Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ColorMedia.DLL (Bad Image) On almost all the files.


  • Please log in to reply
15 replies to this topic

#1 Infecteduser05784956

Infecteduser05784956

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 September 2015 - 05:45 PM

My significant others computer has some problems on it. Everytime I try to start an application wether it be Firefox, Internet Explorer, Google Chrome, Battle.net, or almost any other app it either gives me a ColorMedia.DLL error, it does not recognize the file extension , or it does not open. Internet Explorer is not recoginized by the extension and it still opens and closes automatically. I have tried running the comp in safe mode with networking and run MalwareBytes Charmeleon through a USB Stick. Still no luck I get the same ColorMedia.DLL (Bad Image) File. I do not know how I would run the logs that are required from you. To do so I would have to download the programs from my Laptop put the file on the USB Stick and put it in her computer and hope that it runs.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 27 September 2015 - 07:17 PM

Hello

For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.


netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns


WIN7.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 12 January 2016 - 04:57 PM

Sorry about the super late reply. I did not have much internet connection before. I went into the LAN setting and unchecked automatically detect settings and the internet still does not work.

As far as the dos it tells me that the requested operations requires elevation (Run as Administrator)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 12 January 2016 - 09:09 PM

Try typing this in the CMD

netsh int ip reset resetlog.txt

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh int ip reset resetlog.txt
Click on the enter key.

If connected run these....
If not copy all but ESET to a Flashdrive off another PC and run off that.


3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
>>>

51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

Edited by boopme, 12 January 2016 - 09:33 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 15 January 2016 - 01:44 AM

I am having trouble running some of the programs and I am surprised that some of the programs went through as I was getting errors with ColorMedia. Malware Bites is not able to open.


MiniToolBox by Farbar  Version: 02-11-2015
Ran by blandine andre (administrator) on 14-01-2016 at 23:43:56
Running from "C:\Users\blandine andre\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Inspiron N5050 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Dell Wireless 1702 802.11b/g/n = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection 2" address=169.254.238.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : blandineandre
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 2A-ED-B9-0F-FA-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Dell Wireless 1702 802.11b/g/n
   Physical Address. . . . . . . . . : 08-ED-B9-0F-FA-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 08-ED-B9-0F-FA-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 00281.geek.local
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 24-B6-FD-3B-A9-C3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

# AdwCleaner v5.029 - Logfile created 14/01/2016 at 23:49:05
# Updated 11/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : blandine andre - BLANDINEANDRE
# Running from : C:\Users\blandine andre\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : cherimoya
Service Found : ColorMedia
Service Found : LolliScan
Service Found : YTDUpdt
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\ShopperPro
Folder Found : C:\Program Files (x86)\YTDownloader
Folder Found : C:\Program Files (x86)\DriverRestore
Folder Found : C:\Program Files (x86)\Super Optimizer
Folder Found : C:\Program Files (x86)\deal2dealit
Folder Found : C:\Program Files (x86)\shopperz
Folder Found : C:\Program Files (x86)\download Manager
Folder Found : C:\Program Files (x86)\turbodiagnosis
Folder Found : C:\Program Files (x86)\deal2DEalit
Folder Found : C:\Program Files (x86)\Shopperz
Folder Found : C:\ProgramData\LolliScan
Folder Found : C:\ProgramData\2abfacb28a86414db67072195669c416
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Found : C:\Users\blandine andre\AppData\Local\globalUpdate
Folder Found : C:\Users\blandine andre\AppData\Local\CrossBrowser
Folder Found : C:\Users\blandine andre\AppData\Local\Desktop_Dock
Folder Found : C:\Users\blandine andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbmfljfohghaepamnfokgggaejlmfol
Folder Found : C:\Users\blandine andre\AppData\Local\Installer\Install_24752
Folder Found : C:\Users\blandine andre\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\windows\SysNative\Tasks\pastaleads
Folder Found : C:\windows\SysNative\Tasks\pcreg
 
***** [ Files ] *****
 
File Found : C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\invalidprefs.js
File Found : C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\searchplugins\bingp.xml
File Found : C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\user.js
File Found : C:\windows\SysNative\ColorMediaOff.ini
File Found : C:\windows\SysNative\ColorMedia64.dll
File Found : C:\windows\SysWOW64\ColorMedia.dll
File Found : C:\windows\SysWOW64\ColorMediaOff.ini
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : LaunchSignup
Task Found : pcreg
Task Found : SMupdate1
Task Found : Microsoft\Windows\Multimedia\SMupdate3
Task Found : Microsoft\Windows\Maintenance\SMupdate2
Task Found : CXFYCNE
Task Found : 3d105e4d-fa93-417a-9e77-24eb84f81fc8-4
Task Found : 5af8eaca-0131-496f-97fc-a0ee6760a5ce-4
Task Found : 6742fea2-da07-4122-9d82-a4bb5ccdb865-4
Task Found : 3d105e4d-fa93-417a-9e77-24eb84f81fc8-4
Task Found : 5af8eaca-0131-496f-97fc-a0ee6760a5ce-4
Task Found : 6742fea2-da07-4122-9d82-a4bb5ccdb865-4
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Found : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Value Found : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Found : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD [BackgroundHost.exe]
Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_851]
Key Found : HKLM\SOFTWARE\c1c60d0f-a44d-f282-6d67-bf118b33b1c3
Key Found : HKLM\SOFTWARE\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\StormWatchApp
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\BrowseForTheCause
Key Found : HKCU\Software\DesktopDockApp
Key Found : HKCU\Software\Corez
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\Taronja
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\turbodiagnosis
Key Found : HKLM\SOFTWARE\LolliScan
Key Found : HKLM\SOFTWARE\ShieldApps
Key Found : HKLM\SOFTWARE\ONESOFTPERDAY
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Key Found : [x64] HKLM\SOFTWARE\YTDownloader
Key Found : [x64] HKLM\SOFTWARE\SystemOptimizerPro
Key Found : [x64] HKLM\SOFTWARE\LolliScan
Key Found : HKU\.DEFAULT\Software\ImInstaller
Key Found : HKU\.DEFAULT\Software\SweetIM
Key Found : HKU\.DEFAULT\Software\WNLT
Key Found : HKU\.DEFAULT\Software\YTDownloader
Key Found : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
Key Found : HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Value Found : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{31403B2C-BF52-4C44-80ED-2B14FA3290F3} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3E58392D-A3E5-426A-8A02-815811D6692A} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5B7D04FB-FD9B-4BF3-A1F0-557121026C83} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8F393956-E925-44EC-9E6D-41E44AF6EF98} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{31403B2C-BF52-4C44-80ED-2B14FA3290F3} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{3E58392D-A3E5-426A-8A02-815811D6692A} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{5B7D04FB-FD9B-4BF3-A1F0-557121026C83} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8F393956-E925-44EC-9E6D-41E44AF6EF98} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{31403B2C-BF52-4C44-80ED-2B14FA3290F3} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{3E58392D-A3E5-426A-8A02-815811D6692A} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{5B7D04FB-FD9B-4BF3-A1F0-557121026C83} [NameServer] - 50.7.75.30,76.73.6.110
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{8F393956-E925-44EC-9E6D-41E44AF6EF98} [NameServer] - 50.7.75.30,76.73.6.110
 
***** [ Web browsers ] *****
 
[C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\prefs.js] [Preference] Found : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A980195%2C%22ver%22%3A1%2C%22status%22%3A1%2[...]
[C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\prefs.js] [Preference] Found : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_resource_980204.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20[...]
[C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\prefs.js] [Preference] Found : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\prefs.js] [Preference] Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\prefs.js] [Preference] Found : user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22an[...]
[C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\prefs.js] [Preference] Found : user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%2[...]
[C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\prefs.js] [Preference] Found : user_pref("extensions.crossrider.bic", "14ba54c26919d239e72b28c69a097eb6");
[C:\Users\blandine andre\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\blandine andre\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\blandine andre\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcfenmboojpjinhpgggodefccipikbpd
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15521 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64 
Ran by blandine andre (Administrator) on Thu 01/14/2016 at 23:57:20.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 47 
 
Failed to delete: C:\Program Files (x86)\ytdownloader (Folder) 
Successfully deleted: C:\Program Files (x86)\Shopperz (Folder)
Successfully deleted: C:\ProgramData\15a071990000383e (Folder) 
Successfully deleted: C:\ProgramData\2abfacb28a86414db67072195669c416 (Folder) 
Successfully deleted: C:\ProgramData\3eab270400001311 (Folder) 
Successfully deleted: C:\ProgramData\4e7730bb0000492c (Folder) 
Successfully deleted: C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e (Folder) 
Successfully deleted: C:\ProgramData\d64a1c137c710cec (Folder) 
Successfully deleted: C:\ProgramData\lolliscan (Folder) 
Successfully deleted: C:\ProgramData\nbjgnlogkackeeohnmejiamhkabibcbn (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\driverrestore (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\pepperzip (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\globalupdate (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbmfljfohghaepamnfokgggaejlmfol (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\blandine andre\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Roaming\compuclever (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\Invalidprefs.js (File) 
Successfully deleted: C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\searchplugins\bingp.xml (File) 
Successfully deleted: C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\user.js (File) 
Successfully deleted: C:\windows\system32\Tasks\3d105e4d-fa93-417a-9e77-24eb84f81fc8-4 (Task)
Successfully deleted: C:\windows\system32\Tasks\5af8eaca-0131-496f-97fc-a0ee6760a5ce-4 (Task)
Successfully deleted: C:\windows\system32\Tasks\6742fea2-da07-4122-9d82-a4bb5ccdb865-4 (Task)
Successfully deleted: C:\windows\system32\Tasks\LaunchSignup (Task)
Successfully deleted: C:\windows\system32\Tasks\pcreg (Task)
Successfully deleted: C:\windows\system32\Tasks\Special IC Runner (Task)
Successfully deleted: C:\windows\Tasks\3d105e4d-fa93-417a-9e77-24eb84f81fc8-4.job (Task) 
Successfully deleted: C:\windows\Tasks\5af8eaca-0131-496f-97fc-a0ee6760a5ce-4.job (Task) 
Successfully deleted: C:\windows\Tasks\6742fea2-da07-4122-9d82-a4bb5ccdb865-4.job (Task) 
Successfully deleted: C:\Program Files (x86)\compuclever (Folder) 
Successfully deleted: C:\Program Files (x86)\download manager (Folder) 
Successfully deleted: C:\Program Files (x86)\driverrestore (Folder) 
Successfully deleted: C:\Program Files (x86)\globalupdate (Folder) 
Successfully deleted: C:\Program Files (x86)\GUT9944.tmp (File) 
Successfully deleted: C:\Program Files (x86)\GUTBE21.tmp (File) 
Successfully deleted: C:\Program Files (x86)\predm (Folder) 
Successfully deleted: C:\Program Files (x86)\shopperpro (Folder) 
Successfully deleted: C:\Program Files (x86)\super optimizer (Folder) 
Successfully deleted: C:\Program Files (x86)\turbodiagnosis (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ALRREVZ (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WDQ1F15 (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICIPN8ML (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFS1BQ73 (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA8UC4DF (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE2Q9HMB (Folder) 
Successfully deleted: C:\Users\blandine andre\AppData\Local\nsp18C4.tmp (File) 
 
Deleted the following from C:\Users\blandine andre\AppData\Roaming\Mozilla\Firefox\Profiles\nwoe6ptd.default\prefs.js
user_pref(extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_meta.value, %7B%22handlebars.js%22%3A%7B%22id%22%3A980195%2C%22ver%22
user_pref(extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_resource_980204.value, %22function%20startAskCom%28e%2Ct%2Cr%29%7Bfun
user_pref(extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A%7B%22urls%22%3A%5B
user_pref(extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A
user_pref(extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.__ICM_LITE__blacklist_domain.value, %7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2
user_pref(extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.__ICM_LITE__fifty_test_rules.value, %7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C
user_pref(extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%
user_pref(extensions.crossrider.bic, 14ba54c26919d239e72b28c69a097eb6);
 
 
 
Registry: 8 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_851 (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\cherimoya (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\ColorMedia (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\LolliScan (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YTDUpdt (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/14/2016 at 23:59:27.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 15 January 2016 - 10:26 AM

Remove what ADWCleaner found

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator[/i]
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Now run ESET and see how it is..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 15 January 2016 - 01:45 PM

It seems weird. AdwCleaner does not find anything now. I still have the same problems.

#8 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 15 January 2016 - 02:18 PM

# AdwCleaner v5.029 - Logfile created 15/01/2016 at 12:52:11
# Updated 11/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : blandine andre - BLANDINEANDRE
# Running from : C:\Users\blandine andre\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\YTDownloader
[-] Folder Deleted : C:\Program Files (x86)\deal2dealit
[!] Folder Not Deleted : C:\Program Files (x86)\deal2DEalit
[-] Folder Deleted : C:\Users\blandine andre\AppData\Local\CrossBrowser
[-] Folder Deleted : C:\Users\blandine andre\AppData\Local\Desktop_Dock
[-] Folder Deleted : C:\Users\blandine andre\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[#] Folder Deleted : C:\windows\SysNative\Tasks\pastaleads
 
***** [ Files ] *****
 
[-] File Deleted : C:\windows\SysNative\ColorMediaOff.ini
[-] File Deleted : C:\windows\SysNative\ColorMedia64.dll
[-] File Deleted : C:\windows\SysWOW64\ColorMedia.dll
[-] File Deleted : C:\windows\SysWOW64\ColorMediaOff.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : SMupdate1
[-] Task Deleted : Microsoft\Windows\Multimedia\SMupdate3
[-] Task Deleted : Microsoft\Windows\Maintenance\SMupdate2
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[-] Key Deleted : HKCU\Software\Classes\PepperZip
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD [BackgroundHost.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key Deleted : HKLM\SOFTWARE\c1c60d0f-a44d-f282-6d67-bf118b33b1c3
[-] Key Deleted : HKLM\SOFTWARE\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKCU\Software\Compete
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Microsoft\KanarCore
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\StormWatchApp
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\BrowseForTheCause
[-] Key Deleted : HKCU\Software\DesktopDockApp
[-] Key Deleted : HKCU\Software\Corez
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\Taronja
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\turbodiagnosis
[-] Key Deleted : HKLM\SOFTWARE\LolliScan
[-] Key Deleted : HKLM\SOFTWARE\ShieldApps
[-] Key Deleted : HKLM\SOFTWARE\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : [x64] HKLM\SOFTWARE\SystemOptimizerPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\LolliScan
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\SweetIM
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT
[-] Key Deleted : HKU\.DEFAULT\Software\YTDownloader
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{31403B2C-BF52-4C44-80ED-2B14FA3290F3} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3E58392D-A3E5-426A-8A02-815811D6692A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5B7D04FB-FD9B-4BF3-A1F0-557121026C83} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8F393956-E925-44EC-9E6D-41E44AF6EF98} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{31403B2C-BF52-4C44-80ED-2B14FA3290F3} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{3E58392D-A3E5-426A-8A02-815811D6692A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{5B7D04FB-FD9B-4BF3-A1F0-557121026C83} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8F393956-E925-44EC-9E6D-41E44AF6EF98} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{31403B2C-BF52-4C44-80ED-2B14FA3290F3} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{3E58392D-A3E5-426A-8A02-815811D6692A} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{5B7D04FB-FD9B-4BF3-A1F0-557121026C83} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{8F393956-E925-44EC-9E6D-41E44AF6EF98} [NameServer]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\blandine andre\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\blandine andre\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\blandine andre\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11954 bytes] ##########

Edited by Infecteduser05784956, 15 January 2016 - 02:26 PM.


#9 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 15 January 2016 - 02:27 PM

Sorry I posted the wrong one. Still no internet so I cannot run eset.


Edited by Infecteduser05784956, 15 January 2016 - 02:31 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 15 January 2016 - 03:25 PM

Can you run this?

EDIT: was MBAM the only other tool run?

Do you still have that log?

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by boopme, 15 January 2016 - 03:28 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 15 January 2016 - 09:55 PM

MBAM installed but does not open it give me the bad image error colormedia.dll blah blah deal. The other tools ran but it was still giving me the bad image error but it seem like the tools still persisted and bypassed the colormedia error.



#12 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 15 January 2016 - 10:53 PM

Farbar Service Scanner Version: 03-01-2016
Ran by blandine andre (administrator) on 15-01-2016 at 20:59:59
Running from "C:\Users\blandine andre\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/15/2016
Scan Time: 9:02 PM
Logfile: MBLOF.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.09.22.05
Rootkit Database: v2015.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: blandine andre
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 512918
Time Elapsed: 32 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 73
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [a845fd35127972c4bd7a7579bd455ea2], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [a845fd35127972c4bd7a7579bd455ea2], 
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [a04d969c5a311224fb8cb5c216eb4fb1], 
PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [a04d969c5a311224fb8cb5c216eb4fb1], 
PUP.Optional.OverLook, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.StormWatch, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASAPI32, Quarantined, [3db02b07e1aad1654524843b966e60a0], 
PUP.Optional.StormWatch, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASMANCS, Quarantined, [69844ae85536c472aabf1fa060a4639d], 
PUP.Optional.PastaLeads, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PastaLeads, Quarantined, [b934da58dab1bf77f2f12789ab59fe02], 
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [c12c230f5b30dd590d32463608fc8080], 
PUP.Optional.GigaClicks, HKLM\SOFTWARE\WOW6432NODE\GigaClicks, Quarantined, [46a7b0828efd7eb87c8438660bf98b75], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Quarantined, [31bc1022503bf73f8bb6ecc1857f7a86], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{e60fba94}, Quarantined, [43aa2c06e9a2cf67ac95e9c49b69ad53], 
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [06e74be7afdc4fe753ecb0cc679d30d0], 
PUP.Optional.ObjectBrowser, HKU\S-1-5-18\SOFTWARE\Object Browser-nv, Quarantined, [7c7158dabccfe0568bb9ecc3e61e0000], 
PUP.Optional.GigaClicks, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\GigaClicks, Quarantined, [6a832111d1bac96dc43ba7f6ce368878], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18B8FB7E-C8FD-4714-AE34-BDF5213A92E0}, Quarantined, [8c61bd751576e353f1195e37e0240bf5], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18DC4F1A-684A-4FD8-8819-3991DD6D7566}, Quarantined, [539a53df8ffc81b5dd2d167fae568b75], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22C6E54D-1FAE-41BF-BE7A-89E934BA8424}, Quarantined, [9c5145edc0cb3303ed1d6e27a85c34cc], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{30D579B4-5383-4C84-912E-D658CD7B2F14}, Quarantined, [816cef43a8e3b18527e497fe0ef629d7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{34523F8D-476C-42A5-909A-BB1CF2FC1B7E}, Quarantined, [846989a98dfec472f11a494cc53f659b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3929BCD7-D097-4A6E-9C17-C39232CE8FD8}, Quarantined, [ad404ae8c9c2d6606d9ee0b5c63e7a86], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3D059754-DD6B-4B86-9112-FB5EA3F85255}, Quarantined, [db12aa88c8c30b2b4dbd5f3693718c74], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3D47633B-3A75-4CEE-AFB2-5C2E939A2281}, Quarantined, [12db72c0890238fe40cba3f2b74da65a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DEE306C-3170-45CE-8D6C-6494393E407C}, Quarantined, [9558260c2d5e0c2a21ea50459a6a768a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45440D97-B86C-49B0-BBFB-77E9512E5546}, Quarantined, [9e4f7eb4503b053164a74d4814f06a96], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{51E77FD6-89C5-41B6-91A6-6820C1147CC4}, Quarantined, [a9441121bbd0ae883bcfff96e0249967], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5257C861-E2F7-46E2-8EED-423AFA343674}, Quarantined, [876632006526f5411af133629a6a857b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5838F021-1D24-4F78-9C35-77EEDE147AD3}, Quarantined, [42abdb570d7ebf770efcd0c547bd966a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58FE7FDD-C180-4EAA-A1D1-ECDCD188D2A0}, Quarantined, [b23b062cc1ca1d1933d7cfc621e3e21e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C7F9AD3-3D94-486E-9117-A780567D7C5F}, Quarantined, [47a65ad86f1c47efca41662f46be9769], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6B8D59FF-8C5D-46F0-88E8-9A7E7EBD4B1F}, Quarantined, [6b825cd68efdc37386843b5a679d32ce], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7313460E-136F-455E-A762-A427CA65F785}, Quarantined, [7b72e25014775fd783885f363aca9f61], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75AFF2C7-8A79-4234-BA82-B6FF5F8B223B}, Quarantined, [38b5be74404b4cea23e7fd9845bf16ea], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C23AD25-5A74-421A-B339-BAD6B9B86332}, Quarantined, [1ad34ee4e5a6f34317f49401a262c43c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7FEF7D1A-1B78-4386-B538-C01FE13C828A}, Quarantined, [eb029f9353380c2a23e8afe6f80cb848], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{814A0A22-95FB-4CBA-87EA-6DF9234CC3E1}, Quarantined, [707d5ad8bbd02b0b25e5484d986cec14], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8266B517-B64C-4B54-BA12-D254935F84D0}, Quarantined, [2bc282b0018a3bfb37d43f56e71d16ea], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8354ECD2-590F-4D74-AF71-ED185D71E575}, Quarantined, [6f7e2b07f695af879c6ff5a037cd5ea2], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{83E83897-4331-493A-AB2D-8375F1B7955D}, Quarantined, [31bc68cadead84b2c545c6cfb252f010], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8444A3E5-9668-4D41-924C-F5E0D4551841}, Quarantined, [cc21032fed9ec86ed338920361a33ac6], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{85E4A189-36A2-4585-9BF8-68328218E8BE}, Quarantined, [49a4979b602bf343060430650400f10f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{896A76E5-76E2-4EF4-9EFE-ECAAA2B065A4}, Quarantined, [618cc86a7813a6902eddfb9aad5746ba], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8B958F67-9E0D-41B4-9A9A-5DD6D096E89F}, Quarantined, [b63741f1d8b3da5c67a4c2d3679db54b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F8438E8-BE39-467F-AD90-1478C56620ED}, Quarantined, [9657e052cfbc0d29b6540a8b966e59a7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{932A40A5-4688-45EC-9F75-1DDCD2ED4596}, Quarantined, [6e7ff53d513a59dd33d7e9ac8b79bd43], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{94A32016-DB08-42B1-A58C-F0DBC9C924D9}, Quarantined, [0ae3250dd7b41620a467f0a5a55f47b9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A440AD7-1FDD-4BDB-989F-BA266115A6E5}, Quarantined, [19d4ef43d8b3c3730803e4b1758ff10f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F5F3767-1FDD-49A2-A0AF-D010B946FFE9}, Quarantined, [2bc2c969c9c2c76ff119bbda0bf9d32d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A8FD8CFF-C3C4-452B-BE59-955DD43B3BFB}, Quarantined, [1ad30f23c9c23bfb19f2efa647bdf40c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ABA88C49-1EE6-468A-802E-B761A086F9AC}, Quarantined, [cd20a68ccbc0ab8ba1698015d62e3cc4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B25BE320-A0C7-474E-95B0-7F188AC0DFD8}, Quarantined, [30bd2210c9c2b4823ad0633261a3c33d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B35697A6-A716-4AD4-BE5B-5F8483AD7EB8}, Quarantined, [5e8f68ca3952ba7c1feba2f38e76ff01], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B87359DB-8CE0-4348-94C8-9BB0A9D29141}, Quarantined, [8a630c26b2d9e84ea06be5b0f80c966a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD8C5A7B-4D6A-4F14-9AF5-9D425BFBDB70}, Quarantined, [f3fa48ea6229bb7b9e6c692c7c8856aa], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE99A335-9956-4245-B760-7240CB7453FA}, Quarantined, [f2fbbb77464556e01cee65304cb829d7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3B4F268-FFEF-4189-9B43-4879567DB251}, Quarantined, [6b82ce64c3c843f359b26a2b9272c838], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C54162DF-98C3-43EE-877C-EDC2B2AD1ACB}, Quarantined, [747938fadead91a5ee1c7322e0242bd5], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C9F73468-7545-4BA9-B09C-56218933CDE8}, Quarantined, [747999995e2dd16565a6563fc73d738d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC8C2C34-2A49-46F6-8EFC-7999A9382942}, Quarantined, [bb32bb77e6a5e0566c9e5d3824e05fa1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF855559-4D57-48CC-B643-3EBBAE4A6F33}, Quarantined, [f4f973bf69225ed8e8220a8b9e6601ff], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D27E944B-575E-4FE7-A0E5-F2A46BDDC2B2}, Quarantined, [915c181a6427ba7c0cfef89d877d51af], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D291545F-3611-4A01-ADFE-B39DC39E2C68}, Quarantined, [4ca1aa88335868ce25e6464fc24220e0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D60BF450-2DD4-4444-A6CF-9EBC4C349ABD}, Quarantined, [35b89d95adde8bab67a30293c83c6d93], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DE103EB9-8114-4683-972B-84708F35D668}, Quarantined, [b83566cce9a2999d54b6158014f0c63a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DE6195D5-D52F-4B81-A189-21B218A93047}, Quarantined, [2dc04be7dfac24129872f79eb054ee12], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E05DF5CD-F611-40D2-9637-43A7272C933B}, Quarantined, [33ba0a28d5b69a9cf8134550e222c739], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EF7439D4-DBF1-4629-8892-66305D35AD6A}, Quarantined, [97567db5b2d90e28c04afa9b56ae9769], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3A87C23-65FF-4824-AE83-9F1018C81AA4}, Quarantined, [cb22280a84073bfb15f6b1e4b54f44bc], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F7B093AB-92CC-4E83-9BE9-96DDF130C82C}, Quarantined, [8964e84aa8e364d22bdfd3c25ea6e31d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8A02173-9E3A-4AF1-95C6-F5EBD689ED70}, Quarantined, [11dc59d9e9a2d264d437bed72fd510f0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9016A5D-3194-459D-9ABD-91EB168D536A}, Quarantined, [25c83af89bf05ed85bafccc920e45fa1], 
PUP.Optional.OnlineAnalytics, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\OAS OK, Quarantined, [f2fb3bf7048786b0be387b345da742be], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [c924072bdead63d38d63358adf255aa6], 
 
Registry Values: 61
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [27c6c76b9af169cd96b1389a2cd8d030]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [c12c230f5b30dd590d32463608fc8080]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [4f9e4de5cdbee25490b76a68d034916f]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [06e74be7afdc4fe753ecb0cc679d30d0]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18B8FB7E-C8FD-4714-AE34-BDF5213A92E0}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [8c61bd751576e353f1195e37e0240bf5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18DC4F1A-684A-4FD8-8819-3991DD6D7566}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [539a53df8ffc81b5dd2d167fae568b75]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{22C6E54D-1FAE-41BF-BE7A-89E934BA8424}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [9c5145edc0cb3303ed1d6e27a85c34cc]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{30D579B4-5383-4C84-912E-D658CD7B2F14}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [816cef43a8e3b18527e497fe0ef629d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{34523F8D-476C-42A5-909A-BB1CF2FC1B7E}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [846989a98dfec472f11a494cc53f659b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3929BCD7-D097-4A6E-9C17-C39232CE8FD8}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [ad404ae8c9c2d6606d9ee0b5c63e7a86]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3D059754-DD6B-4B86-9112-FB5EA3F85255}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [db12aa88c8c30b2b4dbd5f3693718c74]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3D47633B-3A75-4CEE-AFB2-5C2E939A2281}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [12db72c0890238fe40cba3f2b74da65a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DEE306C-3170-45CE-8D6C-6494393E407C}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [9558260c2d5e0c2a21ea50459a6a768a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45440D97-B86C-49B0-BBFB-77E9512E5546}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [9e4f7eb4503b053164a74d4814f06a96]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{51E77FD6-89C5-41B6-91A6-6820C1147CC4}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [a9441121bbd0ae883bcfff96e0249967]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5257C861-E2F7-46E2-8EED-423AFA343674}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [876632006526f5411af133629a6a857b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5838F021-1D24-4F78-9C35-77EEDE147AD3}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [42abdb570d7ebf770efcd0c547bd966a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58FE7FDD-C180-4EAA-A1D1-ECDCD188D2A0}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [b23b062cc1ca1d1933d7cfc621e3e21e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C7F9AD3-3D94-486E-9117-A780567D7C5F}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [47a65ad86f1c47efca41662f46be9769]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6B8D59FF-8C5D-46F0-88E8-9A7E7EBD4B1F}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [6b825cd68efdc37386843b5a679d32ce]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7313460E-136F-455E-A762-A427CA65F785}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [7b72e25014775fd783885f363aca9f61]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75AFF2C7-8A79-4234-BA82-B6FF5F8B223B}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [38b5be74404b4cea23e7fd9845bf16ea]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7C23AD25-5A74-421A-B339-BAD6B9B86332}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [1ad34ee4e5a6f34317f49401a262c43c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7FEF7D1A-1B78-4386-B538-C01FE13C828A}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [eb029f9353380c2a23e8afe6f80cb848]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{814A0A22-95FB-4CBA-87EA-6DF9234CC3E1}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [707d5ad8bbd02b0b25e5484d986cec14]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8266B517-B64C-4B54-BA12-D254935F84D0}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [2bc282b0018a3bfb37d43f56e71d16ea]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8354ECD2-590F-4D74-AF71-ED185D71E575}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [6f7e2b07f695af879c6ff5a037cd5ea2]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{83E83897-4331-493A-AB2D-8375F1B7955D}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [31bc68cadead84b2c545c6cfb252f010]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8444A3E5-9668-4D41-924C-F5E0D4551841}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [cc21032fed9ec86ed338920361a33ac6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{85E4A189-36A2-4585-9BF8-68328218E8BE}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [49a4979b602bf343060430650400f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{896A76E5-76E2-4EF4-9EFE-ECAAA2B065A4}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [618cc86a7813a6902eddfb9aad5746ba]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8B958F67-9E0D-41B4-9A9A-5DD6D096E89F}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [b63741f1d8b3da5c67a4c2d3679db54b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F8438E8-BE39-467F-AD90-1478C56620ED}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [9657e052cfbc0d29b6540a8b966e59a7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{932A40A5-4688-45EC-9F75-1DDCD2ED4596}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [6e7ff53d513a59dd33d7e9ac8b79bd43]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{94A32016-DB08-42B1-A58C-F0DBC9C924D9}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [0ae3250dd7b41620a467f0a5a55f47b9]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A440AD7-1FDD-4BDB-989F-BA266115A6E5}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [19d4ef43d8b3c3730803e4b1758ff10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F5F3767-1FDD-49A2-A0AF-D010B946FFE9}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [2bc2c969c9c2c76ff119bbda0bf9d32d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A8FD8CFF-C3C4-452B-BE59-955DD43B3BFB}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [1ad30f23c9c23bfb19f2efa647bdf40c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ABA88C49-1EE6-468A-802E-B761A086F9AC}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [cd20a68ccbc0ab8ba1698015d62e3cc4]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B25BE320-A0C7-474E-95B0-7F188AC0DFD8}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [30bd2210c9c2b4823ad0633261a3c33d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B35697A6-A716-4AD4-BE5B-5F8483AD7EB8}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [5e8f68ca3952ba7c1feba2f38e76ff01]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B87359DB-8CE0-4348-94C8-9BB0A9D29141}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [8a630c26b2d9e84ea06be5b0f80c966a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BD8C5A7B-4D6A-4F14-9AF5-9D425BFBDB70}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [f3fa48ea6229bb7b9e6c692c7c8856aa]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE99A335-9956-4245-B760-7240CB7453FA}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [f2fbbb77464556e01cee65304cb829d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3B4F268-FFEF-4189-9B43-4879567DB251}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [6b82ce64c3c843f359b26a2b9272c838]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C54162DF-98C3-43EE-877C-EDC2B2AD1ACB}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [747938fadead91a5ee1c7322e0242bd5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C9F73468-7545-4BA9-B09C-56218933CDE8}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [747999995e2dd16565a6563fc73d738d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC8C2C34-2A49-46F6-8EFC-7999A9382942}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [bb32bb77e6a5e0566c9e5d3824e05fa1]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF855559-4D57-48CC-B643-3EBBAE4A6F33}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [f4f973bf69225ed8e8220a8b9e6601ff]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D27E944B-575E-4FE7-A0E5-F2A46BDDC2B2}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [915c181a6427ba7c0cfef89d877d51af]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D291545F-3611-4A01-ADFE-B39DC39E2C68}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [4ca1aa88335868ce25e6464fc24220e0]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D60BF450-2DD4-4444-A6CF-9EBC4C349ABD}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [35b89d95adde8bab67a30293c83c6d93]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DE103EB9-8114-4683-972B-84708F35D668}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [b83566cce9a2999d54b6158014f0c63a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DE6195D5-D52F-4B81-A189-21B218A93047}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [2dc04be7dfac24129872f79eb054ee12]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E05DF5CD-F611-40D2-9637-43A7272C933B}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [33ba0a28d5b69a9cf8134550e222c739]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EF7439D4-DBF1-4629-8892-66305D35AD6A}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [97567db5b2d90e28c04afa9b56ae9769]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3A87C23-65FF-4824-AE83-9F1018C81AA4}|AppName, Plus-HD-6.0-enabler.exe-codedownloader.exe, Quarantined, [cb22280a84073bfb15f6b1e4b54f44bc]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F7B093AB-92CC-4E83-9BE9-96DDF130C82C}|AppName, Feven 2.2-enabler.exe-buttonutil.exe, Quarantined, [8964e84aa8e364d22bdfd3c25ea6e31d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8A02173-9E3A-4AF1-95C6-F5EBD689ED70}|AppName, Feven 2.2-enabler.exe-codedownloader.exe, Quarantined, [11dc59d9e9a2d264d437bed72fd510f0]
PUP.Optional.CrossRider, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9016A5D-3194-459D-9ABD-91EB168D536A}|AppName, Plus-HD-6.0-enabler.exe-buttonutil.exe, Quarantined, [25c83af89bf05ed85bafccc920e45fa1]
PUP.Optional.OnlineAnalytics, HKU\S-1-5-21-3911025799-2270268569-1992172917-1000\SOFTWARE\OAS OK|Success, 1, Quarantined, [f2fb3bf7048786b0be387b345da742be]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 7
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\PepperFlash, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
 
Files: 68
PUP.Optional.ModGoog, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\psmachine.dll, Quarantined, [de0f8aa814772c0a95f25324ff02966a], 
PUP.Optional.ModGoog, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\GoogleUpdate.exe, Quarantined, [a04d969c5a311224fb8cb5c216eb4fb1], 
PUP.Optional.InstallCore, C:\Users\blandine andre\Downloads\Unconfirmed 132500.crdownload, Quarantined, [915cab87bad141f5e8b533a4946db749], 
PUP.Optional.InstallCore, C:\Users\blandine andre\Downloads\Unconfirmed 543311.crdownload, Quarantined, [c02dee44ee9d191de2bbd304b64b2fd1], 
PUP.Optional.InstallCore, C:\Users\blandine andre\Downloads\Unconfirmed 325170.crdownload, Quarantined, [4ca1a191abe073c3e7e34e8ebe4327d9], 
PUP.Optional.InstallCore, C:\Users\blandine andre\Downloads\Unconfirmed 341652.crdownload, Quarantined, [ba3311213655999dd4b39e3fa45d1be5], 
PUP.Optional.GigaClicks, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Runner.exe, Quarantined, [5e8f7fb3e4a7e650876f159539cc7e82], 
PUP.Optional.GigaClicks, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\CmnUtls.dll, Quarantined, [c429fb37008bdc5a3bbb3179aa5b03fd], 
PUP.Optional.GigaClicks, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\ManXec.dll, Quarantined, [79746bc75c2fca6c9a5c8d1da362e61a], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\WbSes.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\7z.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\CmdProc.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\CmlProc.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\InSes.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\NavSupp.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\PrfIns.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\WblSupp.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Modules\WdcMan.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\msvcp110.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\msvcr110.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\uninstall.exe, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\37.0.2062.124.manifest, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\chrome.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\chrome.exe, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\chrome_child.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\chrome_elf.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\d3dcompiler_46.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\ffmpegsumo.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\libEGL.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\libexif.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\libGLESv2.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\metro_driver.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\pdf.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\ppGoogleNaClPluginChrome.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\wow_helper.exe, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.OverLook, C:\Users\blandine andre\AppData\Local\D8CE94A9-81EE-6946-B811-4A03CA3A6AD5\Chrome-bin\PepperFlash\pepflashplayer.dll, Quarantined, [42ab270b216a4cea14bf6b190bf937c9], 
PUP.Optional.ColorMedia, C:\windows\SysWOW64\ColorMedia.ini, Quarantined, [6687f43e4b400f270d28216e48bc8f71], 
PUP.Optional.IdleCrawler, C:\windows\System32\Tasks\Microsoft\Windows\Maintenance\Advanced IC Updating, Quarantined, [816c34fe6e1de6506e33029f28dc0000], 
PUP.Optional.PastaLeads, C:\windows\System32\Tasks\PastaLeads, Quarantined, [0ce1fe34c3c86acc706c327e49bba55b], 
Trojan.Agent.E, C:\Users\blandine andre\AppData\Local\Temp\1.tmp.exe, Quarantined, [905dd959ec9f7cbaf737607231d3817f], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\GoogleCrashHandler.exe, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\GoogleUpdate.exe, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\GoogleUpdateBroker.exe, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\GoogleUpdateHelper.msi, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\GoogleUpdateOnDemand.exe, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\goopdate.dll, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\goopdateres_en.dll, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\npGoogleUpdate4.dll, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.336734\psuser.dll, Quarantined, [d11cc072a4e7b482f3ed50c85fa4ef11], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\GoogleCrashHandler.exe, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\GoogleUpdateBroker.exe, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\GoogleUpdateHelper.msi, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\GoogleUpdateOnDemand.exe, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\goopdate.dll, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\goopdateres_en.dll, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\npGoogleUpdate4.dll, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\psmachine.dll, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.443885\psuser.dll, Quarantined, [59944ce698f352e46f71da3e6d9625db], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\GoogleCrashHandler.exe, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\GoogleUpdate.exe, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\GoogleUpdateBroker.exe, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\GoogleUpdateHelper.msi, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\GoogleUpdateOnDemand.exe, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\goopdate.dll, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\goopdateres_en.dll, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\npGoogleUpdate4.dll, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\psmachine.dll, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
PUP.Optional.GlobalUpdate, C:\Users\blandine andre\AppData\Local\Temp\comh.55652\psuser.dll, Quarantined, [727b6dc5a1ea6dc9439d68b044bfe020], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 PM

Posted 16 January 2016 - 07:54 PM

ok, we need a deeper look to find this..

Please follow this Preparation Guide. Do last 3 steps and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 17 January 2016 - 10:59 AM

Ok in the process of doing so. Also it shows that the malware are removed I do not get the Bad Image error from ColorMedia anymore. The only problem that I am currently having is not being able to connect to the internet.

 

Update: I managed to get online via Bluetooth through a mobile phone. This shows that I can connect , the only problem is with the WiFi. Also I am currently running ESET and is in the process of downloading. I have also updated MBAM and will re-run after ESET is completely.


Edited by Infecteduser05784956, 17 January 2016 - 12:45 PM.


#15 Infecteduser05784956

Infecteduser05784956
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 17 January 2016 - 05:36 PM

Please note that my daughter accidentally stopped the scan process at 94% I will post the completed version when done in approximately 4 hours.

 

C:\AdwCleaner\Quarantine\C\windows\SysNative\ColorMedia64.dll.vir a variant of Win64/Packed.Komodia.A suspicious application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\035E5A7CAEE2D46C3A30CE504F28D7C1CF6FCBE2 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\10C98D30511ACB8F0FAFCAF9E05E7D05E55BF610 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\131D71CFE500FC41CE071C055479E45ED4322708 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\1832AEED8326616BB59B98C2C67201EC900A89D1 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\18F7C528145D15EF723312B4879BE9B7A6947BCA JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\1FAF057FB97949F97DC2E817F83214E355CDB10E JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\241536DB659B9713355C65E98536358BCCFFD0F9 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\25EBB8E31574F841D7A43AEB57A6C0785C13774E JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\2C5AA88A739426A272EAFACE3C080EF12703435E JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\2DBAA33F030D6F7F9D83B9319537070AB4B2202C JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\2FC937E9AD820FE64B341074724075EC3B318BE9 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\3DF22788DFCCE9F4C8F4168C6755677F71BD1FCB JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\3F4705FC459BD521274D0BD8EB384B6B1F8B69BC JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\4464D30D42A0C107027E7513CF32C04C8EC4D984 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\48CCD6A55D981AA864E70537391C497C710C8CD0 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\4AC1B0D64D0C72A1CA5FA97C5BD8C88F24A8C816 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\4B254CA0C6C080FDE09A2D267DE4916C956D01C6 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\4D66A603B000152818464F9B8EC1F98600EC17C3 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\4FD5C9C68F862B66FF2FDDF40850389D67C2CC4D JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\51664B43FB91270F60613DD6D5BFC776576E0309 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\5250FA9738ED3A8C811BCEE9B2EF5587461A44B0 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\55158C1927B84FC4288365B5348D6D7C33F05F2F JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\576C8FC53395273E2A578D64EE39C64898116C84 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\5815EC3095F173EAD9C38AD619E2CEB5F442455F JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\59C270EA9CB3BB5C097F7E0C055131CDED6269F5 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\5B751139185E3E85E25559D4D479BB5797A2C8C5 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\5B89BE9E5A3C4F4CE84BA38C2D7B41760F41379E JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\5C8E6EC100ADCDADDDC005F4E092799AEA0056F9 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\5F98595481F09AA8CB062CA1A4D46CDE0B158553 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\5FCD476BB1FFEC813E3A88F4EF4BB24228B90C7F JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\60011AE58CC55740838464B20954AC2FF16EF966 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\6041C1BCD7329F3525064F473898D2956C988EED JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\6C01F5961E1FC500A246D66BCAA70A185211BED0 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\6CA4DEB7DBF23B21C44721983125478B8438EC4C JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\7C87339B0F8E60EFF2592B8818F0E5B6E0DB0EB8 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\7F14572A93877CD4DEC72D685823DAE7549356AD JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\85751D4E0F0026E10F53A218B7D807F67C3BA9CC JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\92846CC7D13D6831F2AE5C43EDED511CEC58CCBB JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\92FBB7B5F7826FDE969607DC45EBD91F5C3FEEA7 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\970B3375630A05BB3050973F7F510066225E9F08 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\9781405DFD3FE707A9C7B77889326C33C940FF30 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\986BCC7E2FBC48479FE0B42C5BA2A0D060F6E723 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\9D2FE38E3EF2071A13C1745B8EE5FCA4C2FEC15D JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\A00F975AA1EA2F931107D7FDECE072A2B5D1235B JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\A2FFF52183D2539ABC90CFF729568FA7CF5E29B1 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\A487446A8ED7C3D774FF62D731C0A4765572B077 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\ADA6E6E84E151A630026F308792A33A8362D54C1 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\B653E083C5731B91621AE37925F00D6BAB485FD3 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\BB262C68C76124367940C9F8C604738DA8D10437 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\BEB8ACC7C95C01FD2F579204E8B153DF860F90AC JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\C94F42C7047F4EEFBF7451DA2C423A518CBB9860 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\CAA5867027BDD580891AD9CE55324697FD14ADBE JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\CFA20EAFB45A0A9D27EE04E9885F9DFB71B31AC5 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\D37B67C27776E1C25419C8BB6F3684F6CA5CA658 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\D5A233A0946525592577D15A722753D27D0B17B6 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\D5BF6F198236F0B44115D6A3C2062EB3C543E7ED JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\DD6B4915EE6559A4240C8BAA24CA8562BA62CDBF JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\E39E78C283B16DD5AF2A86B13B41D92D369C9590 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\E84C194A2F4C23B68452DA7B546430B8B0AFF3EB JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\E92F3D098930D884B0FD890E1B7B50C6754C53B0 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\ECEC45B2553CAE17049E68A7857E528C4DA15955 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\F6B4431478CD38FD4DEE16CA5CE90ABDF7C65C54 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\FB6EA2B0B0249276A6D65F917E29E7485E0FCD37 JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Mozilla\Firefox\Profiles\nwoe6ptd.default\cache2\entries\FCB8E4248D0A6566C6675E6DA2CAFA0AA14B3982 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\50 shades grey__10924_i1468419793_il19333.exe a variant of Win32/Amonetize.DU potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\CloudBackup7856.exe MSIL/MyPCBackup.D potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\ConsumerInputSetup.exe Win32/Compete.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsdC5E9.tmp multiple threats
C:\Users\blandine andre\AppData\Local\Temp\tu17p84.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\Install_22712\ins_ytd.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\n2337\RegProClean_13_01-18be82b8.exe a variant of MSIL/RegProCleaner.A potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\n2337\VOPackage.exe a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\InstallerUtils.dll a variant of Win32/Packed.VMDetector.L potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\InstallerUtils2.dll a variant of Win32/Packed.VMDetector.I potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\102.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\104.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\123.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\124.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\14.js JS/Toolbar.Crossrider.O potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\178.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\179.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\180.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\184.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\191.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\200.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\213.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\223.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\230.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\231.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\232.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\233.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\234.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\242.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\252.js JS/Toolbar.Crossrider.K potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\253.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\260.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\262.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\263.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\264.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\273.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\277.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\278.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\280.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\281.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\286.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\288.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\289.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\290.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\300.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\302.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\334.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\335.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\338.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\339.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\342.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\344.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\348.js JS/Toolbar.Crossrider.K potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\357.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\377.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsaBF98.tmp\{C0BE15C1-7162-41C1-B345-6A5D63D35A2D}\plugins\93.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\InstallerUtils.dll a variant of Win32/Packed.VMDetector.L potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\InstallerUtils2.dll a variant of Win32/Packed.VMDetector.I potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\102.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\104.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\123.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\14.js JS/Toolbar.Crossrider.O potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\180.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\184.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\200.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\211.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\223.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\230.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\233.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\242.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\253.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\263.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\281.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\286.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\288.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\301.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\306.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nss26F2.tmp\{F024FF90-5441-4E63-BDAE-CB61244664C1}\plugins\93.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\InstallerUtils.dll a variant of Win32/Packed.VMDetector.L potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\InstallerUtils2.dll a variant of Win32/Packed.VMDetector.I potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\102.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\104.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\14.js JS/Toolbar.Crossrider.O potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\180.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\184.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\200.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\223.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\242.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\253.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\263.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\286.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\288.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\290.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\301.js JS/Toolbar.Crossrider.J potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\nsx149.tmp\{7C142DBD-C293-49D5-B442-113C3D7DEE24}\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\blandine andre\AppData\Local\Temp\{60C0DE07-4B57-4E2C-947B-503BB71DE5F1}\{A01A0D90-D30B-48F6-8F14-F6588FC67F03}\Default\Extensions\aejmahcjmphcbnhglpmfmmibkiajmeof\1.0_0\data\flash\detector4.swf SWF/Agent.H trojan
C:\Users\blandine andre\AppData\Roaming\4C4C4544-1424046122-3510-8039-B3C04F515231\Uninstall.exe Win32/Adware.ConvertAd.AQ application
C:\Users\blandine andre\AppData\Roaming\4C4C4544-1424046122-3510-8039-B3C04F515231\VOPackage.exe a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\Users\blandine andre\Downloads\coolbrowser18release0563a.apk a variant of Android/TrojanDropper.Agent.CE trojan
C:\Users\blandine andre\Downloads\SpeedVideoDownloaderKMV2.5_20150608_DDL-avazu.apk a variant of Android/TrojanDownloader.Agent.CU trojan
C:\Users\blandine andre\Downloads\Unconfirmed 102541.crdownload a variant of Win32/AdGazelle.J potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 113599.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 133570.crdownload a variant of Win32/OutBrowse.CE potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 16024.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 163024.crdownload Win32/TrojanDropper.Addrop.C trojan
C:\Users\blandine andre\Downloads\Unconfirmed 178319.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 179855.crdownload NSIS/TrojanDownloader.Adload.AL trojan
C:\Users\blandine andre\Downloads\Unconfirmed 190225.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 207788.crdownload a variant of Win32/OutBrowse.CE potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 21814.crdownload a variant of Win32/OutBrowse.CE potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 219383.crdownload a variant of Win32/OutBrowse.CC potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 226521.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 249405.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 265052.crdownload multiple threats
C:\Users\blandine andre\Downloads\Unconfirmed 297677.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 323173.crdownload Win32/TrojanDropper.Addrop.C trojan
C:\Users\blandine andre\Downloads\Unconfirmed 326533.crdownload Win32/AdGazelle.E potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 34629.crdownload a variant of Win32/Bundlore.U potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 360756.crdownload a variant of Win32/Bundlore.U potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 361705.crdownload a variant of Win32/Bundlore.U potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 378290.crdownload NSIS/TrojanDownloader.Adload.AL trojan
C:\Users\blandine andre\Downloads\Unconfirmed 381165.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 438837.crdownload Win32/TrojanDropper.Addrop.C trojan
C:\Users\blandine andre\Downloads\Unconfirmed 45150.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 453406.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 460372.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 461804.crdownload a variant of Win32/OutBrowse.CE potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 477532.crdownload a variant of Win32/OutBrowse.CE potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 509442.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 515353.crdownload a variant of Win32/Bundlore.U potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 52635.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 53087.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 541780.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 54249.crdownload a variant of Win32/OutBrowse.CE potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 545435.crdownload multiple threats
C:\Users\blandine andre\Downloads\Unconfirmed 55160.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 560646.crdownload a variant of Win32/OutBrowse.CE potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 569146.crdownload a variant of Win32/OutBrowse.CD potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 583768.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 613845.crdownload a variant of Win32/OutBrowse.CC potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 652140.crdownload a variant of Win32/OutBrowse.CC potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 655467.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 68378.crdownload Win32/TrojanDropper.Addrop.C trojan
C:\Users\blandine andre\Downloads\Unconfirmed 741494.crdownload a variant of Win32/Bundlore.U potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 752829.crdownload a variant of Win32/OutBrowse.CC potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 772372.crdownload a variant of Win32/OutBrowse.CC potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 777341.crdownload a variant of MSIL/Adware.OxyPumper.B application
C:\Users\blandine andre\Downloads\Unconfirmed 807777.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 809154.crdownload a variant of Win32/Bundlore.U potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 8176.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 843898.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 863244.crdownload multiple threats
C:\Users\blandine andre\Downloads\Unconfirmed 869875.crdownload a variant of Win32/OutBrowse.CE potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 905615.crdownload a variant of Win32/OutBrowse.CC potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 957906.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 962542.crdownload a variant of Win32/Adware.Coupons.AA application
C:\Users\blandine andre\Downloads\Unconfirmed 968703.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 968911.crdownload a variant of Win32/AdGazelle.I potentially unwanted application
C:\Users\blandine andre\Downloads\Unconfirmed 980576.crdownload a variant of Win32/Adware.Coupons.AA application
C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of MSIL/Toolbar.Linkury.Q potentially unwanted application
C:\windows\NMsvc\N1Cert.dll a variant of Win32/Packed.Komodia.A suspicious application
C:\windows\NMsvc\N1Service.exe a variant of Win32/Packed.Komodia.A suspicious application
C:\windows\System32\N1Service64.dll a variant of Win64/Packed.Komodia.A suspicious application
C:\windows\SysWOW64\N1Service.dll a variant of Win32/Packed.Komodia.A suspicious application
 

 

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users