122424c8b04143c0b64a],

Files: 279
PUP.Optional.ModGoog, C:\Users\debbie\AppData\Roaming\ZHP\Quarantine, Quarantined, [d05c2c90296155e1c74c72dcfb07b54b],
PUP.Optional.SilentInstaller.A, C:\Users\Dvpe\AppData\Local\Temp\setup_ra.exe, Quarantined, [b676eecec7c381b5a52718225aa9a858],
PUP.Optional.VideoClicker.A, C:\Users\Dvpe\AppData\Local\Temp\install.exe, Quarantined, [b676dce0fc8e46f0b4ac17512ad84bb5],
PUP.Optional.EduApp.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\firefox@eduapphome.com.xpi, Quarantined, [2606497301892016c9b802f417ecc33d],
PUP.Optional.Vitruvian.A, C:\Users\abby jacob neena\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, Quarantined, [9e8ee9d3622845f1d83ac7b99b6ac040],
PUP.Optional.Vitruvian.A, C:\Users\Dvpe\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [2705f3c95f2b95a1060c1f6164a1b848],
PUP.Optional.Vitruvian.A, C:\Users\Dvpe\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [6ebedddfeaa081b57d95037d35d039c7],
PUP.Optional.Vitruvian.A, C:\Users\Dvpe\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [4ce0ac102b5f15218290d6aaad580000],
PUP.Optional.Vitruvian.A, C:\Users\Dvpe\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [0725dedecdbdd363c64cbfc10104b749],
PUP.Optional.Vitruvian.A, C:\Users\Dvpe\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [7dafb309553531057e942f5148bdbc44],
PUP.Optional.Vitruvian.A, C:\Users\Dvpe\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, Quarantined, [a488b9038505092d23ef245c8085a15f],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\crossrider_statusbar.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\button1.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\button2.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\button3.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\button4.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\button5.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\icon128.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\icon16.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\icon24.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\icon48.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\panelarrow-up.png, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\popup.html, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\skin.css, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\skin\update.css, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome.manifest, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\install.rdf, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\09a47e039b2675f248f4017509bf8bcc.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\13036dd65b51b36d76335bccaddafd3a.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\29cddb11821e23ea460d50f34cdc3b6c.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\717d0ac5a9d75e18505aba88b6634ad1.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\background.html, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\browser.xul, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\dialog.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\ec773ee6596d2f7242dc8679d87eae2b.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\f96ff68d61327f986032c7f8ab2a843e.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\options.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\options.xul, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\search_dialog.xul, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\92aca2f4bf7e9ffddd7b909bb01c6397.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\0952450e8c22308f4c09aff2ac553602.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\209f5b8699418ea55b758268b3fb15af.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\26498a4055f3ddfefcbfe25c8a1040a1.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\52e9c2c94c7d5bdaec6caae3a4185381.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\5600208fc99874f46a8b799722f265e1.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\5be6769d36132629f7b73aa5cafdbc6a.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\85e94ab08280277fbee9b159f7eb8294.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\8888622d608abc192a7d1f3878e12b1d.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\a2ec4a9d4aa1bce74a728ba50359ff89.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\bbebe6b1efdff1232cfa6d5ad557902c.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\c61576092b22898cefe2e2cc1dfefbe6.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\ddcb2fbe27d93edfa39bfe3a80e4dbd1.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\e0f1304bd42d1e4018a4b1e7a4dc8853.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\f27b3f3c63415702b16decf39df9d570.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\api\fd69a871c3f3aa89a0bc1aade09c4b47.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\0361a0ecab7004edd0c01fab490c866b.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\04fcee1cefb943bb2a04b40e14b01cb8.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\0b69e8da084a28efde3eadd993b5d1a3.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\184c4cdb5eb1686a34355fd9831f543e.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\20f2d6daac893f13be14b693c930a375.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\28c15fcf8d83b9d6faa20d4723bd48dc.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\2fdfd8deb608bbad4644ee8356c40b2b.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\3a38f159ef234a98aae28ed88355b1c5.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\62dfb4cf8f337b5ef16884b7862120c2.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\6565bc11e50ee259f1babd709ab01778.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\6978e149971fb1b2caa89e03a1aa74a3.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\8f705cbf8a42dc2d65ab09d89ddb8b99.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\8f92690e5f30b293cd4f5b2365d66e84.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\b376f42673c041c9b968c110805f6579.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\beff84b4a059b04c6ffe1da5b7675174.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\c4fa0c0978560e0f2bfa91d68b5d730a.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\d2a8829b25fd674e0d34bf8d0fac2ed1.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\d81a9d5e59ad3b59ca48db9d99c7a370.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\e6644ed7d3cc32bc7af3424ce7083ec2.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\chrome\content\core\installer.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\defaults\preferences\prefs.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\manifest.xml, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins.json, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\289.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\102.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\119.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\13.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\14.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\16.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\17.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\178.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\179.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\180.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\184.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\195.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\200.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\220.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\223.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\231.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\232.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\234.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\242.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\246.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\252.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\253.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\262.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\263.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\273.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\281.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\288.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\300.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\334.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\335.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\339.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\345.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\354.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\356.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\376.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\380.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\385.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\389.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\390.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\391.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\4.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\47.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\64.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\7.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\78.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\9.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\userCode\background.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\userCode\extension.js, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\locale\en-US\translations.dtd, Quarantined, [e745befe5a306dc962bf8601f80d738d],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\crossrider_statusbar.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button1.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button2.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button3.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button4.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button5.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\icon128.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\icon16.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\icon24.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\icon48.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\panelarrow-up.png, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\popup.html, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\skin.css, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\update.css, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome.manifest, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\install.rdf, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\1421fa96e4748ec01d544173b1178f8d.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\1a112a0529fd88f44df0ce28472ec96c.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\1bb7984b032b768691a0965a0421f317.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\b12eb621a4a68253fb9feec4ad655b6d.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\background.html, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\browser.xul, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\dialog.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\f67d13ab96b4f8fe3fa3a817adbf950c.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\fdef33a37c3eff4c0f9866b07d33675e.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\options.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\options.xul, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\search_dialog.xul, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\57099fd0e1af34723d65f543364d2d14.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\04afdb7fbe68e45695c9865f3155909a.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\09903b55eeda0d3e5da3562559992139.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\0c1e109bedff504af70e9641badd3fdb.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\2997a733c53be101bd75e951388067e5.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\34ec40d6e24d71d52b31c41e3a61ba84.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\49c897e959b7fb4b9a0ee1f07a14d430.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\4b98b01fc1534a09adb9831209a9a938.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\4c2aca60a27bc9b00f4cce04de3d16ef.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\5f53b47a52b7d2311ebe7d56e09af86b.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\633bbf7b1042f66dd446cc6614cf612b.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\84f13d005617d1138ea076a35c7ae842.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\c38ddf74c32389c17c302c23788fb4c3.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\c757c3f152146adf9a248806f625d2b3.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\f319034defc525ae68d3607ad846ca6c.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\api\fcd1888aca487605ee8d16e2d6c6c5b6.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\8bbcf97d1cce035ad4fee8ed4c55c8c5.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\0cfcfbdaff160fb658d7629c7ee7279c.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\15bbb12a7c506df7860e6d541c068fc1.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\2a7897abe716f26e327e9e9955064b24.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\3cbafeccf82d6bc423439dde84482697.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\3ff6e50c2707ba1cad0a34c5472bc1e7.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\4e226093ef362a4bd2904d93d3a111f2.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\595c872aafdec2fb518c2154c7bd6cad.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\69c70437a2a9ad5661b8d089d83aaf13.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\779f7b756e14ffdd71cbfd3fa93ea01c.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\77a90d540e68d37a30d76d22deab6db3.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\788961b1483954382236e96994c31d22.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\7d4dab04cb64289074d9d792f4a74ff3.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\9f28fb979c4e6650e5da5c644ef4fdec.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\aac9b6968c47eb020d0ff3e17712d3bc.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\ad8f64ae20e583e89b6d37517461b9d6.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\c474163a2da4c3f4486a5f13a04e3ecb.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\e9099816815011bdc668b3115577ef01.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\f405b26fb417d5a7ba844fedf4f6ba32.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\core\installer.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\defaults\preferences\prefs.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\manifest.xml, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins.json, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\253.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\1.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\102.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\13.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\14.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\16.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\17.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\177.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\180.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\182.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\183.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\184.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\192.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\193.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\195.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\200.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\207.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\21.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\22.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\220.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\223.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\242.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\246.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\28.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\281.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\288.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\300.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\339.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\345.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\354.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\376.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\380.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\390.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\391.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\4.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\47.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\64.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\7.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\72.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\78.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\9.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\91.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\98.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\userCode\background.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\userCode\extension.js, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\extensions\TTSD90021300@PYDKGV101145942.com\locale\en-US\translations.dtd, Quarantined, [c369516ba2e871c5ad74a7e0887d1ae6],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\crossrider_statusbar.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button1.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button2.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button3.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button4.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\button5.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\icon128.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\icon16.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\icon24.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\icon48.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\panelarrow-up.png, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\popup.html, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\skin.css, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\skin\update.css, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\install.rdf, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\background.html, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\browser.xul, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\options.xul, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\chrome\content\search_dialog.xul, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\manifest.xml, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins.json, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.CrossRider.A, C:\Users\FubzehPvP\AppData\Roaming\Mozilla\Firefox\Profiles\si9in79b.default\extensions\TTSD90021300@PYDKGV101145942.com\locale\en-US\translations.dtd, Quarantined, [d25a6b5194f6e65051d0681f3fc6bf41],
PUP.Optional.Cassiopesa.C, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\searchplugins\cassiopesa.xml, Quarantined, [83a9f9c345456acc1799751859acb947],
PUP.Optional.GlobalUpdate.A, C:\Users\Dvpe\AppData\Local\Temp\comh.170057\globalupdateHelper.msi, Quarantined, [1616b00ce9a1af87e1eec60d6f9405fb],
PUP.Optional.SearchProtect.A, C:\Users\Dvpe\AppData\Local\avabvbxvh\bahvxfk, Quarantined, [9e8e9d1f5a30a393427ee00ba75cd828],
PUP.Optional.SearchProtect.A, C:\Users\Dvpe\AppData\Local\avabvbxvh\mkfvxfk, Quarantined, [9e8e9d1f5a30a393427ee00ba75cd828],
PUP.Optional.SearchProtect.A, C:\Users\Dvpe\AppData\Local\avabvbxvh\pvpqbjobmlpfqlovvawq, Quarantined, [9e8e9d1f5a30a393427ee00ba75cd828],
PUP.Optional.SearchProtect.A, C:\Users\Dvpe\AppData\Local\avabvbxvh\qokvxfk, Quarantined, [9e8e9d1f5a30a393427ee00ba75cd828],
PUP.Optional.SearchProtect.A, C:\Users\Dvpe\AppData\Local\avabvbxvh\rfobmlpfqlovvawq, Quarantined, [9e8e9d1f5a30a393427ee00ba75cd828],
PUP.Optional.SearchProtect.A, C:\Users\Dvpe\AppData\Local\avabvbxvh\rpboobmlpfqlovvawq, Quarantined, [9e8e9d1f5a30a393427ee00ba75cd828],
PUP.Optional.SearchProtect.A, C:\Users\Dvpe\AppData\Local\avabvbxvh\ycfvxfk, Quarantined, [9e8e9d1f5a30a393427ee00ba75cd828],
PUP.Optional.Hawker.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{B5643E87-4502-60E2-A32A-6E126145609B}\chrome.manifest, Quarantined, [b874ecd05733122424c8b04143c0b64a],
PUP.Optional.Hawker.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{B5643E87-4502-60E2-A32A-6E126145609B}\install.rdf, Quarantined, [b874ecd05733122424c8b04143c0b64a],
PUP.Optional.Hawker.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{B5643E87-4502-60E2-A32A-6E126145609B}\chrome\SmartwareBHO.jar, Quarantined, [b874ecd05733122424c8b04143c0b64a],
PUP.Optional.CrossRider.A, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14deaf900dd653e56a82601973d68565");), Replaced,[b27aac104c3e0234018f0582020432ce]
PUP.Optional.Trovi.C, C:\Users\Dvpe\AppData\Roaming\Mozilla\Firefox\Profiles\fyifapth.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi");), Replaced,[ed3f516be9a10036a72b94f4ad597987]

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

9-lab Removal Tool 1.0.0.36 BETA
9-lab.com

Database version: 0.0

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17843
debbie :: DEBBIE-PC

6/18/2015 10:08:59 AM
9lab-log-2015-06-18 (10-08-59).txt

Scan type: Full
Objects scanned: 59933
Time Elapsed: 1 h 18 m

Registry Values detected: 2
Risk.IEPath [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]
Risk.EnableLUA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA]

 

 

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.18.05
  rootkit: v2015.06.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
debbie :: DEBBIE-PC [administrator]

6/18/2015 1:22:44 PM
mbar-log-2015-06-18 (13-22-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 632294
Time elapsed: 1 hour(s), 8 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 55
HKLM\SOFTWARE\CLASSES\TYPELIB\{485E9055-4AE5-48B4-BAC0-0F8E2FA068BC} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{057E134E-E2AA-4D58-83C0-33BA4711620D} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{1862AC34-3EDB-42B6-BC56-39A35808D5CB} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{189FED5C-9FD9-4947-9FFD-B7013C28B964} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{221678DE-7123-46B5-8D70-5C5ADC3D5FD1} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{25FCCDD4-8506-4B12-8FAB-43A8AF08930A} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{2B6E5CFE-4E98-47F9-A3FA-A47F5B2279E8} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{401C172F-C122-4722-9384-5C704255BC65} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{8B907951-648C-4643-8999-6AC53709BBB5} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{8C4C2D2B-0EC5-4A6B-8012-374CA76D19B0} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{8CE77F61-4B57-47D0-9ECF-0E60665B0981} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{ABC88915-F438-46E7-9AEB-C78B7867E6EF} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{B51B7D3E-C6C6-4C7F-96CC-66D80D451539} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{B5E089A3-543B-4113-B3FF-D48D744A1CF1} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{C6D8F763-D167-40AB-9D8A-76D9F559EE61} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{C7477C36-D3CB-49D1-8780-967FF5C2B846} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{D5DCCC8A-2725-4284-8BA2-8B8917CD0A58} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\INTERFACE\{F803CD31-6E2D-4DC5-8379-D05A0F398EBE} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{057E134E-E2AA-4D58-83C0-33BA4711620D} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1862AC34-3EDB-42B6-BC56-39A35808D5CB} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{189FED5C-9FD9-4947-9FFD-B7013C28B964} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{221678DE-7123-46B5-8D70-5C5ADC3D5FD1} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{25FCCDD4-8506-4B12-8FAB-43A8AF08930A} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2B6E5CFE-4E98-47F9-A3FA-A47F5B2279E8} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{401C172F-C122-4722-9384-5C704255BC65} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8B907951-648C-4643-8999-6AC53709BBB5} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8C4C2D2B-0EC5-4A6B-8012-374CA76D19B0} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8CE77F61-4B57-47D0-9ECF-0E60665B0981} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ABC88915-F438-46E7-9AEB-C78B7867E6EF} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B51B7D3E-C6C6-4C7F-96CC-66D80D451539} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B5E089A3-543B-4113-B3FF-D48D744A1CF1} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C6D8F763-D167-40AB-9D8A-76D9F559EE61} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7477C36-D3CB-49D1-8780-967FF5C2B846} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D5DCCC8A-2725-4284-8BA2-8B8917CD0A58} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F803CD31-6E2D-4DC5-8379-D05A0F398EBE} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{057E134E-E2AA-4D58-83C0-33BA4711620D} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1862AC34-3EDB-42B6-BC56-39A35808D5CB} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{189FED5C-9FD9-4947-9FFD-B7013C28B964} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{221678DE-7123-46B5-8D70-5C5ADC3D5FD1} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{25FCCDD4-8506-4B12-8FAB-43A8AF08930A} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2B6E5CFE-4E98-47F9-A3FA-A47F5B2279E8} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{401C172F-C122-4722-9384-5C704255BC65} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8B907951-648C-4643-8999-6AC53709BBB5} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8C4C2D2B-0EC5-4A6B-8012-374CA76D19B0} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8CE77F61-4B57-47D0-9ECF-0E60665B0981} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{ABC88915-F438-46E7-9AEB-C78B7867E6EF} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B51B7D3E-C6C6-4C7F-96CC-66D80D451539} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B5E089A3-543B-4113-B3FF-D48D744A1CF1} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C6D8F763-D167-40AB-9D8A-76D9F559EE61} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7477C36-D3CB-49D1-8780-967FF5C2B846} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D5DCCC8A-2725-4284-8BA2-8B8917CD0A58} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F803CD31-6E2D-4DC5-8379-D05A0F398EBE} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{485E9055-4AE5-48B4-BAC0-0F8E2FA068BC} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{485E9055-4AE5-48B4-BAC0-0F8E2FA068BC} (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Akudise (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\PeiUce\content (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]

Files Detected: 26
C:\ProgramData\PeiUce\content\jquery4toolbar.js (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\content\jaensopso.js (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\content\nejwowuoa.js (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\content\nuhobasw.js (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\content\sijadavlad.js (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\libplc4.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\Akudise.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\Akudise.EXE (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\Akudise64.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\freebl3.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\gubmonivuig.dat (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\gubmonivuigb.dat (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\Jyrhuix.sys (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\Jyrhuixd.sys (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\JyrhuixOd.sys (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\libnspr4.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\libplds4.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\logo.ico (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\nss3.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\nssckbi.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\nssdbm3.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\nssutil3.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\smime3.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\softokn3.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\sqlite3.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]
C:\ProgramData\PeiUce\ssl3.dll (Rootkit.Agent.A) -> Delete on reboot. [ac81704c0f7bf1453cadbfd3a65fff01]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17843

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.812000 GHz
Memory total: 3220496384, free: 1936871424

Downloaded database version: v2015.06.18.05
Downloaded database version: v2015.06.15.01
Downloaded database version: v2015.06.15.01
=======================================
Initializing...
------------ Kernel report ------------
     06/18/2015 13:22:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\Program Files\ESET\ESET Smart Security\em015_64.dat
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET Smart Security\em006_64.dat
C:\Program Files\ESET\ESET Smart Security\em018_64.dat
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\EpfwLWF.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvm62x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\epfw.sys
C:\Program Files\ESET\ESET Smart Security\em008_64.dat
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\nvstor points to an unknown module
Unhooking enabled.

Scan started
Database versions:
  main:    v2015.06.18.05
  rootkit: v2015.06.15.01

<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003622060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005e\
Lower Device Object: 0xfffffa80024429c0
Lower Device Driver Name: \Driver\nvstor\
Driver name found: nvstor
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003622060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003622b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003622060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002456e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80024429c0, DeviceName: \Device\0000005e\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a003bdca70, 0xfffffa8003622060, 0xfffffa8004139330
Lower DeviceData: 0xfffff8a00debd710, 0xfffffa80024429c0, 0xfffffa8002fc8b30
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AD44F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\ProgramData\PeiUce\content\jquery4toolbar.js --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\content --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\content\jaensopso.js --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\content\nejwowuoa.js --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\content\nuhobasw.js --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\content\sijadavlad.js --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\libplc4.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\Akudise.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\Akudise.EXE --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{485E9055-4AE5-48B4-BAC0-0F8E2FA068BC} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{057E134E-E2AA-4D58-83C0-33BA4711620D} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1862AC34-3EDB-42B6-BC56-39A35808D5CB} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{189FED5C-9FD9-4947-9FFD-B7013C28B964} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{221678DE-7123-46B5-8D70-5C5ADC3D5FD1} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{25FCCDD4-8506-4B12-8FAB-43A8AF08930A} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2B6E5CFE-4E98-47F9-A3FA-A47F5B2279E8} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{401C172F-C122-4722-9384-5C704255BC65} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{8B907951-648C-4643-8999-6AC53709BBB5} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{8C4C2D2B-0EC5-4A6B-8012-374CA76D19B0} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{8CE77F61-4B57-47D0-9ECF-0E60665B0981} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{ABC88915-F438-46E7-9AEB-C78B7867E6EF} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{B51B7D3E-C6C6-4C7F-96CC-66D80D451539} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{B5E089A3-543B-4113-B3FF-D48D744A1CF1} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C6D8F763-D167-40AB-9D8A-76D9F559EE61} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C7477C36-D3CB-49D1-8780-967FF5C2B846} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{D5DCCC8A-2725-4284-8BA2-8B8917CD0A58} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{F803CD31-6E2D-4DC5-8379-D05A0F398EBE} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{057E134E-E2AA-4D58-83C0-33BA4711620D} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1862AC34-3EDB-42B6-BC56-39A35808D5CB} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{189FED5C-9FD9-4947-9FFD-B7013C28B964} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{221678DE-7123-46B5-8D70-5C5ADC3D5FD1} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{25FCCDD4-8506-4B12-8FAB-43A8AF08930A} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2B6E5CFE-4E98-47F9-A3FA-A47F5B2279E8} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{401C172F-C122-4722-9384-5C704255BC65} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8B907951-648C-4643-8999-6AC53709BBB5} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8C4C2D2B-0EC5-4A6B-8012-374CA76D19B0} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8CE77F61-4B57-47D0-9ECF-0E60665B0981} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ABC88915-F438-46E7-9AEB-C78B7867E6EF} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B51B7D3E-C6C6-4C7F-96CC-66D80D451539} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B5E089A3-543B-4113-B3FF-D48D744A1CF1} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C6D8F763-D167-40AB-9D8A-76D9F559EE61} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7477C36-D3CB-49D1-8780-967FF5C2B846} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D5DCCC8A-2725-4284-8BA2-8B8917CD0A58} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F803CD31-6E2D-4DC5-8379-D05A0F398EBE} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{057E134E-E2AA-4D58-83C0-33BA4711620D} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1862AC34-3EDB-42B6-BC56-39A35808D5CB} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{189FED5C-9FD9-4947-9FFD-B7013C28B964} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{221678DE-7123-46B5-8D70-5C5ADC3D5FD1} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{25FCCDD4-8506-4B12-8FAB-43A8AF08930A} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2B6E5CFE-4E98-47F9-A3FA-A47F5B2279E8} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{401C172F-C122-4722-9384-5C704255BC65} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8B907951-648C-4643-8999-6AC53709BBB5} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8C4C2D2B-0EC5-4A6B-8012-374CA76D19B0} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8CE77F61-4B57-47D0-9ECF-0E60665B0981} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{ABC88915-F438-46E7-9AEB-C78B7867E6EF} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B51B7D3E-C6C6-4C7F-96CC-66D80D451539} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B5E089A3-543B-4113-B3FF-D48D744A1CF1} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C6D8F763-D167-40AB-9D8A-76D9F559EE61} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7477C36-D3CB-49D1-8780-967FF5C2B846} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D5DCCC8A-2725-4284-8BA2-8B8917CD0A58} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F803CD31-6E2D-4DC5-8379-D05A0F398EBE} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{485E9055-4AE5-48B4-BAC0-0F8E2FA068BC} --> [Rootkit.Agent.A]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{485E9055-4AE5-48B4-BAC0-0F8E2FA068BC} --> [Rootkit.Agent.A]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Akudise --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\Akudise64.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\freebl3.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\gubmonivuig.dat --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\gubmonivuigb.dat --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\Jyrhuix.sys --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\Jyrhuixd.sys --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\JyrhuixOd.sys --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\libnspr4.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\libplds4.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\logo.ico --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\nss3.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\nssckbi.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\nssdbm3.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\nssutil3.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\smime3.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\softokn3.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\sqlite3.dll --> [Rootkit.Agent.A]
Infected: C:\ProgramData\PeiUce\ssl3.dll --> [Rootkit.Agent.A]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

 



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 18 June 2015 - 05:00 PM

9-lab Removal Tool 1.0.0.36 BETA
9-lab.com

Database version: 0.0 <<<<<<<<<<<<<<<<<<<< You never allowed 9-lab to update, I would suggest you allow the program to update and run a full scan as suggested, remove any threats.

 

 

Please follow the steps in the link below.

 

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

Make sure and post a link to this thread in your new thread, and when you have created the new thread please come back here and post a link to your new thread in this one. We have removed a very large amount of malware, but I still have doubts that you are fully clean or you may have picked up something else in the time that you were away...


Edited by InadequateInfirmity, 18 June 2015 - 05:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users