Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely sluggish browser, hundreds of pop ups and redirects


  • This topic is locked This topic is locked
22 replies to this topic

#1 crojj42

crojj42

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 20 January 2016 - 12:13 PM

Problem as described in title. It could take me an hour to open up one web page because of this.

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-01-2016
Ran by Heba (administrator) on DAHAB (20-01-2016 10:29:23)
Running from C:\Documents and Settings\Heba\Desktop
Loaded Profiles: Heba (Available Profiles: Heba & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Salaat Time - www.salaattime.com) C:\Program Files\Salaat Time\SalaatTime.exe
() C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
(Megaify Software Co., Ltd.) C:\Program Files\DriverToolkit\DriverToolkit.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\Motionless Session\Motionless Session.exe
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\DNS Unlocker\dnsmohawk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\6\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\5\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\2\Plugin.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\4\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\8\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\Plugin.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)
HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2008-01-27] (RealNetworks, Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [172032 2006-01-13] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434528 2006-10-26] (Microsoft Corporation)
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [SalaatTime] => C:\Program Files\Salaat Time\SalaatTime.exe [13443072 2007-08-26] (Salaat Time - www.salaattime.com)
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [DriverToolkit] => C:\Program Files\DriverToolkit\DriverToolkit.exe [1304376 2014-09-20] (Megaify Software Co., Ltd.)
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [Driver Pro] => C:\Program Files\Driver Pro\DPLauncher.exe
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2008-05-30]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk [2006-01-29]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2007-05-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-01-12]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Documents and Settings\Heba\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-09-23]
ShortcutTarget: TornTvDownloader.lnk -> C:\Documents and Settings\Heba\Application Data\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-19\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-20\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{165B91E0-6835-43C6-8515-8A96CCF0A8D6}: [NameServer] 199.203.131.150,82.163.143.168
Tcpip\..\Interfaces\{165B91E0-6835-43C6-8515-8A96CCF0A8D6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8F038740-0FF0-4C33-9609-B70A137CCC34}: [NameServer] 199.203.131.150,82.163.143.168
Tcpip\..\Interfaces\{C5969C69-ADB3-4BA4-88F9-F49251721D5D}: [NameServer] 199.203.131.150,82.163.143.168

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVI1pcAFtIFRhGIVoPTA1CRAQOeF1dWRRBFgJBcg8MVw0TQ1EFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVI1pcAFtIFRhGIVoPTA1CRAQOeF1dWRRBFgJBcg8MVw0TQ1EFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyEyEzyyE0F0CtCyD0DyE0EtC0AtAyE0FtN0D0Tzu0StCtCzyyBtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0ByC0B0D0AyCtAtGyCzy0AyEtGyByD0D0AtGtC0F0BzztGtByBtCtB0BtCtAzyyBzytCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0BtAyEtAzzyCtGzztA0D0BtGyE0F0E0CtGzzyC0E0FtG0Fzy0E0A0CyEtBtDyByByDyC2QtN0A0LzutB&cr=726841214&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005 -> OldSearch URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyEyEzyyE0F0CtCyD0DyE0EtC0AtAyE0FtN0D0Tzu0StCtCzyyBtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0ByC0B0D0AyCtAtGyCzy0AyEtGyByD0D0AtGtC0F0BzztGtByBtCtB0BtCtAzyyBzytCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0BtAyEtAzzyCtGzztA0D0BtGyE0F0E0CtGzzyC0E0FtG0Fzy0E0A0CyEtBtDyByByDyC2QtN0A0LzutB&cr=726841214&ir=
SearchScopes: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
BHO: suALeprriZes -> {2708DBE7-4EAA-43C5-BC64-639DDBD7EDA2} -> C:\Program Files\suALeprriZes\6RJZUcY9tJFg0l.dll [2015-08-12] ()
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default
FF DefaultSearchEngine: Default
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVI1pcAFtIFRhGIVoPTA1CRAQOeF1dWRRBFgJBcg8MVw0TQ1EFIk0FA18DB0VXfV9eFElXTwhnKV5RFVgdbFpRJQ==
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTR0cFME0FB18EURNNfX1RBlAFQFluL0td&q={searchTerms}
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHANAI11ZAwBFDFBCIw4VVQoUEBgbJFwATAlGFlcRdg0OVVsTRRNBNARaB0tXUUEeJl9NER8fHHFKJ1BMAFU8TkdG
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2007-09-28] (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll [2011-08-30] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2008-01-27] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2008-01-27] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2008-01-27] (RealNetworks, Inc.)
FF user.js: detected! => C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js [2015-12-11]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2002-01-09] (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol305.dll [2006-03-30] (BrightStreet.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007-09-28] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2006-11-29] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll [2005-12-05] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2006-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-01-27] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2008-01-27] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-01-27] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npsnapfish.dll [2007-05-13] ( )
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\default.xml [2015-09-24]
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\dregol.xml [2015-04-12]
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\yahoo-search.xml [2015-07-23]
FF Extension: cheapcoup - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\extensions\daawzhkxlgjgeu@_bdcwgd_ibba.edu [2015-08-30] [not signed]
FF Extension: priizecouponi - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\0Hk42awqve@g.net [2015-07-22] [not signed]
FF Extension: lowPRRIcess - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\3@UZIkqF9W.com [2015-08-30] [not signed]
FF Extension: FreedelIuvEryy - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\B1pr@3ty.edu [2015-07-21] [not signed]
FF Extension: dollarrsaver - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\cdONsk@Ky0.org [2015-08-30] [not signed]
FF Extension: saAleprizes - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\D@8e.org [2015-07-21] [not signed]
FF Extension: OOfoferdeal - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\eJn3Z@ftb.com [2015-07-02] [not signed]
FF Extension: fReea2yoiuu - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\m62@N.com [2015-07-21] [not signed]
FF Extension: quicksHop - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\ohdJ7@64vCa.com [2015-07-02] [not signed]
FF Extension: bbueyfaast - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\rPuuXX@0cyPu.com [2015-08-30] [not signed]
FF Extension: coolncheAp - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\t4@bUuLsMj.org [2015-06-08] [not signed]
FF Extension: fReedeliverry - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\ueQB@H.com [2015-07-23] [not signed]
FF Extension: salePrizes - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\z@92L.com [2015-08-30] [not signed]
FF Extension: Digital More - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\{a6472983-82c2-48e2-af83-11b7750b32b5}.xpi [2015-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2008-01-27] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-31] [not signed]
FF HKLM\...\Firefox\Extensions: [{55A8EC97-6AF6-442c-877F-11C51DBD162D}] - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi
FF Extension: YouTube Video Downloader Extension - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi [2014-08-13] [not signed]
FF HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files\Consumer Input\Firefox\ciff-3.2.0-12171.xpi => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\activex.js [2005-12-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aomdjjfldjbbnojlonpahdajglndlomc [2014-10-02]
CHR Extension: (Sample IME for IME extension API) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin [2015-06-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmodjaihpladaednpgcbiapepghfbgam [2015-08-10]
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic [2014-09-30]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2015-07-23] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (GoToMeeting for Calendar) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch [2015-07-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Hush private bookmarking) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2015-07-16] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf [2014-09-23]
CHR Extension: (No Cyrus) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf [2015-07-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Better Battlelog BBLog) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2015-08-12] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (FromDocToPDF) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2015-07-29] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkaliidbdemijhjchoaoomhfifplapmi [2015-07-26]
CHR Extension: (LiveHive Email Content Tracking Analytics) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf [2015-07-21] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Turntablefm Extended) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg [2015-07-15] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Crash Bandicoot 3D Racing) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf [2015-05-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [igljnkmljjbhcellpnjppojkfdfmkjmp] - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_GC.crx [2014-08-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 5d8bc28e; c:\Program Files\AppendInit\AppendInit.dll [2242560 2015-05-01] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Motionless Session; C:\Program Files\Motionless Session\Motionless Session.exe [8015963 2015-07-13] () [File not signed] <==== ATTENTION
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Service Mgr DigitalMore; C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe [779024 2016-01-20] () <==== ATTENTION
R2 Update Mgr DigitalMore; C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe [641296 2016-01-20] () <==== ATTENTION
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ADM8511; C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated)
R3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
R0 BlackBox; C:\WINDOWS\system32\Drivers\BlackBox.sys [35712 2011-10-01] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-17] (HP)
S3 KDZfiltr; C:\WINDOWS\System32\DRIVERS\KDZfiltr.sys [4864 2002-09-26] (MOTO Development Group) [File not signed]
R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1022040 2005-08-17] (SigmaTel, Inc.)
S3 bvrp_pci; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: EAWDMFD -> no filepath.
NETSVC: IPSECSHM -> no filepath.
NETSVC: oraclemtsrecoveryservice -> no filepath.
NETSVC: ss_mdfl -> no filepath.
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-20 10:29 - 2016-01-20 10:30 - 00028161 _____ C:\Documents and Settings\Heba\Desktop\FRST.txt
2016-01-20 10:29 - 2016-01-20 10:23 - 01721856 ____N (Farbar) C:\Documents and Settings\Heba\Desktop\FRST.exe
2016-01-19 14:23 - 2016-01-19 14:23 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2015-12-28 12:47 - 2015-12-28 12:47 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\System Healer
2015-12-28 10:19 - 2016-01-20 10:27 - 00000258 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2015-12-28 10:19 - 2016-01-19 14:23 - 00000272 _____ C:\WINDOWS\Tasks\System Healer Task.job
2015-12-28 10:19 - 2016-01-13 09:01 - 00000258 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2015-12-28 10:19 - 2015-12-28 12:47 - 00000730 _____ C:\Documents and Settings\All Users\Desktop\Launch System Healer.lnk
2015-12-28 10:19 - 2015-12-28 11:00 - 00000000 ____D C:\Documents and Settings\Heba\Application Data\System Healer
2015-12-28 10:19 - 2015-12-28 10:19 - 00000000 ____D C:\Program Files\SystemHealer
2015-12-28 10:19 - 2015-12-28 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\System Healer
2015-12-28 10:19 - 2015-12-28 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\08066650-26f3-1
2015-12-28 10:19 - 2015-12-28 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\08066650-0621-0
2015-12-22 03:24 - 2016-01-19 14:00 - 00016022 _____ C:\WINDOWS\Tasks\{7EB5450B-2A30-E4AB-1A24-D03144A66DB4}.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-20 10:30 - 2015-08-25 07:52 - 00002394 _____ C:\WINDOWS\Tasks\DNSMOHAWK.job
2016-01-20 10:30 - 2012-06-27 20:52 - 00000000 ____D C:\Documents and Settings\Heba\Local Settings\temp
2016-01-20 10:30 - 2005-08-16 05:49 - 00032506 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-20 10:29 - 2014-09-14 10:28 - 00000000 ____D C:\FRST
2016-01-20 10:27 - 2006-02-01 22:07 - 00000000 ___RD C:\Documents and Settings\Heba\My Documents
2016-01-20 09:41 - 2014-11-16 10:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-20 09:24 - 2015-08-14 20:24 - 00000414 _____ C:\WINDOWS\Tasks\Optscan.job
2016-01-20 08:35 - 2015-04-12 11:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e
2016-01-20 05:30 - 2015-04-12 11:29 - 00000000 ____D C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e
2016-01-19 18:41 - 2014-11-16 10:50 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-19 18:41 - 2011-08-31 22:45 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-01-13 19:05 - 2006-02-02 20:18 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2016-01-10 09:07 - 2014-01-25 13:51 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-01-10 09:06 - 2005-08-16 05:33 - 00524888 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-10 09:03 - 2005-08-16 05:38 - 00000000 ____D C:\WINDOWS\Registration
2016-01-10 09:02 - 2014-09-23 16:43 - 00000346 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-3918639563-2636724751-2286751100-1005.job
2016-01-10 09:02 - 2006-01-29 11:10 - 00004242 _____ C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2016-01-10 09:02 - 2006-01-29 11:05 - 00000000 ____D C:\WINDOWS
2016-01-10 09:01 - 2014-09-20 02:34 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-10 09:01 - 2005-08-16 05:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-10 09:01 - 2005-08-16 05:18 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-08 15:00 - 2014-09-20 02:34 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-12-28 18:25 - 2015-05-02 04:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\12573623025830556730

==================== Files in the root of some directories =======

2015-05-07 05:45 - 2015-08-12 19:43 - 0000079 _____ () C:\Program Files\prefs.js
2006-11-02 18:58 - 2006-11-02 18:58 - 0012358 _____ () C:\Documents and Settings\Heba\Application Data\PFP120JCM.{PB
2006-11-02 18:58 - 2006-11-02 18:58 - 0061678 _____ () C:\Documents and Settings\Heba\Application Data\PFP120JPR.{PB
2006-02-02 20:28 - 2014-10-23 13:44 - 0040536 _____ () C:\Documents and Settings\Heba\Application Data\wklnhst.dat
2011-12-18 12:45 - 2011-12-24 09:29 - 0014488 ___SH () C:\Documents and Settings\Heba\Local Settings\Application Data\685387f8b824f316q841i8kjp2q4
2006-03-24 11:01 - 2015-02-24 08:09 - 0212480 _____ () C:\Documents and Settings\Heba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-02-01 22:07 - 2006-02-01 22:39 - 0000127 _____ () C:\Documents and Settings\Heba\Local Settings\Application Data\fusioncache.dat
2006-02-11 07:06 - 2014-08-19 11:54 - 0005481 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Files to move or delete:
====================
C:\Documents and Settings\Heba\GoToAssist_chat2way__317_en.exe
C:\Documents and Settings\Heba\hpothb07.dat
C:\Windows\Tasks\{7EB5450B-2A30-E4AB-1A24-D03144A66DB4}.job


Some files in TEMP:
====================
C:\Documents and Settings\Heba\Local Settings\temp\drvprosetup.exe
C:\Documents and Settings\Heba\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Heba\Local Settings\temp\jre-8u60-windows-au.exe
C:\Documents and Settings\Heba\Local Settings\temp\optprosetup.exe
C:\Documents and Settings\Heba\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Heba\Local Settings\temp\setacl.exe
C:\Documents and Settings\Heba\Local Settings\temp\supoptsetup.exe
C:\Documents and Settings\Heba\Local Settings\temp\{032FCEA2-1AA2-4A15-A0F4-C7C41BA780CE}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{03B449DF-7FC1-47F0-8218-EF2379D01198}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{0422C8B8-8D04-4742-B862-811DA51B9A1F}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{04E0A761-73C8-4AA1-B2EE-7CB5215CC806}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{06594E9A-CCD2-4681-A210-DDD3C59B2430}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{08176016-76B1-4BBB-BF0D-27A0FCCFD3FA}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{0860860D-E162-4A2A-B7CD-536A01E91657}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{09914215-E10A-498E-A3CF-733622F36F9A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{13052303-CD15-485E-AE24-787F81E1B649}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{1E26BC68-2E72-49B9-9418-B972E1259FB7}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{216458FB-1E90-4F63-8355-744FE71FDE18}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{235F93C7-CD88-4101-A696-8D72F86D80D2}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{24D14FC6-D410-4B29-A125-8C1A6CBE0333}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{25A5B5CB-C831-45A8-910E-5916C0C7E4D1}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{2851A9A5-6142-4C97-A5F4-9EF1DB22511D}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{2CF5ED39-8CF0-4856-A86D-5C58C61FB913}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{2F2645C7-31C7-4824-9CD7-BAEF7E67DE45}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{2F8E0B37-373A-46D1-B505-F8E89DD1FF16}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{3702B19D-9A89-4830-A8C7-AE95606730A6}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{4306B016-4646-419B-8216-FF973D733D01}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{437359B2-5EB0-4F11-9C97-4F70498F77C7}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{472575F0-E2A0-47F9-9D8A-2C9467062FC2}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{49C7E8BB-7E73-4B57-B3CE-E2598CE2FE21}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{4C2354A4-D538-46E2-B6E3-A56E1964C14A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{55925D71-1CFC-4117-9BCE-A2B29009F533}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{55F41F4E-2611-4426-AE38-564AE4DA3008}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{57037337-CBA6-4643-8379-8405AACA204B}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{5CA9A899-90CA-4D29-86D7-483F2D596FFD}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{60395C5E-6E2B-4BD4-84C1-7150D619582C}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{613FE95B-F6DE-4229-BDEC-A03B9E043E8E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6280FBA3-B294-4A76-A861-AE5F12C648DB}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6A105756-C111-45A2-8A25-E2B4D685C849}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6C252244-2DC9-4D70-8571-DE6807C3E674}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6D818C7E-6894-4865-9D34-43844BDE7413}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6E6E5C0E-0C99-453A-B8E1-FD5A47AB7FAF}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{70231715-9592-4FE6-999D-69FD3D3F7E00}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{7286B610-976D-4EDC-BDE0-5CCF7255E1DB}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{739A8B93-88F2-4966-9870-DD0029C3E73E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{78925E21-BFA6-4E8E-BA75-D2EF2CF26EC7}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{7A925B8A-ACF1-403C-BC70-571B60556E27}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8055EB00-57E0-42E7-8856-9A61D77AB32E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8888E62B-5AD4-4E39-B0F6-15785F3D76DD}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{89FEFCFF-D78C-48D5-8E18-8C6C65A7ACCB}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8B7F9DCF-E63B-4D09-AC37-9A618D646224}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8C09013E-A77C-4FA1-BEEA-F52539633A71}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8C5F00EC-6705-468E-91F1-1B9D82AF2675}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8D488188-9253-4499-907D-08EA53D0982A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8D4A6B00-B372-4D04-8D0D-88EB7A8AC6E2}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8EA1D0D7-769A-4D6F-B887-4DD594CE8025}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{918CD25F-767A-4366-880F-3AB72E37F22A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{935BD48D-9601-4C34-86E8-26CC2C6381A6}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{9409CC6A-F276-4BBF-ACE5-6733086DD088}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{98158C02-87B9-4EFB-A4EC-B11FAC1E4EF8}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{9ADC4B7B-BF46-4942-A1D3-AB5CB21FE61E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{9C29918B-245D-4543-AB72-9A98ABA92907}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{9C65A499-5C5D-4FAA-B6FB-1731A46EB653}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A068F6F5-5B64-4A29-AF61-D6BA7EFA05F4}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A3CEA7BB-3A76-42B1-83B2-90308E62AC54}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A7463717-077C-4CBD-B740-58F0E9DFF5D0}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A761D541-9F61-439B-A019-EE95FBD88938}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A7BF8BBB-DBD2-4ACF-9795-A1073EAEF0A6}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A9C9394E-D51D-4E60-B05E-3588A68BE5DC}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{ADBEC2B6-8AE2-4C1A-BF1B-BF0516115C75}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{B1C21AC5-3CA3-483B-B309-7A015CE4E3D7}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{B2B16E6B-3AC5-4E22-AE81-59119F93392E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{B8475334-2AC0-46B9-905D-6AB12204F505}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{B8C614F7-BC90-498E-9B0A-9EB6ED70D149}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{BD4D79C8-975D-4646-B5CE-6C71E2727804}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{BDC17E05-35DE-4720-9436-6E42AF55A008}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{C1909538-7B65-4D75-B1F1-1D55DCC5DB8F}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{C399A6A3-BCED-4780-869F-400EA59ACEE2}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{CFCD97C1-26E9-45F6-9D85-353C5A7A571A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{D11DE71B-7C00-43AD-BFFA-6FC48820767B}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{D147F70B-7D59-465E-A864-BC6F74A7C29B}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{DC967C96-7B56-4FCE-BA3E-CB12B11E4C28}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{DDCD3DE4-0306-488C-9A0D-92A737C334FA}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{E456CE7E-73ED-4131-B946-115F5C345798}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{E5CA3BE1-5C8E-4264-80B8-D4402DE4B666}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{E70221C5-1AF2-498E-A3BF-24E7C9513A05}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{E9B77254-D85C-4353-8574-47F2B0A8399E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{EB830733-CF24-4845-9C68-F1B7B6C98691}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{EF37AA5C-A731-4070-B763-D11B58892848}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{EF55CB42-06E9-4E07-B23A-AFFFF3E5F880}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{F0B3BD32-0A83-4B8F-8AF4-8F6B78456CC9}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{F28B47FD-06D1-4582-81FD-3A79B05B4B11}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{F34B16DB-B6A5-48A7-BB57-23F31B2AFBE8}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{F7ED43F1-A9E5-4A5B-AABB-679565D7AB4D}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{FB8B200F-5F40-42D2-BA39-C62D8C49F37B}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{FD3371B6-9CFB-49A7-9EAD-11C19B73F76D}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{FDF90DD8-1145-4F55-BAF3-F733DAB5ACCF}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================Attached File  Addition.txt   36.16KB   3 downloads

BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 20 January 2016 - 06:02 PM

Hello crojj42 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Are you still with us?

:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 20 January 2016 - 08:04 PM

Hi crojj42

 

I cannot see antivirus software !

*********************************************************

Please do the following,

 

Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:
µTorrent
AppendInit
bbueyfaast
Buzzdock
Digital More
DNS Unlocker version 1.3
dollarrsaver
Driver Pro
fasttssaleir
ffrreedeelivery
FromDocToPDF
LooWraTe
OOfoferdeal
quicksHop
rocckaEtSAle
rOOcketdeal
salEoofferr
salePrizes
shopshop
Video Player1.0
YouTube Video Downloader
System Healer

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.

 

========================================================================

 

Please Let me know when you get that done.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 21 January 2016 - 06:49 PM

Hello !

 

Are you still with me?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 23 January 2016 - 02:27 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 25 January 2016 - 08:07 AM

Hi, I am still with you. For some reason I wasn't receiving any email notification of your responses. I will look into your recommendations later today and post an update.

#7 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 25 January 2016 - 01:48 PM

Hi crojj42,
 
Thank you for reply. I am waiting.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 26 January 2016 - 06:42 AM

I have removed all the items listed.

#9 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 26 January 2016 - 12:39 PM

Hi crojj42,
 

Please do the following.

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   29.15KB   7 downloads  and save it in the same directory as FRST.

 

Close all open files and folders.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 5:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 27 January 2016 - 05:13 PM

Are you still with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 27 January 2016 - 09:47 PM

Hi.  Please pardon me if I don't reply quickly.  I work very long hours so it might take me a day or so to get to things.

 

1.  Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Heba (2016-01-26 23:14:46) Run:2
Running from C:\Documents and Settings\Administrator\Desktop\FRST
Loaded Profiles: Heba (Available Profiles: Heba & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-3918639563-2636724751-2286751100-1005.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DNSMOHAWK.job => C:\Program Files\DNS UnlockerHeba
DNSMOHAWK-0?41?42?43?94?;5?    6?7?8?9?:?;?<?=?>???    0?
0?0?0?
0?0?0?0?0?0?0?0?0?0?0?0?0 ?0!?    0?
0#?0$?0%?
0&?0'?0(?0)?0*?0+?0,?
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Optscan.job => c:\documents and settings\all users\application data\{b07c1466-1379-6f24-b07c-c14661375198}\hqghumeaylnlf.exe
Task: C:\WINDOWS\Tasks\System Healer Task.job => C:\PROGRA~1\SYSTEM~1\RescueMonitor.exe
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\{7EB5450B-2A30-E4AB-1A24-D03144A66DB4}.job => powershell exe
2015-08-25 07:51 - 2015-08-23 14:29 - 00627712 _____ () C:\Program Files\DNS Unlocker\dnsmohawk.exe
2015-04-12 06:37 - 2016-01-20 05:30 - 00641296 _____ () C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe
2015-04-12 06:37 - 2016-01-20 08:35 - 00779024 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe
2016-01-20 00:29 - 2016-01-20 00:29 - 00703248 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\6\plugin.exe
2016-01-20 05:35 - 2016-01-20 05:35 - 00906512 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\5\plugin.exe
2016-01-20 05:35 - 2016-01-20 05:35 - 02105616 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\2\plugin.exe
2016-01-20 09:41 - 2016-01-20 09:41 - 00925968 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\4\plugin.exe
2016-01-20 09:41 - 2016-01-20 09:41 - 00734480 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe
2016-01-20 09:41 - 2016-01-20 09:41 - 01552656 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\8\plugin.exe
2016-01-20 09:41 - 2016-01-20 09:41 - 00524560 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\plugin.exe
2016-01-20 09:41 - 2016-01-20 09:41 - 01177360 _____ () C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\plugin.exe
2016-01-20 09:41 - 2016-01-20 09:41 - 00551696 _____ () C:\Documents and Settings\Heba\Local Settings\temp\{E456CE7E-73ED-4131-B946-115F5C345798}.dll
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB56623$:SummaryInformation
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB8912$:SummaryInformation
C:\Program Files\DNS Unlocker\dnsmohawk.exe
() C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\6\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\5\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\2\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\4\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\8\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\Plugin.exe
() C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\Plugin.exe
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [Driver Pro] => C:\Program Files\Driver Pro\DPLauncher.exe
Startup: C:\Documents and Settings\Heba\Start Menu\Programs\Startup\TornTvDownloader.lnk [2014-09-23]
ShortcutTarget: TornTvDownloader.lnk -> C:\Documents and Settings\Heba\Application Data\TornTV.com\Torntv Downloader.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-19\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-20\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVI1pcAFtIFRhGIVoPTA1CRAQOeF1dWRRBFgJBcg8MVw0TQ1EFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVI1pcAFtIFRhGIVoPTA1CRAQOeF1dWRRBFgJBcg8MVw0TQ1EFIk0FA1ADB0VXfVBdFElXTwhnKV5RFVgdbFpRJQ==
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyEyEzyyE0F0CtCyD0DyE0EtC0AtAyE0FtN0D0Tzu0StCtCzyyBtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0ByC0B0D0AyCtAtGyCzy0AyEtGyByD0D0AtGtC0F0BzztGtByBtCtB0BtCtAzyyBzytCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0BtAyEtAzzyCtGzztA0D0BtGyE0F0E0CtGzzyC0E0FtG0Fzy0E0A0CyEtBtDyByByDyC2QtN0A0LzutB&cr=726841214&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005 -> OldSearch URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyEyEzyyE0F0CtCyD0DyE0EtC0AtAyE0FtN0D0Tzu0StCtCzyyBtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0ByC0B0D0AyCtAtGyCzy0AyEtGyByD0D0AtGtC0F0BzztGtByBtCtB0BtCtAzyyBzytCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0BtAyEtAzzyCtGzztA0D0BtGyE0F0E0CtGzzyC0E0FtG0Fzy0E0A0CyEtBtDyByByDyC2QtN0A0LzutB&cr=726841214&ir=
SearchScopes: HKU\S-1-5-21-3918639563-2636724751-2286751100-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTSEcFME0FCFwEURNNfX1RBlAFQFluL0td&q={searchTerms}
BHO: suALeprriZes -> {2708DBE7-4EAA-43C5-BC64-639DDBD7EDA2} -> C:\Program Files\suALeprriZes\6RJZUcY9tJFg0l.dll [2015-08-12] ()
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVI1pcAFtIFRhGIVoPTA1CRAQOeF1dWRRBFgJBcg8MVw0TQ1EFIk0FA18DB0VXfV9eFElXTwhnKV5RFVgdbFpRJQ==
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ9bAl0QQwwXbVxZAg5cFQZGcRQABVxJDAUUd1sKVw1HFVdBJB9aFQQTR0cFME0FB18EURNNfX1RBlAFQFluL0td&q={searchTerms}
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHANAI11ZAwBFDFBCIw4VVQoUEBgbJFwATAlGFlcRdg0OVVsTRRNBNARaB0tXUUEeJl9NER8fHHFKJ1BMAFU8TkdG
FF user.js: detected! => C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\default.xml [2015-09-24]
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\dregol.xml [2015-04-12]
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\yahoo-search.xml [2015-07-23]
FF Extension: cheapcoup - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\extensions\daawzhkxlgjgeu@_bdcwgd_ibba.edu [2015-08-30] [not signed]
FF Extension: priizecouponi - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\0Hk42awqve@g.net [2015-07-22] [not signed]
FF Extension: lowPRRIcess - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\3@UZIkqF9W.com [2015-08-30] [not signed]
FF Extension: FreedelIuvEryy - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\B1pr@3ty.edu [2015-07-21] [not signed]
FF Extension: dollarrsaver - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\cdONsk@Ky0.org [2015-08-30] [not signed]
FF Extension: saAleprizes - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\D@8e.org [2015-07-21] [not signed]
FF Extension: OOfoferdeal - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\eJn3Z@ftb.com [2015-07-02] [not signed]
FF Extension: fReea2yoiuu - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\m62@N.com [2015-07-21] [not signed]
FF Extension: quicksHop - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\ohdJ7@64vCa.com [2015-07-02] [not signed]
FF Extension: bbueyfaast - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\rPuuXX@0cyPu.com [2015-08-30] [not signed]
FF Extension: coolncheAp - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\t4@bUuLsMj.org [2015-06-08] [not signed]
FF Extension: fReedeliverry - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\ueQB@H.com [2015-07-23] [not signed]
FF Extension: salePrizes - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\z@92L.com [2015-08-30] [not signed]
FF HKLM\...\Firefox\Extensions: [{55A8EC97-6AF6-442c-877F-11C51DBD162D}] - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi
FF Extension: YouTube Video Downloader Extension - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi [2014-08-13] [not signed]
FF HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files\Consumer Input\Firefox\ciff-3.2.0-12171.xpi => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\activex.js [2005-12-19]
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aomdjjfldjbbnojlonpahdajglndlomc [2014-10-02]
CHR Extension: (Sample IME for IME extension API) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin [2015-06-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmodjaihpladaednpgcbiapepghfbgam [2015-08-10]
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic [2014-09-30]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2015-07-23] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (GoToMeeting for Calendar) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch [2015-07-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Hush private bookmarking) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2015-07-16] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf [2014-09-23]
CHR Extension: (No Cyrus) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf [2015-07-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Better Battlelog BBLog) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2015-08-12] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (FromDocToPDF) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2015-07-29] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (No Name) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkaliidbdemijhjchoaoomhfifplapmi [2015-07-26]
CHR Extension: (LiveHive Email Content Tracking Analytics) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf [2015-07-21] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Turntablefm Extended) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg [2015-07-15] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Crash Bandicoot 3D Racing) - C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf [2015-05-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [igljnkmljjbhcellpnjppojkfdfmkjmp] - C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_GC.crx
R2 5d8bc28e; c:\Program Files\AppendInit\AppendInit.dll
R2 Motionless Session; C:\Program Files\Motionless Session\Motionless Session.exe [8015963 2015-07-13] () [File not signed] <==== ATTENTION
R2 Service Mgr DigitalMore; C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe [779024 2016-01-20] () <==== ATTENTION
R2 Update Mgr DigitalMore; C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe [641296 2016-01-20] () <==== ATTENTION
FF Extension: Digital More - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\{a6472983-82c2-48e2-af83-11b7750b32b5}.xpi [2015-04-11] [not signed]
S3 bvrp_pci; no ImagePath
NETSVC: EAWDMFD -> no filepath.
NETSVC: IPSECSHM -> no filepath.
NETSVC: oraclemtsrecoveryservice -> no filepath.
NETSVC: ss_mdfl -> no filepath.
2015-12-28 12:47 - 2015-12-28 12:47 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\System Healer
2015-12-28 10:19 - 2016-01-20 10:27 - 00000258 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2015-12-28 10:19 - 2016-01-19 14:23 - 00000272 _____ C:\WINDOWS\Tasks\System Healer Task.job
2015-12-28 10:19 - 2016-01-13 09:01 - 00000258 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2015-12-28 10:19 - 2015-12-28 12:47 - 00000730 _____ C:\Documents and Settings\All Users\Desktop\Launch System Healer.lnk
2015-12-28 10:19 - 2015-12-28 11:00 - 00000000 ____D C:\Documents and Settings\Heba\Application Data\System Healer
2015-12-28 10:19 - 2015-12-28 10:19 - 00000000 ____D C:\Program Files\SystemHealer
2015-12-28 10:19 - 2015-12-28 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\System Healer
2015-12-28 10:19 - 2015-12-28 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\08066650-26f3-1
2015-12-28 10:19 - 2015-12-28 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\08066650-0621-0
2015-12-22 03:24 - 2016-01-19 14:00 - 00016022 _____ C:\WINDOWS\Tasks\{7EB5450B-2A30-E4AB-1A24-D03144A66DB4}.job
C:\WINDOWS\Tasks\DNSMOHAWK.job
2016-01-20 09:24 - 2015-08-14 20:24 - 00000414 _____ C:\WINDOWS\Tasks\Optscan.job
2016-01-20 08:35 - 2015-04-12 11:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e
2016-01-20 05:30 - 2015-04-12 11:29 - 00000000 ____D C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e
2016-01-10 09:07 - 2014-01-25 13:51 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\Tasks\CIMT_S-1-5-21-3918639563-2636724751-2286751100-1005.job
2016-01-10 09:01 - 2014-09-20 02:34 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-08 15:00 - 2014-09-20 02:34 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-12-28 18:25 - 2015-05-02 04:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\12573623025830556730
2015-05-07 05:45 - 2015-08-12 19:43 - 0000079 _____ () C:\Program Files\prefs.js
2006-11-02 18:58 - 2006-11-02 18:58 - 0012358 _____ () C:\Documents and Settings\Heba\Application Data\PFP120JCM.{PB
2006-11-02 18:58 - 2006-11-02 18:58 - 0061678 _____ () C:\Documents and Settings\Heba\Application Data\PFP120JPR.{PB
2006-02-02 20:28 - 2014-10-23 13:44 - 0040536 _____ () C:\Documents and Settings\Heba\Application Data\wklnhst.dat
2011-12-18 12:45 - 2011-12-24 09:29 - 0014488 ___SH () C:\Documents and Settings\Heba\Local Settings\Application Data\685387f8b824f316q841i8kjp2q4
C:\Documents and Settings\Heba\GoToAssist_chat2way__317_en.exe
C:\Documents and Settings\Heba\hpothb07.dat
C:\Windows\Tasks\{7EB5450B-2A30-E4AB-1A24-D03144A66DB4}.job
C:\Documents and Settings\Heba\Local Settings\temp\drvprosetup.exe
C:\Documents and Settings\Heba\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Heba\Local Settings\temp\jre-8u60-windows-au.exe
C:\Documents and Settings\Heba\Local Settings\temp\optprosetup.exe
C:\Documents and Settings\Heba\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Heba\Local Settings\temp\setacl.exe
C:\Documents and Settings\Heba\Local Settings\temp\supoptsetup.exe
C:\Documents and Settings\Heba\Local Settings\temp\{032FCEA2-1AA2-4A15-A0F4-C7C41BA780CE}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{03B449DF-7FC1-47F0-8218-EF2379D01198}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{0422C8B8-8D04-4742-B862-811DA51B9A1F}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{04E0A761-73C8-4AA1-B2EE-7CB5215CC806}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{06594E9A-CCD2-4681-A210-DDD3C59B2430}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{08176016-76B1-4BBB-BF0D-27A0FCCFD3FA}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{0860860D-E162-4A2A-B7CD-536A01E91657}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{09914215-E10A-498E-A3CF-733622F36F9A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{13052303-CD15-485E-AE24-787F81E1B649}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{1E26BC68-2E72-49B9-9418-B972E1259FB7}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{216458FB-1E90-4F63-8355-744FE71FDE18}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{235F93C7-CD88-4101-A696-8D72F86D80D2}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{24D14FC6-D410-4B29-A125-8C1A6CBE0333}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{25A5B5CB-C831-45A8-910E-5916C0C7E4D1}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{2851A9A5-6142-4C97-A5F4-9EF1DB22511D}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{2CF5ED39-8CF0-4856-A86D-5C58C61FB913}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{2F2645C7-31C7-4824-9CD7-BAEF7E67DE45}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{2F8E0B37-373A-46D1-B505-F8E89DD1FF16}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{3702B19D-9A89-4830-A8C7-AE95606730A6}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{4306B016-4646-419B-8216-FF973D733D01}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{437359B2-5EB0-4F11-9C97-4F70498F77C7}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{472575F0-E2A0-47F9-9D8A-2C9467062FC2}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{49C7E8BB-7E73-4B57-B3CE-E2598CE2FE21}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{4C2354A4-D538-46E2-B6E3-A56E1964C14A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{55925D71-1CFC-4117-9BCE-A2B29009F533}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{55F41F4E-2611-4426-AE38-564AE4DA3008}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{57037337-CBA6-4643-8379-8405AACA204B}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{5CA9A899-90CA-4D29-86D7-483F2D596FFD}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{60395C5E-6E2B-4BD4-84C1-7150D619582C}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{613FE95B-F6DE-4229-BDEC-A03B9E043E8E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6280FBA3-B294-4A76-A861-AE5F12C648DB}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6A105756-C111-45A2-8A25-E2B4D685C849}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6C252244-2DC9-4D70-8571-DE6807C3E674}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6D818C7E-6894-4865-9D34-43844BDE7413}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{6E6E5C0E-0C99-453A-B8E1-FD5A47AB7FAF}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{70231715-9592-4FE6-999D-69FD3D3F7E00}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{7286B610-976D-4EDC-BDE0-5CCF7255E1DB}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{739A8B93-88F2-4966-9870-DD0029C3E73E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{78925E21-BFA6-4E8E-BA75-D2EF2CF26EC7}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{7A925B8A-ACF1-403C-BC70-571B60556E27}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8055EB00-57E0-42E7-8856-9A61D77AB32E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8888E62B-5AD4-4E39-B0F6-15785F3D76DD}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{89FEFCFF-D78C-48D5-8E18-8C6C65A7ACCB}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8B7F9DCF-E63B-4D09-AC37-9A618D646224}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8C09013E-A77C-4FA1-BEEA-F52539633A71}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8C5F00EC-6705-468E-91F1-1B9D82AF2675}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8D488188-9253-4499-907D-08EA53D0982A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8D4A6B00-B372-4D04-8D0D-88EB7A8AC6E2}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{8EA1D0D7-769A-4D6F-B887-4DD594CE8025}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{918CD25F-767A-4366-880F-3AB72E37F22A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{935BD48D-9601-4C34-86E8-26CC2C6381A6}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{9409CC6A-F276-4BBF-ACE5-6733086DD088}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{98158C02-87B9-4EFB-A4EC-B11FAC1E4EF8}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{9ADC4B7B-BF46-4942-A1D3-AB5CB21FE61E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{9C29918B-245D-4543-AB72-9A98ABA92907}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{9C65A499-5C5D-4FAA-B6FB-1731A46EB653}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A068F6F5-5B64-4A29-AF61-D6BA7EFA05F4}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A3CEA7BB-3A76-42B1-83B2-90308E62AC54}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A7463717-077C-4CBD-B740-58F0E9DFF5D0}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A761D541-9F61-439B-A019-EE95FBD88938}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A7BF8BBB-DBD2-4ACF-9795-A1073EAEF0A6}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{A9C9394E-D51D-4E60-B05E-3588A68BE5DC}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{ADBEC2B6-8AE2-4C1A-BF1B-BF0516115C75}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{B1C21AC5-3CA3-483B-B309-7A015CE4E3D7}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{B2B16E6B-3AC5-4E22-AE81-59119F93392E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{B8475334-2AC0-46B9-905D-6AB12204F505}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{B8C614F7-BC90-498E-9B0A-9EB6ED70D149}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{BD4D79C8-975D-4646-B5CE-6C71E2727804}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{BDC17E05-35DE-4720-9436-6E42AF55A008}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{C1909538-7B65-4D75-B1F1-1D55DCC5DB8F}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{C399A6A3-BCED-4780-869F-400EA59ACEE2}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{CFCD97C1-26E9-45F6-9D85-353C5A7A571A}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{D11DE71B-7C00-43AD-BFFA-6FC48820767B}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{D147F70B-7D59-465E-A864-BC6F74A7C29B}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{DC967C96-7B56-4FCE-BA3E-CB12B11E4C28}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{DDCD3DE4-0306-488C-9A0D-92A737C334FA}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{E456CE7E-73ED-4131-B946-115F5C345798}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{E5CA3BE1-5C8E-4264-80B8-D4402DE4B666}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{E70221C5-1AF2-498E-A3BF-24E7C9513A05}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{E9B77254-D85C-4353-8574-47F2B0A8399E}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{EB830733-CF24-4845-9C68-F1B7B6C98691}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{EF37AA5C-A731-4070-B763-D11B58892848}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{EF55CB42-06E9-4E07-B23A-AFFFF3E5F880}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{F0B3BD32-0A83-4B8F-8AF4-8F6B78456CC9}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{F28B47FD-06D1-4582-81FD-3A79B05B4B11}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{F34B16DB-B6A5-48A7-BB57-23F31B2AFBE8}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{F7ED43F1-A9E5-4A5B-AABB-679565D7AB4D}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{FB8B200F-5F40-42D2-BA39-C62D8C49F37B}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{FD3371B6-9CFB-49A7-9EAD-11C19B73F76D}.dll
C:\Documents and Settings\Heba\Local Settings\temp\{FDF90DD8-1145-4F55-BAF3-F733DAB5ACCF}.dll
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3918639563-2636724751-2286751100-1005_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => key removed successfully.
"HKU\S-1-5-21-3918639563-2636724751-2286751100-1005_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => key removed successfully.
"HKU\S-1-5-21-3918639563-2636724751-2286751100-1005_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => key removed successfully.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-3918639563-2636724751-2286751100-1005.job => moved successfully
C:\WINDOWS\Tasks\DNSMOHAWK.job => moved successfully
DNSMOHAWK-0?41?42?43?94?;5?    6?7?8?9?:?;?<?=?>???    0? => Error: No automatic fix found for this entry.
0?0?0? => Error: No automatic fix found for this entry.
0?0?0?0?0?0?0?0?0?0?0?0?0 ?0!?    0? => Error: No automatic fix found for this entry.
0#?0$?0%? => Error: No automatic fix found for this entry.
0&?0'?0(?0)?0*?0+?0,? => Error: No automatic fix found for this entry.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully
C:\WINDOWS\Tasks\Optscan.job => moved successfully
C:\WINDOWS\Tasks\System Healer Task.job => not found.
C:\WINDOWS\Tasks\System HealerPeriod.job => not found.
C:\WINDOWS\Tasks\System HealerStartUp.job => not found.
C:\WINDOWS\Tasks\{7EB5450B-2A30-E4AB-1A24-D03144A66DB4}.job => moved successfully
C:\Program Files\DNS Unlocker\dnsmohawk.exe => moved successfully
"C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\6\plugin.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\5\plugin.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\2\plugin.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\4\plugin.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\8\plugin.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\plugin.exe" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\plugin.exe" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{E456CE7E-73ED-4131-B946-115F5C345798}.dll" => not found.
C:\WINDOWS\$NtUninstallKB56623$ => ":SummaryInformation" ADS removed successfully..
C:\WINDOWS\$NtUninstallKB8912$ => ":SummaryInformation" ADS removed successfully..
"C:\Program Files\DNS Unlocker\dnsmohawk.exe" => not found.
C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe
C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\6\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\6\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\5\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\5\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\2\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\2\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\4\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\4\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\8\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\8\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\7\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\Plugin.exe => No running process found
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\Plugin.exe
C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\12\Plugin.exe => No running process found
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Pro => value not found.
C:\Documents and Settings\Heba\Start Menu\Programs\Startup\TornTvDownloader.lnk => moved successfully
C:\Documents and Settings\Heba\Application Data\TornTV.com\Torntv Downloader.exe => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully.
HKCR\CLSID\OldSearch => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully.
HKCR\CLSID\OldSearch => key not found.
"HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2708DBE7-4EAA-43C5-BC64-639DDBD7EDA2} => key not found.
"HKCR\CLSID\{2708DBE7-4EAA-43C5-BC64-639DDBD7EDA2}" => key removed successfully.
Firefox "homepage" removed successfully.
Firefox "Keyword.URL" removed successfully.
Firefox "newtab" removed successfully.
FF user.js: detected! => C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js => not found.
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\default.xml => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\dregol.xml => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\yahoo-search.xml => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\extensions\daawzhkxlgjgeu@_bdcwgd_ibba.edu => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\extensions\daawzhkxlgjgeu@_bdcwgd_ibba.edu => path removed successfully.
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\0Hk42awqve@g.net => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\3@UZIkqF9W.com => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\B1pr@3ty.edu => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\cdONsk@Ky0.org => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\D@8e.org => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\eJn3Z@ftb.com => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\m62@N.com => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\ohdJ7@64vCa.com => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\rPuuXX@0cyPu.com => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\t4@bUuLsMj.org => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\ueQB@H.com => moved successfully
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\z@92L.com => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{55A8EC97-6AF6-442c-877F-11C51DBD162D} => value not found.
C:\Program Files\Tomabo\YouTube Video Downloader\YTVD_FF.xpi => not found.
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\activex.js => moved successfully
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aomdjjfldjbbnojlonpahdajglndlomc => moved successfully
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin <==== ATTENTION => not found.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmodjaihpladaednpgcbiapepghfbgam => moved successfully
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic => moved successfully
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp <==== ATTENTION => not found.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch <==== ATTENTION => not found.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff <==== ATTENTION => not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf => moved successfully
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf <==== ATTENTION => not found.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma <==== ATTENTION => not found.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk <==== ATTENTION => not found.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkaliidbdemijhjchoaoomhfifplapmi => moved successfully
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf <==== ATTENTION => not found.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg <==== ATTENTION => not found.
C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf <==== ATTENTION => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\igljnkmljjbhcellpnjppojkfdfmkjmp => key not found.
5d8bc28e => service not found.
Motionless Session => service removed successfully.
Service Mgr DigitalMore => service not found.
Update Mgr DigitalMore => service not found.
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\{a6472983-82c2-48e2-af83-11b7750b32b5}.xpi => not found.
bvrp_pci => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs EAWDMFD => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs IPSECSHM => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs oraclemtsrecoveryservice => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ss_mdfl => value removed successfully.
C:\Documents and Settings\LocalService\Application Data\System Healer => moved successfully
"C:\WINDOWS\Tasks\System HealerPeriod.job" => not found.
"C:\WINDOWS\Tasks\System Healer Task.job" => not found.
"C:\WINDOWS\Tasks\System HealerStartUp.job" => not found.
"C:\Documents and Settings\All Users\Desktop\Launch System Healer.lnk" => not found.
"C:\Documents and Settings\Heba\Application Data\System Healer" => not found.
"C:\Program Files\SystemHealer" => not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\System Healer" => not found.
C:\Documents and Settings\All Users\Application Data\08066650-26f3-1 => moved successfully
C:\Documents and Settings\All Users\Application Data\08066650-0621-0 => moved successfully
"C:\WINDOWS\Tasks\{7EB5450B-2A30-E4AB-1A24-D03144A66DB4}.job" => not found.
"C:\WINDOWS\Tasks\DNSMOHAWK.job" => not found.
"C:\WINDOWS\Tasks\Optscan.job" => not found.
"C:\Documents and Settings\All Users\Application Data\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e" => not found.
"C:\Program Files\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e" => not found.
C:\WINDOWS\system32\d3d9caps.dat => moved successfully
"C:\WINDOWS\Tasks\CIMT_S-1-5-21-3918639563-2636724751-2286751100-1005.job" => not found.
"C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job" => not found.
"C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job" => not found.
C:\Documents and Settings\All Users\Application Data\12573623025830556730 => moved successfully
C:\Program Files\prefs.js => moved successfully
C:\Documents and Settings\Heba\Application Data\PFP120JCM.{PB => moved successfully
C:\Documents and Settings\Heba\Application Data\PFP120JPR.{PB => moved successfully
C:\Documents and Settings\Heba\Application Data\wklnhst.dat => moved successfully
C:\Documents and Settings\Heba\Local Settings\Application Data\685387f8b824f316q841i8kjp2q4 => moved successfully
C:\Documents and Settings\Heba\GoToAssist_chat2way__317_en.exe => moved successfully
C:\Documents and Settings\Heba\hpothb07.dat => moved successfully
"C:\Windows\Tasks\{7EB5450B-2A30-E4AB-1A24-D03144A66DB4}.job" => not found.
C:\Documents and Settings\Heba\Local Settings\temp\drvprosetup.exe => moved successfully
C:\Documents and Settings\Heba\Local Settings\temp\jre-8u51-windows-au.exe => moved successfully
C:\Documents and Settings\Heba\Local Settings\temp\jre-8u60-windows-au.exe => moved successfully
C:\Documents and Settings\Heba\Local Settings\temp\optprosetup.exe => moved successfully
C:\Documents and Settings\Heba\Local Settings\temp\Quarantine.exe => moved successfully
C:\Documents and Settings\Heba\Local Settings\temp\setacl.exe => moved successfully
C:\Documents and Settings\Heba\Local Settings\temp\supoptsetup.exe => moved successfully
"C:\Documents and Settings\Heba\Local Settings\temp\{032FCEA2-1AA2-4A15-A0F4-C7C41BA780CE}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{03B449DF-7FC1-47F0-8218-EF2379D01198}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{0422C8B8-8D04-4742-B862-811DA51B9A1F}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{04E0A761-73C8-4AA1-B2EE-7CB5215CC806}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{06594E9A-CCD2-4681-A210-DDD3C59B2430}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{08176016-76B1-4BBB-BF0D-27A0FCCFD3FA}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{0860860D-E162-4A2A-B7CD-536A01E91657}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{09914215-E10A-498E-A3CF-733622F36F9A}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{13052303-CD15-485E-AE24-787F81E1B649}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{1E26BC68-2E72-49B9-9418-B972E1259FB7}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{216458FB-1E90-4F63-8355-744FE71FDE18}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{235F93C7-CD88-4101-A696-8D72F86D80D2}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{24D14FC6-D410-4B29-A125-8C1A6CBE0333}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{25A5B5CB-C831-45A8-910E-5916C0C7E4D1}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{2851A9A5-6142-4C97-A5F4-9EF1DB22511D}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{2CF5ED39-8CF0-4856-A86D-5C58C61FB913}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{2F2645C7-31C7-4824-9CD7-BAEF7E67DE45}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{2F8E0B37-373A-46D1-B505-F8E89DD1FF16}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{3702B19D-9A89-4830-A8C7-AE95606730A6}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{4306B016-4646-419B-8216-FF973D733D01}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{437359B2-5EB0-4F11-9C97-4F70498F77C7}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{472575F0-E2A0-47F9-9D8A-2C9467062FC2}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{49C7E8BB-7E73-4B57-B3CE-E2598CE2FE21}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{4C2354A4-D538-46E2-B6E3-A56E1964C14A}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{55925D71-1CFC-4117-9BCE-A2B29009F533}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{55F41F4E-2611-4426-AE38-564AE4DA3008}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{57037337-CBA6-4643-8379-8405AACA204B}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{5CA9A899-90CA-4D29-86D7-483F2D596FFD}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{60395C5E-6E2B-4BD4-84C1-7150D619582C}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{613FE95B-F6DE-4229-BDEC-A03B9E043E8E}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{6280FBA3-B294-4A76-A861-AE5F12C648DB}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{6A105756-C111-45A2-8A25-E2B4D685C849}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{6C252244-2DC9-4D70-8571-DE6807C3E674}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{6D818C7E-6894-4865-9D34-43844BDE7413}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{6E6E5C0E-0C99-453A-B8E1-FD5A47AB7FAF}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{70231715-9592-4FE6-999D-69FD3D3F7E00}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{7286B610-976D-4EDC-BDE0-5CCF7255E1DB}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{739A8B93-88F2-4966-9870-DD0029C3E73E}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{78925E21-BFA6-4E8E-BA75-D2EF2CF26EC7}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{7A925B8A-ACF1-403C-BC70-571B60556E27}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{8055EB00-57E0-42E7-8856-9A61D77AB32E}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{8888E62B-5AD4-4E39-B0F6-15785F3D76DD}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{89FEFCFF-D78C-48D5-8E18-8C6C65A7ACCB}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{8B7F9DCF-E63B-4D09-AC37-9A618D646224}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{8C09013E-A77C-4FA1-BEEA-F52539633A71}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{8C5F00EC-6705-468E-91F1-1B9D82AF2675}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{8D488188-9253-4499-907D-08EA53D0982A}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{8D4A6B00-B372-4D04-8D0D-88EB7A8AC6E2}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{8EA1D0D7-769A-4D6F-B887-4DD594CE8025}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{918CD25F-767A-4366-880F-3AB72E37F22A}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{935BD48D-9601-4C34-86E8-26CC2C6381A6}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{9409CC6A-F276-4BBF-ACE5-6733086DD088}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{98158C02-87B9-4EFB-A4EC-B11FAC1E4EF8}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{9ADC4B7B-BF46-4942-A1D3-AB5CB21FE61E}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{9C29918B-245D-4543-AB72-9A98ABA92907}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{9C65A499-5C5D-4FAA-B6FB-1731A46EB653}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{A068F6F5-5B64-4A29-AF61-D6BA7EFA05F4}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{A3CEA7BB-3A76-42B1-83B2-90308E62AC54}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{A7463717-077C-4CBD-B740-58F0E9DFF5D0}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{A761D541-9F61-439B-A019-EE95FBD88938}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{A7BF8BBB-DBD2-4ACF-9795-A1073EAEF0A6}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{A9C9394E-D51D-4E60-B05E-3588A68BE5DC}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{ADBEC2B6-8AE2-4C1A-BF1B-BF0516115C75}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{B1C21AC5-3CA3-483B-B309-7A015CE4E3D7}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{B2B16E6B-3AC5-4E22-AE81-59119F93392E}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{B8475334-2AC0-46B9-905D-6AB12204F505}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{B8C614F7-BC90-498E-9B0A-9EB6ED70D149}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{BD4D79C8-975D-4646-B5CE-6C71E2727804}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{BDC17E05-35DE-4720-9436-6E42AF55A008}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{C1909538-7B65-4D75-B1F1-1D55DCC5DB8F}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{C399A6A3-BCED-4780-869F-400EA59ACEE2}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{CFCD97C1-26E9-45F6-9D85-353C5A7A571A}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{D11DE71B-7C00-43AD-BFFA-6FC48820767B}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{D147F70B-7D59-465E-A864-BC6F74A7C29B}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{DC967C96-7B56-4FCE-BA3E-CB12B11E4C28}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{DDCD3DE4-0306-488C-9A0D-92A737C334FA}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{E456CE7E-73ED-4131-B946-115F5C345798}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{E5CA3BE1-5C8E-4264-80B8-D4402DE4B666}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{E70221C5-1AF2-498E-A3BF-24E7C9513A05}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{E9B77254-D85C-4353-8574-47F2B0A8399E}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{EB830733-CF24-4845-9C68-F1B7B6C98691}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{EF37AA5C-A731-4070-B763-D11B58892848}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{EF55CB42-06E9-4E07-B23A-AFFFF3E5F880}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{F0B3BD32-0A83-4B8F-8AF4-8F6B78456CC9}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{F28B47FD-06D1-4582-81FD-3A79B05B4B11}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{F34B16DB-B6A5-48A7-BB57-23F31B2AFBE8}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{F7ED43F1-A9E5-4A5B-AABB-679565D7AB4D}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{FB8B200F-5F40-42D2-BA39-C62D8C49F37B}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{FD3371B6-9CFB-49A7-9EAD-11C19B73F76D}.dll" => not found.
"C:\Documents and Settings\Heba\Local Settings\temp\{FDF90DD8-1145-4F55-BAF3-F733DAB5ACCF}.dll" => not found.
EmptyTemp: => 3.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:20:27 ====

 

 

 

2.  AdwCleaner:

 

# AdwCleaner v5.031 - Logfile created 26/01/2016 at 23:26:37
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Heba - DAHAB
# Running from : C:\Documents and Settings\Heba\Desktop\adwcleaner_5.031.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\All Users\Application Data\shopshop
Folder Found : C:\Documents and Settings\All Users\Application Data\eoeillmlfljaaebddfhdbmnjgmnigpmd
Folder Found : C:\Documents and Settings\All Users\Application Data\pcpdpfagdemccpfaaoeilpoppplkiado
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\DriverToolkit
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf
Folder Found : C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
Folder Found : C:\Program Files\Consumer Input
Folder Found : C:\Program Files\DNS Unlocker
Folder Found : C:\Program Files\DriverToolkit
Folder Found : C:\Program Files\bbueyfaast
Folder Found : C:\Program Files\buyfasT
Folder Found : C:\Program Files\coolncheAp
Folder Found : C:\Program Files\dollarrsaver
Folder Found : C:\Program Files\dollarsaaver
Folder Found : C:\Program Files\fasttssaleir
Folder Found : C:\Program Files\ffReedeElIvery
Folder Found : C:\Program Files\ffrreedeelivery
Folder Found : C:\Program Files\free2yoau
Folder Found : C:\Program Files\free2Yoou
Folder Found : C:\Program Files\fReea2yoiuu
Folder Found : C:\Program Files\FreEdeelivery
Folder Found : C:\Program Files\FreedelIuvEryy
Folder Found : C:\Program Files\fReedeliverry
Folder Found : C:\Program Files\fureeedelivery
Folder Found : C:\Program Files\llowPrices
Folder Found : C:\Program Files\LooWraTe
Folder Found : C:\Program Files\lowpriceS
Folder Found : C:\Program Files\lowPRRIcess
Folder Found : C:\Program Files\oafferdEuaal
Folder Found : C:\Program Files\oeffieurdeal
Folder Found : C:\Program Files\offeRdeeaiL
Folder Found : C:\Program Files\OOfoferdeal
Folder Found : C:\Program Files\prizecaouPooN
Folder Found : C:\Program Files\prIzoecoupon
Folder Found : C:\Program Files\pruizeccoupon
Folder Found : C:\Program Files\quicckshoep
Folder Found : C:\Program Files\quicksHop
Folder Found : C:\Program Files\quICkshopp
Folder Found : C:\Program Files\rocckaEtSAle
Folder Found : C:\Program Files\rocckeettsalee
Folder Found : C:\Program Files\roccketsaale
Folder Found : C:\Program Files\rOOcketdeal
Folder Found : C:\Program Files\saalepriizess
Folder Found : C:\Program Files\saAleprizes
Folder Found : C:\Program Files\saaLepRIzoes
Folder Found : C:\Program Files\saleofFeer
Folder Found : C:\Program Files\saleofFer
Folder Found : C:\Program Files\salEoofferr
Folder Found : C:\Program Files\saLeprizes
Folder Found : C:\Program Files\suALeprriZes
Folder Found : C:\Program Files\FromDocToPDF
Folder Found : C:\Program Files\Common Files\download Manager

***** [ Files ] *****

File Found : C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js
File Found : C:\Program Files\Mozilla Firefox\dbghelp.dll

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Key Found : HKLM\SOFTWARE\Classes\P03CCBF7F_38EA_4135_88AD_976F04975EDA_.P03CCBF7F_38EA_4135_88AD_976F04975EDA_
Key Found : HKLM\SOFTWARE\Classes\P03CCBF7F_38EA_4135_88AD_976F04975EDA_.P03CCBF7F_38EA_4135_88AD_976F04975EDA_.9
Key Found : HKLM\SOFTWARE\Classes\P05A9D5A8_D570_4E9D_A5EE_08BC50E48E9D_.P05A9D5A8_D570_4E9D_A5EE_08BC50E48E9D_
Key Found : HKLM\SOFTWARE\Classes\P05A9D5A8_D570_4E9D_A5EE_08BC50E48E9D_.P05A9D5A8_D570_4E9D_A5EE_08BC50E48E9D_.9
Key Found : HKLM\SOFTWARE\Classes\P06FAB15D_B7A8_44C6_A1C3_4EBD6C29F789_.P06FAB15D_B7A8_44C6_A1C3_4EBD6C29F789_
Key Found : HKLM\SOFTWARE\Classes\P06FAB15D_B7A8_44C6_A1C3_4EBD6C29F789_.P06FAB15D_B7A8_44C6_A1C3_4EBD6C29F789_.9
Key Found : HKLM\SOFTWARE\Classes\P0A6A2837_FCE3_4FB1_B53E_2CA92C02507A_.P0A6A2837_FCE3_4FB1_B53E_2CA92C02507A_
Key Found : HKLM\SOFTWARE\Classes\P0A6A2837_FCE3_4FB1_B53E_2CA92C02507A_.P0A6A2837_FCE3_4FB1_B53E_2CA92C02507A_.9
Key Found : HKLM\SOFTWARE\Classes\P0B0C33DC_FB22_4B93_9CA0_2D187E8ECBA2_.P0B0C33DC_FB22_4B93_9CA0_2D187E8ECBA2_
Key Found : HKLM\SOFTWARE\Classes\P0B0C33DC_FB22_4B93_9CA0_2D187E8ECBA2_.P0B0C33DC_FB22_4B93_9CA0_2D187E8ECBA2_.9
Key Found : HKLM\SOFTWARE\Classes\P20BAE723_994B_4FC0_A40F_D38670B89196_.P20BAE723_994B_4FC0_A40F_D38670B89196_
Key Found : HKLM\SOFTWARE\Classes\P20BAE723_994B_4FC0_A40F_D38670B89196_.P20BAE723_994B_4FC0_A40F_D38670B89196_.9
Key Found : HKLM\SOFTWARE\Classes\P2DCAEF8A_AF96_4886_B056_2356EDAB2586_.P2DCAEF8A_AF96_4886_B056_2356EDAB2586_
Key Found : HKLM\SOFTWARE\Classes\P2DCAEF8A_AF96_4886_B056_2356EDAB2586_.P2DCAEF8A_AF96_4886_B056_2356EDAB2586_.9
Key Found : HKLM\SOFTWARE\Classes\P320FD685_C119_46C4_A051_D71E0A9067D2_.P320FD685_C119_46C4_A051_D71E0A9067D2_
Key Found : HKLM\SOFTWARE\Classes\P320FD685_C119_46C4_A051_D71E0A9067D2_.P320FD685_C119_46C4_A051_D71E0A9067D2_.9
Key Found : HKLM\SOFTWARE\Classes\P3C6F9AD4_73A2_4CDC_A699_70E6A33F0DA8_.P3C6F9AD4_73A2_4CDC_A699_70E6A33F0DA8_
Key Found : HKLM\SOFTWARE\Classes\P3C6F9AD4_73A2_4CDC_A699_70E6A33F0DA8_.P3C6F9AD4_73A2_4CDC_A699_70E6A33F0DA8_.9
Key Found : HKLM\SOFTWARE\Classes\P4afc3041_1314_44f5_ad2c_e33225fbae56_.P4afc3041_1314_44f5_ad2c_e33225fbae56_
Key Found : HKLM\SOFTWARE\Classes\P4afc3041_1314_44f5_ad2c_e33225fbae56_.P4afc3041_1314_44f5_ad2c_e33225fbae56_.9
Key Found : HKLM\SOFTWARE\Classes\P59ABE532_9656_4F3E_9952_E11DC3B60B18_.P59ABE532_9656_4F3E_9952_E11DC3B60B18_
Key Found : HKLM\SOFTWARE\Classes\P59ABE532_9656_4F3E_9952_E11DC3B60B18_.P59ABE532_9656_4F3E_9952_E11DC3B60B18_.9
Key Found : HKLM\SOFTWARE\Classes\P5D9E0452_0FE7_4C9E_BA4B_D983659BA490_.P5D9E0452_0FE7_4C9E_BA4B_D983659BA490_
Key Found : HKLM\SOFTWARE\Classes\P5D9E0452_0FE7_4C9E_BA4B_D983659BA490_.P5D9E0452_0FE7_4C9E_BA4B_D983659BA490_.9
Key Found : HKLM\SOFTWARE\Classes\P645AD1AF_11C0_401F_9699_5D210632E7FA_.P645AD1AF_11C0_401F_9699_5D210632E7FA_
Key Found : HKLM\SOFTWARE\Classes\P645AD1AF_11C0_401F_9699_5D210632E7FA_.P645AD1AF_11C0_401F_9699_5D210632E7FA_.9
Key Found : HKLM\SOFTWARE\Classes\P6B4F92A1_60C0_4667_979D_5544BF3E9DB9_.P6B4F92A1_60C0_4667_979D_5544BF3E9DB9_
Key Found : HKLM\SOFTWARE\Classes\P6B4F92A1_60C0_4667_979D_5544BF3E9DB9_.P6B4F92A1_60C0_4667_979D_5544BF3E9DB9_.9
Key Found : HKLM\SOFTWARE\Classes\P7267B194_FE39_406A_8ED0_2410C4385BB2_.P7267B194_FE39_406A_8ED0_2410C4385BB2_
Key Found : HKLM\SOFTWARE\Classes\P7267B194_FE39_406A_8ED0_2410C4385BB2_.P7267B194_FE39_406A_8ED0_2410C4385BB2_.9
Key Found : HKLM\SOFTWARE\Classes\P843BF97B_753A_4499_B12A_D4FAF8BBBE1D_.P843BF97B_753A_4499_B12A_D4FAF8BBBE1D_
Key Found : HKLM\SOFTWARE\Classes\P843BF97B_753A_4499_B12A_D4FAF8BBBE1D_.P843BF97B_753A_4499_B12A_D4FAF8BBBE1D_.9
Key Found : HKLM\SOFTWARE\Classes\P8A192A4E_1217_4898_B510_C5916B3E96D4_.P8A192A4E_1217_4898_B510_C5916B3E96D4_
Key Found : HKLM\SOFTWARE\Classes\P8A192A4E_1217_4898_B510_C5916B3E96D4_.P8A192A4E_1217_4898_B510_C5916B3E96D4_.9
Key Found : HKLM\SOFTWARE\Classes\P8F090BD0_1F62_4C49_B4EB_8EB20D504DE8_.P8F090BD0_1F62_4C49_B4EB_8EB20D504DE8_
Key Found : HKLM\SOFTWARE\Classes\P8F090BD0_1F62_4C49_B4EB_8EB20D504DE8_.P8F090BD0_1F62_4C49_B4EB_8EB20D504DE8_.9
Key Found : HKLM\SOFTWARE\Classes\P96804B83_C9D9_4703_91F1_D3AC678D3EB4_.P96804B83_C9D9_4703_91F1_D3AC678D3EB4_
Key Found : HKLM\SOFTWARE\Classes\P96804B83_C9D9_4703_91F1_D3AC678D3EB4_.P96804B83_C9D9_4703_91F1_D3AC678D3EB4_.9
Key Found : HKLM\SOFTWARE\Classes\P974D2430_1FCD_411A_8713_26B936FBEF14_.P974D2430_1FCD_411A_8713_26B936FBEF14_
Key Found : HKLM\SOFTWARE\Classes\P974D2430_1FCD_411A_8713_26B936FBEF14_.P974D2430_1FCD_411A_8713_26B936FBEF14_.9
Key Found : HKLM\SOFTWARE\Classes\P9CC77D3E_C6BF_49AE_A2AA_8C54E5B3B7CC_.P9CC77D3E_C6BF_49AE_A2AA_8C54E5B3B7CC_
Key Found : HKLM\SOFTWARE\Classes\P9CC77D3E_C6BF_49AE_A2AA_8C54E5B3B7CC_.P9CC77D3E_C6BF_49AE_A2AA_8C54E5B3B7CC_.9
Key Found : HKLM\SOFTWARE\Classes\PA21E2D7F_3F22_4530_AEE0_F6A380311A0A_.PA21E2D7F_3F22_4530_AEE0_F6A380311A0A_
Key Found : HKLM\SOFTWARE\Classes\PA21E2D7F_3F22_4530_AEE0_F6A380311A0A_.PA21E2D7F_3F22_4530_AEE0_F6A380311A0A_.9
Key Found : HKLM\SOFTWARE\Classes\PA4CE3216_D614_4256_B039_D5C168E6F8D5_.PA4CE3216_D614_4256_B039_D5C168E6F8D5_
Key Found : HKLM\SOFTWARE\Classes\PA4CE3216_D614_4256_B039_D5C168E6F8D5_.PA4CE3216_D614_4256_B039_D5C168E6F8D5_.9
Key Found : HKLM\SOFTWARE\Classes\PA6AA185F_9D78_4040_8A34_C482656780FF_.PA6AA185F_9D78_4040_8A34_C482656780FF_
Key Found : HKLM\SOFTWARE\Classes\PA6AA185F_9D78_4040_8A34_C482656780FF_.PA6AA185F_9D78_4040_8A34_C482656780FF_.9
Key Found : HKLM\SOFTWARE\Classes\PAAF07A7F_CE78_4A07_97C7_34BA7D01C083_.PAAF07A7F_CE78_4A07_97C7_34BA7D01C083_
Key Found : HKLM\SOFTWARE\Classes\PAAF07A7F_CE78_4A07_97C7_34BA7D01C083_.PAAF07A7F_CE78_4A07_97C7_34BA7D01C083_.9
Key Found : HKLM\SOFTWARE\Classes\PBDB3902F_2CAF_455B_933B_13DE2C2225E7_.PBDB3902F_2CAF_455B_933B_13DE2C2225E7_
Key Found : HKLM\SOFTWARE\Classes\PBDB3902F_2CAF_455B_933B_13DE2C2225E7_.PBDB3902F_2CAF_455B_933B_13DE2C2225E7_.9
Key Found : HKLM\SOFTWARE\Classes\PD470F940_D828_4FD8_B5C7_A289D32CEDA0_.PD470F940_D828_4FD8_B5C7_A289D32CEDA0_
Key Found : HKLM\SOFTWARE\Classes\PD470F940_D828_4FD8_B5C7_A289D32CEDA0_.PD470F940_D828_4FD8_B5C7_A289D32CEDA0_.9
Key Found : HKLM\SOFTWARE\Classes\Pf4744d81_9606_4291_a772_bf635ede6612_.Pf4744d81_9606_4291_a772_bf635ede6612_
Key Found : HKLM\SOFTWARE\Classes\Pf4744d81_9606_4291_a772_bf635ede6612_.Pf4744d81_9606_4291_a772_bf635ede6612_.9
Key Found : HKLM\SOFTWARE\Classes\PF9D15777_C42A_4CAF_8BBA_E2508A0E2DE8_.PF9D15777_C42A_4CAF_8BBA_E2508A0E2DE8_
Key Found : HKLM\SOFTWARE\Classes\PF9D15777_C42A_4CAF_8BBA_E2508A0E2DE8_.PF9D15777_C42A_4CAF_8BBA_E2508A0E2DE8_.9
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [CinPlus-2.5cTube HDV23.09-bg.exe]
Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Found : HKLM\SOFTWARE\dc3a1a1f-430c-e530-9d0a-18cb0e2bd4ad
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03CCBF7F-38EA-4135-88AD-976F04975EDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05A9D5A8-D570-4E9D-A5EE-08BC50E48E9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{06FAB15D-B7A8-44C6-A1C3-4EBD6C29F789}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0A6A2837-FCE3-4FB1-B53E-2CA92C02507A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B0C33DC-FB22-4B93-9CA0-2D187E8ECBA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20BAE723-994B-4FC0-A40F-D38670B89196}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2DCAEF8A-AF96-4886-B056-2356EDAB2586}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{320FD685-C119-46C4-A051-D71E0A9067D2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C6F9AD4-73A2-4CDC-A699-70E6A33F0DA8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4afc3041-1314-44f5-ad2c-e33225fbae56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59ABE532-9656-4F3E-9952-E11DC3B60B18}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D9E0452-0FE7-4C9E-BA4B-D983659BA490}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{645AD1AF-11C0-401F-9699-5D210632E7FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6B4F92A1-60C0-4667-979D-5544BF3E9DB9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7267B194-FE39-406A-8ED0-2410C4385BB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{843BF97B-753A-4499-B12A-D4FAF8BBBE1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8A192A4E-1217-4898-B510-C5916B3E96D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F090BD0-1F62-4C49-B4EB-8EB20D504DE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96804B83-C9D9-4703-91F1-D3AC678D3EB4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{974D2430-1FCD-411A-8713-26B936FBEF14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CC77D3E-C6BF-49AE-A2AA-8C54E5B3B7CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A21E2D7F-3F22-4530-AEE0-F6A380311A0A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4CE3216-D614-4256-B039-D5C168E6F8D5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6AA185F-9D78-4040-8A34-C482656780FF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AAF07A7F-CE78-4A07-97C7-34BA7D01C083}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDB3902F-2CAF-455B-933B-13DE2C2225E7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D470F940-D828-4FD8-B5C7-A289D32CEDA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{f4744d81-9606-4291-a772-bf635ede6612}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9D15777-C42A-4CAF-8BBA-E2508A0E2DE8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Key Found : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Key Found : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DCAEF8A-AF96-4886-B056-2356EDAB2586}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2DCAEF8A-AF96-4886-B056-2356EDAB2586}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03CCBF7F-38EA-4135-88AD-976F04975EDA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{05A9D5A8-D570-4E9D-A5EE-08BC50E48E9D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{06FAB15D-B7A8-44C6-A1C3-4EBD6C29F789}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A6A2837-FCE3-4FB1-B53E-2CA92C02507A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0B0C33DC-FB22-4B93-9CA0-2D187E8ECBA2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{20BAE723-994B-4FC0-A40F-D38670B89196}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2DCAEF8A-AF96-4886-B056-2356EDAB2586}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{320FD685-C119-46C4-A051-D71E0A9067D2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3C6F9AD4-73A2-4CDC-A699-70E6A33F0DA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4afc3041-1314-44f5-ad2c-e33225fbae56}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{59ABE532-9656-4F3E-9952-E11DC3B60B18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5D9E0452-0FE7-4C9E-BA4B-D983659BA490}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{645AD1AF-11C0-401F-9699-5D210632E7FA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6B4F92A1-60C0-4667-979D-5544BF3E9DB9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7267B194-FE39-406A-8ED0-2410C4385BB2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{843BF97B-753A-4499-B12A-D4FAF8BBBE1D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8A192A4E-1217-4898-B510-C5916B3E96D4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F090BD0-1F62-4C49-B4EB-8EB20D504DE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96804B83-C9D9-4703-91F1-D3AC678D3EB4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{974D2430-1FCD-411A-8713-26B936FBEF14}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CC77D3E-C6BF-49AE-A2AA-8C54E5B3B7CC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A21E2D7F-3F22-4530-AEE0-F6A380311A0A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4CE3216-D614-4256-B039-D5C168E6F8D5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A6AA185F-9D78-4040-8A34-C482656780FF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AAF07A7F-CE78-4A07-97C7-34BA7D01C083}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BDB3902F-2CAF-455B-933B-13DE2C2225E7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D470F940-D828-4FD8-B5C7-A289D32CEDA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f4744d81-9606-4291-a772-bf635ede6612}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9D15777-C42A-4CAF-8BBA-E2508A0E2DE8}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{03CCBF7F-38EA-4135-88AD-976F04975EDA}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{05A9D5A8-D570-4E9D-A5EE-08BC50E48E9D}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{06FAB15D-B7A8-44C6-A1C3-4EBD6C29F789}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{0A6A2837-FCE3-4FB1-B53E-2CA92C02507A}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{0B0C33DC-FB22-4B93-9CA0-2D187E8ECBA2}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{20BAE723-994B-4FC0-A40F-D38670B89196}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{2DCAEF8A-AF96-4886-B056-2356EDAB2586}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{320FD685-C119-46C4-A051-D71E0A9067D2}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3C6F9AD4-73A2-4CDC-A699-70E6A33F0DA8}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{4afc3041-1314-44f5-ad2c-e33225fbae56}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{59ABE532-9656-4F3E-9952-E11DC3B60B18}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{5D9E0452-0FE7-4C9E-BA4B-D983659BA490}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{645AD1AF-11C0-401F-9699-5D210632E7FA}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{6B4F92A1-60C0-4667-979D-5544BF3E9DB9}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{7267B194-FE39-406A-8ED0-2410C4385BB2}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{843BF97B-753A-4499-B12A-D4FAF8BBBE1D}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{8A192A4E-1217-4898-B510-C5916B3E96D4}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{8F090BD0-1F62-4C49-B4EB-8EB20D504DE8}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{96804B83-C9D9-4703-91F1-D3AC678D3EB4}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{974D2430-1FCD-411A-8713-26B936FBEF14}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{9CC77D3E-C6BF-49AE-A2AA-8C54E5B3B7CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A21E2D7F-3F22-4530-AEE0-F6A380311A0A}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A4CE3216-D614-4256-B039-D5C168E6F8D5}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A6AA185F-9D78-4040-8A34-C482656780FF}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{AAF07A7F-CE78-4A07-97C7-34BA7D01C083}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{BDB3902F-2CAF-455B-933B-13DE2C2225E7}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D470F940-D828-4FD8-B5C7-A289D32CEDA0}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{f4744d81-9606-4291-a772-bf635ede6612}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{F9D15777-C42A-4CAF-8BBA-E2508A0E2DE8}]
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A21E2D7F-3F22-4530-AEE0-F6A380311A0A}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{D470F940-D828-4FD8-B5C7-A289D32CEDA0}
Key Found : HKCU\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Driver Pro
Key Found : HKCU\Software\DriverToolkit
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\TornTv Downloader
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\SiteSee
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78B72F2B-0468-A7AC-ECEE-02C79EC3EF0B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital More
Key Found : HKU\.DEFAULT\Software\StartNow Toolbar
Key Found : HKU\.DEFAULT\Software\System Healer
Key Found : HKU\.DEFAULT\Software\TornTv Downloader
Key Found : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{165B91E0-6835-43C6-8515-8A96CCF0A8D6} [NameServer] - 199.203.131.150,82.163.143.168
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8F038740-0FF0-4C33-9609-B70A137CCC34} [NameServer] - 199.203.131.150,82.163.143.168
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C5969C69-ADB3-4BA4-88F9-F49251721D5D} [NameServer] - 199.203.131.150,82.163.143.168
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{165B91E0-6835-43C6-8515-8A96CCF0A8D6} [NameServer] - 199.203.131.150,82.163.143.168
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{8F038740-0FF0-4C33-9609-B70A137CCC34} [NameServer] - 199.203.131.150,82.163.143.168
Data Found : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C5969C69-ADB3-4BA4-88F9-F49251721D5D} [NameServer] - 199.203.131.150,82.163.143.168
Key Found : HKCU\Software\Classes\TornTvDownloader.File

***** [ Web browsers ] *****

[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.3WwhuGym6UZsVUjL.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.3WwhuGym6UZsVUjL.url", "hxxp://liversional.org/sync2/?q=hfZ9ofqUqjnMCyVUojwErTaErchTB6lKDzt4olljtNtVh7n0rjkEqHsHrjrHqjr9tMFHhd9Fqja6rTrFqTaFrjwMDMlGojUMAe4Uojr9rTnFrHUHpjU9qjY5qj[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.DAks8PHlZRKPaEqx.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.DwxVdS0vcc3LHLoI.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.DwxVdS0vcc3LHLoI.url", "hxxp://liversions.info/sync2/?q=hfZ9ofrFrTwMCyVUojwErTaErchTB6lKDzt4olljtNtVh7n0rjkEqjs6rjs8qja6tMFHhd9Fqja7rdYGrjr4qdaMDMlGojUMAe4Uojr9rTnFrHUHpjU9qjY5qj[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.GBsA8Mw3BrMjiVtX.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.N0eniwfJWplZGcRV.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.Tst4NhIDiUW5HhUg.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.Zw0a47fLxeaDFvRq.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.Zw0a47fLxeaDFvRq.url", "hxxp://dogreality.info/sync2/?q=hfZ9oehGhekGWe08pchEAen0rjaGrdaEtMqLDe49CNU0llrMCMlNhd9Fqja6rdUGrHa6qdCMBzqUojw8rdCGrjw7qdrGqSh7hfs0pihPBMn0rHnGqdwHpjr4pj[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.bpviQ7GNp2GA3ewO.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.cpfKUBO4glcFwCWS.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.cpfKUBO4glcFwCWS.url", "hxxp://artplaceparent.info/sync2/?q=hfZ9oemLByFHhchEAen0rjaGrdaEtMqLDe49CNU0llrMCMlNhd9Fqja5rjaGrHk5qdnMBzqUojw8rdYHrjaHrdUHrih7hfs0pihPBMn0rHnGqdwHpjr4pj[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.l8XEm9vB4K5oRlf7.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.p60S3FqxuYtQ3bsY.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js] [Preference] Found : user_pref("extensions.sFcO6rXEGeTRqAxc.scode", "(function(){try{if(window.location.href.indexOf(\"qdgFrjaFrHCErjs6pjs9qdg5rY\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\"[...]
[C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : WebSearch

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [42636 bytes] ##########
 


3.  Junkware removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Microsoft Windows XP x86
Ran by Heba (Administrator) on Tue 01/26/2016 at 23:33:24.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 34

Successfully deleted: C:\Documents and Settings\Heba\Application Data\compete (Folder)
Successfully deleted: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js (File)
Successfully deleted: C:\Documents and Settings\Heba\Local Settings\Application Data\drivertoolkit (Folder)
Successfully deleted: C:\Documents and Settings\Heba\My Documents\optimizer pro (Folder)
Successfully deleted: C:\Program Files\fasttssaleir (Folder)
Successfully deleted: C:\Program Files\ffReedeElIvery (Folder)
Successfully deleted: C:\Program Files\free2yoau (Folder)
Successfully deleted: C:\Program Files\FreEdeelivery (Folder)
Successfully deleted: C:\Program Files\fureeedelivery (Folder)
Successfully deleted: C:\Program Files\llowPrices (Folder)
Successfully deleted: C:\Program Files\LooWraTe (Folder)
Successfully deleted: C:\Program Files\lowpriceS (Folder)
Successfully deleted: C:\Program Files\oafferdEuaal (Folder)
Successfully deleted: C:\Program Files\oeffieurdeal (Folder)
Successfully deleted: C:\Program Files\offeRdeeaiL (Folder)
Successfully deleted: C:\Program Files\prizecaouPooN (Folder)
Successfully deleted: C:\Program Files\prIzoecoupon (Folder)
Successfully deleted: C:\Program Files\pruizeccoupon (Folder)
Successfully deleted: C:\Program Files\quicckshoep (Folder)
Successfully deleted: C:\Program Files\quICkshopp (Folder)
Successfully deleted: C:\Program Files\rocckaEtSAle (Folder)
Successfully deleted: C:\Program Files\roccketsaale (Folder)
Successfully deleted: C:\Program Files\rOOcketdeal (Folder)
Successfully deleted: C:\Program Files\saalepriizess (Folder)
Successfully deleted: C:\Program Files\saaLepRIzoes (Folder)
Successfully deleted: C:\Program Files\saleofFeer (Folder)
Successfully deleted: C:\Program Files\saleofFer (Folder)
Successfully deleted: C:\Program Files\saLeprizes (Folder)
Successfully deleted: C:\Program Files\suALeprriZes (Folder)
Successfully deleted: C:\Program Files\Common Files\download manager (Folder)
Successfully deleted: C:\Program Files\consumer input (Folder)
Successfully deleted: C:\Program Files\dns unlocker (Folder)
Successfully deleted: C:\Program Files\drivertoolkit (Folder)
Successfully deleted: C:\Program Files\no cyrus (Folder)

Deleted the following from C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\prefs.js
user_pref(extensions.3WwhuGym6UZsVUjL.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.3WwhuGym6UZsVUjL.url, hxxp://liversional.org/sync2/?q=hfZ9ofqUqjnMCyVUojwErTaErchTB6lKDzt4olljtNtVh7n0rjkEqHsHrjrHqjr9tMFHhd9Fqja6rTrFqTaFrjwMDMlGojUMA
user_pref(extensions.DAks8PHlZRKPaEqx.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.DwxVdS0vcc3LHLoI.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.DwxVdS0vcc3LHLoI.url, hxxp://liversions.info/sync2/?q=hfZ9ofrFrTwMCyVUojwErTaErchTB6lKDzt4olljtNtVh7n0rjkEqjs6rjs8qja6tMFHhd9Fqja7rdYGrjr4qdaMDMlGojUMA
user_pref(extensions.GBsA8Mw3BrMjiVtX.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.N0eniwfJWplZGcRV.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.Tst4NhIDiUW5HhUg.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.Zw0a47fLxeaDFvRq.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.Zw0a47fLxeaDFvRq.url, hxxp://dogreality.info/sync2/?q=hfZ9oehGhekGWe08pchEAen0rjaGrdaEtMqLDe49CNU0llrMCMlNhd9Fqja6rdUGrHa6qdCMBzqUojw8rdCGrjw7qdrGqSh7h
user_pref(extensions.aUpDppUu4xlB8djF.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.bpviQ7GNp2GA3ewO.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.cpfKUBO4glcFwCWS.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.cpfKUBO4glcFwCWS.url, hxxp://artplaceparent.info/sync2/?q=hfZ9oemLByFHhchEAen0rjaGrdaEtMqLDe49CNU0llrMCMlNhd9Fqja5rjaGrHk5qdnMBzqUojw8rdYHrjaHrdUHrih7h
user_pref(extensions.dnxVL1HmJ6nPQkld.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.l8XEm9vB4K5oRlf7.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.p60S3FqxuYtQ3bsY.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c
user_pref(extensions.sFcO6rXEGeTRqAxc.scode, (function(){try{if(window.location.href.indexOf(\qdgFrjaFrHCErjs6pjs9qdg5rY\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.c



Registry: 3

Successfully deleted: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/26/2016 at 23:37:19.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

4.  MalwareBytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/26/2016
Scan Time: 11:49:56 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.27.01
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Heba

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367773
Time Elapsed: 15 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 180
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [1489f64880190b2b3cedf88bfb0742be],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [1489f64880190b2b3cedf88bfb0742be],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [1489f64880190b2b3cedf88bfb0742be],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [1489f64880190b2b3cedf88bfb0742be],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [633a98a6099078be8bd817745ba7718f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [504dfb435b3e69cdd456ceb5cc36748c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [504dfb435b3e69cdd456ceb5cc36748c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [504dfb435b3e69cdd456ceb5cc36748c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [504dfb435b3e69cdd456ceb5cc36748c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{0C6D49F4-6E41-4632-BE86-F210D5D894BA}, Quarantined, [564770ce8c0d5ed8c45cea995ca67c84],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [564770ce8c0d5ed8c45cea995ca67c84],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [564770ce8c0d5ed8c45cea995ca67c84],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, Quarantined, [aeef8ab45c3dc86e9b95b2d9c939f907],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [aeef8ab45c3dc86e9b95b2d9c939f907],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [aeef8ab45c3dc86e9b95b2d9c939f907],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}, Quarantined, [f4a95be38f0a52e457ca89faf70b6a96],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [f4a95be38f0a52e457ca89faf70b6a96],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [f4a95be38f0a52e457ca89faf70b6a96],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{3A40DF53-EB22-49FE-9246-8084403424E7}, Quarantined, [98056cd230697fb7bd65a4df15ed7987],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [98056cd230697fb7bd65a4df15ed7987],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [98056cd230697fb7bd65a4df15ed7987],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}, Quarantined, [f9a4d6683d5c8fa770b34241fe047d83],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [f9a4d6683d5c8fa770b34241fe047d83],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [f9a4d6683d5c8fa770b34241fe047d83],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{5CF02202-6278-47EE-9947-C2D0A057EABD}, Quarantined, [3a6308364d4c171fa4801172d13112ee],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [3a6308364d4c171fa4801172d13112ee],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [3a6308364d4c171fa4801172d13112ee],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{65BF611F-85CD-4E7F-966C-853573462C14}, Quarantined, [edb0a09ec2d7be78c56072112bd7748c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [edb0a09ec2d7be78c56072112bd7748c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [edb0a09ec2d7be78c56072112bd7748c],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [c6d7fa449cfd1f17181a9af1f111a060],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost.1, Quarantined, [c6d7fa449cfd1f17181a9af1f111a060],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost, Quarantined, [c6d7fa449cfd1f17181a9af1f111a060],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{87A125E5-B663-496F-954E-488A82FAC012}, Quarantined, [1c812c12693043f30323176c669cf907],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [1c812c12693043f30323176c669cf907],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [1c812c12693043f30323176c669cf907],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{8AF9C44C-E497-4776-A7EF-F6455F982825}, Quarantined, [dac3dc62584139fd15125f246a98b34d],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [dac3dc62584139fd15125f246a98b34d],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [dac3dc62584139fd15125f246a98b34d],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, Quarantined, [7d2049f55b3e3afce152bdce639f26da],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [7d2049f55b3e3afce152bdce639f26da],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [7d2049f55b3e3afce152bdce639f26da],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [3e5f2f0f5f3aa492dae4e47c58aa19e7],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\CLSID\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}, Quarantined, [fba2033bebaed1651516c0c39e646f91],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [fba2033bebaed1651516c0c39e646f91],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [fba2033bebaed1651516c0c39e646f91],
PUP.Optional.DigitalMore, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}, Quarantined, [09940836841589ad1178daa918ead52b],
PUP.Optional.DigitalMore, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0B1016F-B7E5-46F0-B415-6BF9E55AB00D}, Quarantined, [09940836841589ad1178daa918ead52b],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\INTERFACE\{C015D269-0F4E-4B52-A91F-721F6DAC9437}, Quarantined, [5647201e188168ce4117a2e9f30fe21e],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [ecb162dcfc9d78be75e37c0f9270768a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [4954f44a3e5ba98deb9cf79550b29769],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [e5b887b77029122499ee5e2e22e0728e],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [e5b887b77029122499ee5e2e22e0728e],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{8dc5eaef-5191-4efe-804d-28e884f14e27}, Quarantined, [f1acf04e405950e6c61085451ae6e21e],
PUP.Optional.MultiPlug, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8DC5EAEF-5191-4EFE-804D-28E884F14E27}, Quarantined, [f1acf04e405950e6c61085451ae6e21e],
PUP.Optional.MultiPlug, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8DC5EAEF-5191-4EFE-804D-28E884F14E27}, Quarantined, [f1acf04e405950e6c61085451ae6e21e],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8DC5EAEF-5191-4EFE-804D-28E884F14E27}, Quarantined, [f1acf04e405950e6c61085451ae6e21e],
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [3667f945841564d2511d7d824fb40bf5],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CompeteInc, Quarantined, [445952ecafea22140131f4bda65dd828],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\ConsumerInput, Quarantined, [a5f839050198d165e1c1c7f93bc809f7],
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [f0adb9850396989ef946a34a17eca35d],
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [afee98a6e7b200360e3225c89c677a86],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [3964cb736e2ba4928c152898e122ed13],
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\dca-host.exe, Quarantined, [d9c488b6326778be4f74b14dfd06fd03],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.compete.cinm, Quarantined, [76272c12c0d9db5bb827a05c2ed54eb2],
PUP.Optional.CloudScout.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\dnsmohawk, Quarantined, [cdd059e5b6e3bf777747746bd82a25db],
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [eab352eca3f62b0b05d049f4bc48e11f],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Consumer Input Installer, Quarantined, [85181d21336669cdf6bd052b8183748c],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{22134214}, Quarantined, [5f3e7ac4ff9aae88c6af7a61966d738d],
PUP.Optional.WeCareReminder, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1F1E283D-23D9-4E09-B967-F46A053FEA89}, Quarantined, [5647dd616b2e2214e758e5109d66b44c],
PUP.Optional.StartNow, HKU\S-1-5-18\SOFTWARE\StartNow Toolbar, Quarantined, [5449340a3e5b6acc7eb8a349d52efe02],
PUP.Optional.TornTV, HKU\S-1-5-18\SOFTWARE\TornTv Downloader, Quarantined, [acf168d6d6c30b2bd0876a862fd4f808],
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [138a6ed07e1b33030239f1fcc63d1de3],
PUP.Optional.SystemHealer, HKU\S-1-5-18\SOFTWARE\SYSTEM HEALER, Quarantined, [207d48f619805cda3c0cf33c36cee818],
PUP.Optional.ConsumerInput, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\Compete, Quarantined, [0499c27c6c2dfa3cee435d543ec5b14f],
PUP.Optional.ConsumerInput, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\ConsumerInput, Quarantined, [68355be3475242f4554ac1fff90a8a76],
PUP.Optional.TornTV, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\TornTv Downloader, Quarantined, [2e6f0d31d0c9142276e18e6221e2c43c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [514caa943e5b59dd0daef0d334cf1ee2],
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [960786b86c2d55e162d939b4d72ce51b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14BFD1A0-40A7-4CBC-8F75-3F8F49102C76}, Quarantined, [6637ed51bbdee84eefe72c985ea50af6],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14D71E4B-DC85-409C-B1D8-6D355993DC7D}, Quarantined, [26776dd15544f541399e8b39a55efd03],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164316B7-3A6E-45E4-97A8-6FB81AEC5834}, Quarantined, [c8d50737b1e8082ee3f42f95a360c53b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1C308ADE-56A5-44CE-B321-8DF489AA5B5A}, Quarantined, [dac3d7674851d165439315afdd26a060],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2090D1CD-B0D7-40F4-9BA0-FDCD35FA22A7}, Quarantined, [7f1ee856207950e69a3dac18ac571be5],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21EE5BAE-D6FB-4DA1-B1E4-CEA3345D8685}, Quarantined, [019c81bdbedb0a2c775fd0f4ca39a957],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23C67921-54C2-43F9-A4C8-D0785A53C783}, Quarantined, [9607fd416f2a41f59e39dde7ce35aa56],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23D28753-4646-4CF6-B532-9B2022C640D4}, Quarantined, [0c9181bdd5c463d35680ab1919eac43c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{24296879-EEE3-448E-BC92-1C85DBF0F2DC}, Quarantined, [653840fe1f7a81b55681f2d23cc747b9],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{257AB600-2676-43AA-B541-3335B9A445CF}, Quarantined, [b8e5003eb8e1f24419bc9b2945be619f],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{275A4213-FF61-4895-A889-84F3D77FD8B7}, Quarantined, [6736c47ab8e1072f7066a3210df6c43c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{279438D0-AF56-43BD-AE28-65D28A6DF9DC}, Quarantined, [dcc1003e3168b97dcb0c358f887bea16],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{294AE57E-66C1-4638-8227-24339EF7EED0}, Quarantined, [28757fbfcfca85b1924509bb24df10f0],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A8043F8-D7F0-4078-BF29-A925F1ECF0C6}, Quarantined, [debf16282c6d78beddf9b50f887b3fc1],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AA5DBAF-D328-4B20-80A4-715EBBB18E71}, Quarantined, [cad3f44a0b8ea39320b6873d0ef51be5],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B34BA83-71A5-4A3A-BABB-95604E6F9922}, Quarantined, [f8a59ca25b3ea0966275c9fbec17e21e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2BBCF0D0-CFB7-4D7A-978B-217541FEE06F}, Quarantined, [a3faeb536336a88ea92dad1761a2b749],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E678872-B9C1-405F-A13A-9791A76F2ECC}, Quarantined, [aeef033ba1f80531ca0c2a9af50e768a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EE7277A-82A2-4756-967E-298F41E68CA5}, Quarantined, [b0ed53eb4059c07612c532921de69769],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F681B98-1576-4CF1-A4BC-BBF376837F16}, Quarantined, [415ccd714a4f67cf34a300c4768d5aa6],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{31700989-ABDC-4792-B717-5C7A349D1464}, Quarantined, [f9a468d686132b0be4f303c17192ff01],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3558391C-D09E-40B0-B452-EE1942EFD1D3}, Quarantined, [c7d6e05e3d5c2b0b7166c004e91a51af],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38A20A0F-FC44-47F5-8142-F44D3E537D66}, Quarantined, [e0bd73cbc3d675c117bf329232d1926e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39DF3C81-2EC6-427A-B73F-C9E5FCD3738C}, Quarantined, [c4d93fffb3e656e052854a7a8b78be42],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B0925DD-1475-4763-B65A-BD3FB75D1D29}, Quarantined, [d5c8a797c0d93600d304685c857ee917],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C393778-7F99-4BE0-BAC2-DB4971665981}, Quarantined, [4f4e94aa8f0a7bbb02d4853fd92a629e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{406884EA-FB70-4FB9-93D8-71862A3C8565}, Quarantined, [465754ea1a7fe94de5f1f7cda26116ea],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{40DC7C89-C623-4074-9B9F-5275FE4B3990}, Quarantined, [d1cc3c025a3f3afc7d5901c3e1228080],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{420C76E2-6C2B-45D6-BD49-1498BBCCC0C3}, Quarantined, [4b527cc2b1e8f046fcdb5a6af80b8b75],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45D2D86C-6165-40D5-A8A4-8AD08FA3DC39}, Quarantined, [8e0f78c67c1db28427b04d77de25ae52],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4767EA20-C43D-44E4-AF84-7522AD85AB5C}, Quarantined, [ddc07ec06b2ec5714f87764e32d1a55b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{482AB893-D69A-4958-B117-1DD46AB7B56A}, Quarantined, [9805bd81fa9ffb3b24b318ac29da30d0],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4FC6B553-B700-4ED9-8B30-B6F83DFE2730}, Quarantined, [920b81bda2f733030bcc21a3c53e3ec2],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5137F4BA-616D-4AD9-ABEF-81545AFA1056}, Quarantined, [465774caf1a890a6479019ab2bd8dc24],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5CEAE644-78AE-4128-A046-93BB39C16FAF}, Quarantined, [c5d87ac4623751e5bb1c1ba940c3d42c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6023089B-D05C-4E9F-8135-9C137C889C55}, Quarantined, [8d102d11c2d734024690863ed92aad53],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{610EA66E-445C-4BD5-9DD5-9DE06FFC7B46}, Quarantined, [c3da291505941b1bcf083c889370b947],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63262AC5-A064-404F-B4EF-3FF349A6FDB4}, Quarantined, [a5f86bd349503afc8b4b3c88b2510df3],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{64735B01-D9D9-4655-80F9-8CE8F2249EDB}, Quarantined, [118c122cf4a5191d47909f2526dd0af6],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6701F000-7613-409D-90B8-17CB3C3F87E3}, Quarantined, [7a232a141a7fec4aa92e04c0c63df10f],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A029487-A28D-4E29-9CA3-A1CBE8A74446}, Quarantined, [aeefc17d8c0d74c2399ebc08c24109f7],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6CF3F4EF-39B2-4890-9F70-D5F3E8621F63}, Quarantined, [712c45f97e1bf1458b4b784c3cc7946c],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6FCE4904-D0BB-4B96-A468-319EFAF461C3}, Quarantined, [3667b08ebedb2a0cbc1b6262ab58cb35],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D80352-B418-4BD3-BE3B-E9D2391C7A55}, Quarantined, [5647a29c7b1e42f4b522853fa16254ac],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{736F8C15-35D2-44DA-8735-30B26A995EFD}, Quarantined, [05988fafc0d944f2cc0a8f35d0330af6],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75F3ADEB-2CD2-420F-85C5-19342FF5766F}, Quarantined, [8b12ed513564c571a72f83418c77a858],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7727A7CF-14DE-4EEC-8929-92CBB0C9DC3F}, Quarantined, [19848cb2a8f151e595429f254bb80df3],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78D3590B-AE73-426C-8DBC-EAE5D73513E5}, Quarantined, [8f0e241a92077abc00d7d0f4f80b58a8],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7942BF70-F380-4CEF-A220-D2634BDB28FA}, Quarantined, [dcc187b76e2b9e9893440cb85aa9c33d],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D055F64-B17F-4000-9563-709BA1819124}, Quarantined, [6f2efb43ddbcf64085523e86a95a1ee2],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F0A28F1-2E21-4BFC-B1DF-6F98D57AA413}, Quarantined, [d1cc1628d3c6e254bd1913b1ea1922de],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{83A666AD-9FDA-4547-9E93-3A814B2026A6}, Quarantined, [4756d866e1b8cd69d0061ba930d31ce4],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8459430B-BF20-408E-AA9E-4CBEC01777E1}, Quarantined, [f2ab08361881e74fc0174e76d82ba957],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{85F04984-B44C-493F-9B25-9BC594E3F81C}, Quarantined, [6b322816940585b1d2045b69f50e36ca],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{862A29EF-CBEF-49B5-B047-9A5567AC9FE1}, Quarantined, [d5c8da6418812b0b6670873dba49669a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E479620-E8CD-430C-8E51-904D5CCCD824}, Quarantined, [5d405ee0e1b881b5d601b60e0af956aa],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{90BD662C-2421-4D7F-89B2-F3D842B5F731}, Quarantined, [326b8bb37227ac8a0ccaeadacc3710f0],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{90DB29D5-AFFA-4F7B-9F5C-41C4CDB77365}, Quarantined, [f7a68bb3e0b9d363d0063f85ad5616ea],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91F7F310-6461-4191-9E91-A0ED58ECDEE9}, Quarantined, [306d0b334f4a13237760368eb15236ca],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92C07E7F-25F9-44FA-A22D-A064ACF334D2}, Quarantined, [2776d46a6f2a88aefcda3292907304fc],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{965DEA8C-2C1C-4F17-A055-C1C9EFFBD5D8}, Quarantined, [fe9f2519c1d8e452e8ef82420ef555ab],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96A519F8-1482-42F1-8B92-AC52F46A1FBA}, Quarantined, [7b2243fba1f864d224b3952f62a1fb05],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9B444509-6219-4C31-9CF2-AE5E591E9435}, Quarantined, [d5c89ca22c6d072ff6e0f5cfac578878],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A426CDB6-97D9-4204-A92A-2721117CE9A5}, Quarantined, [722b3905debbcb6bdafca222e1225ca4],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AAB053E6-94EC-4354-9F26-2CA47E57B9AE}, Quarantined, [227b003ed9c05ed805d29b29f31008f8],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B0AAF3B7-7EDF-4924-B5FD-7D26A1A5C2C4}, Quarantined, [108d82bc0198c96dd205576dd2311fe1],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B19FDB1A-57F9-43AB-834F-94B4717BAC7E}, Quarantined, [0e8f2e107e1b39fd6e68ac18966d28d8],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B224488D-5EA1-417B-9ABA-28454ED98F99}, Quarantined, [405dd26ce1b8b87e6e6915af659e26da],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B91BE3A4-1571-4DD9-B74F-3FE812F04CF2}, Quarantined, [9409ec528514a88e0cca774d679c857b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BA03FECD-35E3-4F72-887E-16F8DB7E6C22}, Quarantined, [e6b7ab93ebaec86e24b3fcc85da6ad53],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BDD77A30-13C0-405F-84CE-D79BFBA650E9}, Quarantined, [603da19da3f646f0a82f893bea19fd03],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFCFB53B-BC61-4342-B6AB-543889F5FAB9}, Quarantined, [5e3f0f2fafea86b0af27fbc9d42ffb05],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFD96226-2C75-41F8-B848-88EBB6CF81DD}, Quarantined, [aaf33806ff9a4de9cc0ad8ecc2416d93],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C09A14A9-A64D-421A-ABA6-EA7535848628}, Quarantined, [e2bbff3ff8a19a9cd10609bb9e6549b7],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C1308DEF-93B3-409C-8452-E2D4C1A7CB9E}, Quarantined, [415c78c67227c571b02717ad42c19d63],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4B24845-D32E-43E7-8C39-F8472ECDF573}, Quarantined, [8914112ddcbd7cba7462cafa10f338c8],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5AFF0EC-E7B5-4DC7-B9B9-5A21F1DF72BF}, Quarantined, [544979c5a7f24ee8e5f27c4817ecef11],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C74C0D39-103A-4A3C-818C-4A71FE737F97}, Quarantined, [910cf8462f6ac07633a4c8fca45ff808],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA2A6E46-ECE9-4AEB-A734-2B6A5DEE3A7D}, Quarantined, [bfde90ae0e8b2c0ab02651735ca7da26],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA4E8DC0-F472-41FD-986E-183FAB10C28D}, Quarantined, [fca1e15dddbc33032caa05bf2bd8dd23],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CAF84E23-C5A6-4427-A8E1-D8351435C54B}, Quarantined, [6c3158e6f7a2d46215c1e5dfdb28c937],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB1170BF-E1D5-474D-A4A6-703CDFE51AAE}, Quarantined, [762768d65a3feb4b7f572d971ce7c23e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC132873-AF96-45A8-9D6A-12ED2C1DADD1}, Quarantined, [f4a969d59efbbd797c5a606490739c64],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CCEBE39B-D17C-411D-99FB-1BDCB6F76BE4}, Quarantined, [b9e4bf7ff5a483b341956b59a3607888],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D3A6B2CC-A648-4135-9B52-1CACFFFE82B5}, Quarantined, [2f6e90aee7b21d19d006f0d4b64d5ea2],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7981DE4-26F3-4A24-8174-8346213617C3}, Quarantined, [623b71cde7b26bcbddf9388ced16a25e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7CD2354-CC6F-44C2-8E2B-1E94158AB532}, Quarantined, [f6a748f6158477bfe7ef824225de9868],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D82009CB-42D7-4F08-AD4E-5C56ACA09CCA}, Quarantined, [e4b997a74f4abb7b4295f5cf11f2f20e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DF52C407-AA8A-43FB-A4B7-D5EC7C475FF8}, Quarantined, [cdd0231b7425280e9f37eada58ab35cb],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E7400E75-5BF8-400D-A755-5586F2911A6E}, Quarantined, [3c61ba84a5f47abce0f6863ea65de61a],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EA80C09A-AC75-44E5-B0A8-5629D28DFBF8}, Quarantined, [f2ab05398118c373af278c38966d7090],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ECA0D5F8-C5F2-4709-9515-3FB45757D3DB}, Quarantined, [edb080be9cfdcf67be18a61e5aa921df],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F13D531C-ADE3-4CB0-B5D2-8542B9A09157}, Quarantined, [f8a5023cb2e7a6908a4cdfe56c979e62],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3579996-E4F8-428E-8C6B-D4103A5EA989}, Quarantined, [f9a4d965abee75c17264b50f51b2827e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9138309-7DAA-4B55-8C57-52412D8EC584}, Quarantined, [2c713d0194050d29a135487c758e51af],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAF4F7FD-C6F5-43B7-A7E8-2EF8517B5669}, Quarantined, [bedf1d21d9c03105d2054c78cc37be42],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FE986EDD-AD02-4205-906D-C6E6D9F868B5}, Quarantined, [f1ac5ae471282214b522be06d62d03fd],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF9352D9-A662-45F7-8C16-5C8BB7699447}, Quarantined, [b1ec27177e1bd66084526361ed164db3],
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFF1209C-1D86-484E-B888-91B6B1A7FBFC}, Quarantined, [6736d767138664d28c4b91335ba812ee],
PUP.Optional.OptimizerPro, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\OPTIMIZER PRO, Quarantined, [eeaf3707d2c7d066f458647ad231b54b],
PUP.Optional.ProductSetup, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\PRODUCTSETUP, Quarantined, [8f0e85b980192a0ccf6a60829370bd43],

Registry Values: 110
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [fda049f55e3b42f438f518e8b15349b7]
PUP.Optional.WeCareReminder, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1F1E283D-23D9-4E09-B967-F46A053FEA89}|Publisher, We-Care.com, Quarantined, [5647dd616b2e2214e758e5109d66b44c]
PUP.Optional.WeCareReminder, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1F1E283D-23D9-4E09-B967-F46A053FEA89}|DisplayName, ASPCA TriMini Reminder by We-Care.com v5.0.1.1, Quarantined, [a4f9b985b1e8300666d913e27093e61a]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{165B91E0-6835-43C6-8515-8A96CCF0A8D6}|NameServer, 199.203.131.150,82.163.143.168, Quarantined, [6b32fa44c8d16bcb413d1d200103d42c]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{8F038740-0FF0-4C33-9609-B70A137CCC34}|NameServer, 199.203.131.150,82.163.143.168, Quarantined, [eeaf58e6f8a15dd9bac44cf15fa58080]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{C5969C69-ADB3-4BA4-88F9-F49251721D5D}|NameServer, 199.203.131.150,82.163.143.168, Quarantined, [c2dba6981a7f01351e603409d23221df]
PUP.Optional.SystemHealer, HKU\S-1-5-18\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, Quarantined, [207d48f619805cda3c0cf33c36cee818]
PUP.Optional.SystemHealer, HKU\S-1-5-18\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, Quarantined, [029b70cecdcc8caa4503b07f42c2a759]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14BFD1A0-40A7-4CBC-8F75-3F8F49102C76}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [6637ed51bbdee84eefe72c985ea50af6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14D71E4B-DC85-409C-B1D8-6D355993DC7D}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [26776dd15544f541399e8b39a55efd03]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{164316B7-3A6E-45E4-97A8-6FB81AEC5834}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [c8d50737b1e8082ee3f42f95a360c53b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1C308ADE-56A5-44CE-B321-8DF489AA5B5A}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [dac3d7674851d165439315afdd26a060]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2090D1CD-B0D7-40F4-9BA0-FDCD35FA22A7}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [7f1ee856207950e69a3dac18ac571be5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21EE5BAE-D6FB-4DA1-B1E4-CEA3345D8685}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [019c81bdbedb0a2c775fd0f4ca39a957]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23C67921-54C2-43F9-A4C8-D0785A53C783}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [9607fd416f2a41f59e39dde7ce35aa56]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23D28753-4646-4CF6-B532-9B2022C640D4}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [0c9181bdd5c463d35680ab1919eac43c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{24296879-EEE3-448E-BC92-1C85DBF0F2DC}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [653840fe1f7a81b55681f2d23cc747b9]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{257ab600-2676-43aa-b541-3335b9a445cf}|AppName, CinPlus-2.5cTube HDV23.09-bg.exe, Quarantined, [b8e5003eb8e1f24419bc9b2945be619f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{275A4213-FF61-4895-A889-84F3D77FD8B7}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [6736c47ab8e1072f7066a3210df6c43c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{279438D0-AF56-43BD-AE28-65D28A6DF9DC}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [dcc1003e3168b97dcb0c358f887bea16]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{294AE57E-66C1-4638-8227-24339EF7EED0}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [28757fbfcfca85b1924509bb24df10f0]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A8043F8-D7F0-4078-BF29-A925F1ECF0C6}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [debf16282c6d78beddf9b50f887b3fc1]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AA5DBAF-D328-4B20-80A4-715EBBB18E71}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [cad3f44a0b8ea39320b6873d0ef51be5]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B34BA83-71A5-4A3A-BABB-95604E6F9922}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [f8a59ca25b3ea0966275c9fbec17e21e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2BBCF0D0-CFB7-4D7A-978B-217541FEE06F}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [a3faeb536336a88ea92dad1761a2b749]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E678872-B9C1-405F-A13A-9791A76F2ECC}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [aeef033ba1f80531ca0c2a9af50e768a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EE7277A-82A2-4756-967E-298F41E68CA5}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [b0ed53eb4059c07612c532921de69769]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F681B98-1576-4CF1-A4BC-BBF376837F16}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [415ccd714a4f67cf34a300c4768d5aa6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{31700989-ABDC-4792-B717-5C7A349D1464}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [f9a468d686132b0be4f303c17192ff01]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3558391C-D09E-40B0-B452-EE1942EFD1D3}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [c7d6e05e3d5c2b0b7166c004e91a51af]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38A20A0F-FC44-47F5-8142-F44D3E537D66}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [e0bd73cbc3d675c117bf329232d1926e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39DF3C81-2EC6-427A-B73F-C9E5FCD3738C}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [c4d93fffb3e656e052854a7a8b78be42]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B0925DD-1475-4763-B65A-BD3FB75D1D29}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [d5c8a797c0d93600d304685c857ee917]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C393778-7F99-4BE0-BAC2-DB4971665981}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [4f4e94aa8f0a7bbb02d4853fd92a629e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{406884EA-FB70-4FB9-93D8-71862A3C8565}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [465754ea1a7fe94de5f1f7cda26116ea]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{40DC7C89-C623-4074-9B9F-5275FE4B3990}|AppName, e905d133-01c8-4b84-8396-03b28e0dc9f7-2.exe-buttonutil.exe, Quarantined, [d1cc3c025a3f3afc7d5901c3e1228080]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{420C76E2-6C2B-45D6-BD49-1498BBCCC0C3}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [4b527cc2b1e8f046fcdb5a6af80b8b75]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45D2D86C-6165-40D5-A8A4-8AD08FA3DC39}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [8e0f78c67c1db28427b04d77de25ae52]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4767EA20-C43D-44E4-AF84-7522AD85AB5C}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [ddc07ec06b2ec5714f87764e32d1a55b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{482AB893-D69A-4958-B117-1DD46AB7B56A}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [9805bd81fa9ffb3b24b318ac29da30d0]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4FC6B553-B700-4ED9-8B30-B6F83DFE2730}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [920b81bda2f733030bcc21a3c53e3ec2]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5137F4BA-616D-4AD9-ABEF-81545AFA1056}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [465774caf1a890a6479019ab2bd8dc24]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5CEAE644-78AE-4128-A046-93BB39C16FAF}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [c5d87ac4623751e5bb1c1ba940c3d42c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6023089B-D05C-4E9F-8135-9C137C889C55}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [8d102d11c2d734024690863ed92aad53]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{610EA66E-445C-4BD5-9DD5-9DE06FFC7B46}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [c3da291505941b1bcf083c889370b947]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63262AC5-A064-404F-B4EF-3FF349A6FDB4}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [a5f86bd349503afc8b4b3c88b2510df3]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{64735B01-D9D9-4655-80F9-8CE8F2249EDB}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [118c122cf4a5191d47909f2526dd0af6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6701F000-7613-409D-90B8-17CB3C3F87E3}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [7a232a141a7fec4aa92e04c0c63df10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A029487-A28D-4E29-9CA3-A1CBE8A74446}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [aeefc17d8c0d74c2399ebc08c24109f7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6CF3F4EF-39B2-4890-9F70-D5F3E8621F63}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [712c45f97e1bf1458b4b784c3cc7946c]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6FCE4904-D0BB-4B96-A468-319EFAF461C3}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [3667b08ebedb2a0cbc1b6262ab58cb35]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D80352-B418-4BD3-BE3B-E9D2391C7A55}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [5647a29c7b1e42f4b522853fa16254ac]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{736F8C15-35D2-44DA-8735-30B26A995EFD}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [05988fafc0d944f2cc0a8f35d0330af6]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75F3ADEB-2CD2-420F-85C5-19342FF5766F}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [8b12ed513564c571a72f83418c77a858]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7727A7CF-14DE-4EEC-8929-92CBB0C9DC3F}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [19848cb2a8f151e595429f254bb80df3]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78D3590B-AE73-426C-8DBC-EAE5D73513E5}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [8f0e241a92077abc00d7d0f4f80b58a8]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7942BF70-F380-4CEF-A220-D2634BDB28FA}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [dcc187b76e2b9e9893440cb85aa9c33d]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D055F64-B17F-4000-9563-709BA1819124}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [6f2efb43ddbcf64085523e86a95a1ee2]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F0A28F1-2E21-4BFC-B1DF-6F98D57AA413}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [d1cc1628d3c6e254bd1913b1ea1922de]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{83A666AD-9FDA-4547-9E93-3A814B2026A6}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [4756d866e1b8cd69d0061ba930d31ce4]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8459430B-BF20-408E-AA9E-4CBEC01777E1}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [f2ab08361881e74fc0174e76d82ba957]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{85F04984-B44C-493F-9B25-9BC594E3F81C}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [6b322816940585b1d2045b69f50e36ca]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{862A29EF-CBEF-49B5-B047-9A5567AC9FE1}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [d5c8da6418812b0b6670873dba49669a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E479620-E8CD-430C-8E51-904D5CCCD824}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [5d405ee0e1b881b5d601b60e0af956aa]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{90BD662C-2421-4D7F-89B2-F3D842B5F731}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [326b8bb37227ac8a0ccaeadacc3710f0]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{90DB29D5-AFFA-4F7B-9F5C-41C4CDB77365}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [f7a68bb3e0b9d363d0063f85ad5616ea]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91F7F310-6461-4191-9E91-A0ED58ECDEE9}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [306d0b334f4a13237760368eb15236ca]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92C07E7F-25F9-44FA-A22D-A064ACF334D2}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [2776d46a6f2a88aefcda3292907304fc]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{965DEA8C-2C1C-4F17-A055-C1C9EFFBD5D8}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [fe9f2519c1d8e452e8ef82420ef555ab]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96A519F8-1482-42F1-8B92-AC52F46A1FBA}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [7b2243fba1f864d224b3952f62a1fb05]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9B444509-6219-4C31-9CF2-AE5E591E9435}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [d5c89ca22c6d072ff6e0f5cfac578878]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A426CDB6-97D9-4204-A92A-2721117CE9A5}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [722b3905debbcb6bdafca222e1225ca4]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AAB053E6-94EC-4354-9F26-2CA47E57B9AE}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [227b003ed9c05ed805d29b29f31008f8]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B0AAF3B7-7EDF-4924-B5FD-7D26A1A5C2C4}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [108d82bc0198c96dd205576dd2311fe1]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B19FDB1A-57F9-43AB-834F-94B4717BAC7E}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [0e8f2e107e1b39fd6e68ac18966d28d8]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B224488D-5EA1-417B-9ABA-28454ED98F99}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [405dd26ce1b8b87e6e6915af659e26da]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B91BE3A4-1571-4DD9-B74F-3FE812F04CF2}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [9409ec528514a88e0cca774d679c857b]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BA03FECD-35E3-4F72-887E-16F8DB7E6C22}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [e6b7ab93ebaec86e24b3fcc85da6ad53]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BDD77A30-13C0-405F-84CE-D79BFBA650E9}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [603da19da3f646f0a82f893bea19fd03]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFCFB53B-BC61-4342-B6AB-543889F5FAB9}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [5e3f0f2fafea86b0af27fbc9d42ffb05]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFD96226-2C75-41F8-B848-88EBB6CF81DD}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [aaf33806ff9a4de9cc0ad8ecc2416d93]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C09A14A9-A64D-421A-ABA6-EA7535848628}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [e2bbff3ff8a19a9cd10609bb9e6549b7]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C1308DEF-93B3-409C-8452-E2D4C1A7CB9E}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [415c78c67227c571b02717ad42c19d63]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4B24845-D32E-43E7-8C39-F8472ECDF573}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [8914112ddcbd7cba7462cafa10f338c8]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5AFF0EC-E7B5-4DC7-B9B9-5A21F1DF72BF}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [544979c5a7f24ee8e5f27c4817ecef11]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c74c0d39-103a-4a3c-818c-4a71fe737f97}|AppName, CinPlus-2.5cTube HDV23.09-codedownloader.exe, Quarantined, [910cf8462f6ac07633a4c8fca45ff808]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA2A6E46-ECE9-4AEB-A734-2B6A5DEE3A7D}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [bfde90ae0e8b2c0ab02651735ca7da26]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA4E8DC0-F472-41FD-986E-183FAB10C28D}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [fca1e15dddbc33032caa05bf2bd8dd23]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CAF84E23-C5A6-4427-A8E1-D8351435C54B}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [6c3158e6f7a2d46215c1e5dfdb28c937]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB1170BF-E1D5-474D-A4A6-703CDFE51AAE}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [762768d65a3feb4b7f572d971ce7c23e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC132873-AF96-45A8-9D6A-12ED2C1DADD1}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [f4a969d59efbbd797c5a606490739c64]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CCEBE39B-D17C-411D-99FB-1BDCB6F76BE4}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [b9e4bf7ff5a483b341956b59a3607888]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D3A6B2CC-A648-4135-9B52-1CACFFFE82B5}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [2f6e90aee7b21d19d006f0d4b64d5ea2]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7981DE4-26F3-4A24-8174-8346213617C3}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [623b71cde7b26bcbddf9388ced16a25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7CD2354-CC6F-44C2-8E2B-1E94158AB532}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [f6a748f6158477bfe7ef824225de9868]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D82009CB-42D7-4F08-AD4E-5C56ACA09CCA}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [e4b997a74f4abb7b4295f5cf11f2f20e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DF52C407-AA8A-43FB-A4B7-D5EC7C475FF8}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [cdd0231b7425280e9f37eada58ab35cb]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E7400E75-5BF8-400D-A755-5586F2911A6E}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [3c61ba84a5f47abce0f6863ea65de61a]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EA80C09A-AC75-44E5-B0A8-5629D28DFBF8}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [f2ab05398118c373af278c38966d7090]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ECA0D5F8-C5F2-4709-9515-3FB45757D3DB}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [edb080be9cfdcf67be18a61e5aa921df]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F13D531C-ADE3-4CB0-B5D2-8542B9A09157}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [f8a5023cb2e7a6908a4cdfe56c979e62]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3579996-E4F8-428E-8C6B-D4103A5EA989}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [f9a4d965abee75c17264b50f51b2827e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F9138309-7DAA-4B55-8C57-52412D8EC584}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [2c713d0194050d29a135487c758e51af]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAF4F7FD-C6F5-43B7-A7E8-2EF8517B5669}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [bedf1d21d9c03105d2054c78cc37be42]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FE986EDD-AD02-4205-906D-C6E6D9F868B5}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [f1ac5ae471282214b522be06d62d03fd]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF9352D9-A662-45F7-8C16-5C8BB7699447}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-buttonutil.exe, Quarantined, [b1ec27177e1bd66084526361ed164db3]
PUP.Optional.CrossRider, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFF1209C-1D86-484E-B888-91B6B1A7FBFC}|AppName, 61c7786b-86cc-42e3-8fc1-bf6b25e3d774-2.exe-codedownloader.exe, Quarantined, [6736d767138664d28c4b91335ba812ee]
PUP.Optional.Yontoo, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [3b62b08e44553bfb5b0caf50e221b34d]
PUP.Optional.OptimizerPro, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, http://www.safeshopgate.com/r?s=121002330&g=4D0C5C0F-F7AA-4048-BD70-1B54F7AA3793, Quarantined, [eeaf3707d2c7d066f458647ad231b54b]
PUP.Optional.ProductSetup, HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\SOFTWARE\PRODUCTSETUP|tb, Quarantined, [8f0e85b980192a0ccf6a60829370bd43],

Registry Data: 0
(No malicious items detected)

Folders: 99
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [831ad26c1089c67005f55e81b54d03fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [831ad26c1089c67005f55e81b54d03fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [7f1e77c79306c76f03f7d20d44bee818],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [7f1e77c79306c76f03f7d20d44bee818],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [138a330ba4f54fe71bdf7e61c33f7c84],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [138a330ba4f54fe71bdf7e61c33f7c84],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [227b46f81a7f47efd72308d76b974ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [227b46f81a7f47efd72308d76b974ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [c6d758e62a6f66d0639768774cb66b95],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [c6d758e62a6f66d0639768774cb66b95],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [732a41fd5e3b3bfb1bdf2db251b19868],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [732a41fd5e3b3bfb1bdf2db251b19868],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [811caf8ff8a187afc1395b841ce6eb15],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [811caf8ff8a187afc1395b841ce6eb15],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [8419f549b6e34beb48b28a559072ea16],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [8419f549b6e34beb48b28a559072ea16],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [227b3d010891b284cc2eb42b1be77a86],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [227b3d010891b284cc2eb42b1be77a86],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [c4d9df5fe6b349ed3fbb479845bd9c64],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [c4d9df5fe6b349ed3fbb479845bd9c64],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [fca146f8574243f3aa5038a72bd7d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [fca146f8574243f3aa5038a72bd7d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [7627de60b4e57eb80af0fce3fa08d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [7627de60b4e57eb80af0fce3fa08d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [b4e950ee2673db5bfefcae3148bac33d],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [b4e950ee2673db5bfefcae3148bac33d],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [cad3b6882376a393a15927b8cf3339c7],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [cad3b6882376a393a15927b8cf3339c7],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [ebb21628f5a470c6ae4c16c97f83f50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [ebb21628f5a470c6ae4c16c97f83f50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [8d102915a7f247eff10a716e689aaa56],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [8d102915a7f247eff10a716e689aaa56],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [e7b69ea06336d2648873914e62a0a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [e7b69ea06336d2648873914e62a0a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [bae3ce7085146cca7d7eedf246bce020],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [bae3ce7085146cca7d7eedf246bce020],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [7924b688f9a057df6e8dc11eb64c4ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [7924b688f9a057df6e8dc11eb64c4ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [e3baf04ea7f2dc5a8378e7f8bc461ee2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [e3baf04ea7f2dc5a8378e7f8bc461ee2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [78252a14148569cdbe3d9847f70b26da],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [78252a14148569cdbe3d9847f70b26da],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [900dfb43673286b0e41788574bb75ea2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [900dfb43673286b0e41788574bb75ea2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [415cee50b7e2d4623bc0548bdb276898],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [415cee50b7e2d4623bc0548bdb276898],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [d9c459e51e7bae880af1d30c798908f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [d9c459e51e7bae880af1d30c798908f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [831a2a1424750c2a54a78f500ff3e818],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [831a2a1424750c2a54a78f500ff3e818],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [ddc0ad91722781b509f2ebf428dab050],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [ddc0ad91722781b509f2ebf428dab050],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [f0ad54ea4356989ec5369649de24b24e],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [f0ad54ea4356989ec5369649de24b24e],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0, Quarantined, [0b9241fdf6a30f2723d8eef1f30f9769],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi, Quarantined, [0b9241fdf6a30f2723d8eef1f30f9769],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [b6e7093562374ceab34879667290a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [b6e7093562374ceab34879667290a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0, Quarantined, [c5d8fd41b5e495a1c734f6e934cef50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek, Quarantined, [c5d8fd41b5e495a1c734f6e934cef50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\eoeillmlfljaaebddfhdbmnjgmnigpmd, Quarantined, [5e3fa29cdcbdb18523a6f3b9c63dd927],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\pcpdpfagdemccpfaaoeilpoppplkiado, Quarantined, [f4a96ad4ff9a9a9ce7e2e4c835ce926e],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [28758ab46930fe38e764cd0e788b01ff],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [28758ab46930fe38e764cd0e788b01ff],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [cbd2df5f3d5c54e2d477ca1143c0738d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [cbd2df5f3d5c54e2d477ca1143c0738d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin\122, Quarantined, [9c013608eaafbb7b351682599073fa06],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin, Quarantined, [9c013608eaafbb7b351682599073fa06],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp\159, Quarantined, [efae66d82e6b2c0a400b36a57a8951af],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp, Quarantined, [efae66d82e6b2c0a400b36a57a8951af],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch\214, Quarantined, [d5c83b0302973df9f754ad2e18eb8779],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch, Quarantined, [d5c83b0302973df9f754ad2e18eb8779],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff\204, Quarantined, [247952ec13868da9b695ba2172919e62],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff, Quarantined, [247952ec13868da9b695ba2172919e62],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf\137, Quarantined, [5f3e74ca7b1e0f27e86314c73fc4a35d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf, Quarantined, [5f3e74ca7b1e0f27e86314c73fc4a35d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma\124, Quarantined, [4e4fa39bdebb73c3f754e4f723e08878],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma, Quarantined, [4e4fa39bdebb73c3f754e4f723e08878],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\191, Quarantined, [108d231b6732999d2f1cf9e2887bd32d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk, Quarantined, [108d231b6732999d2f1cf9e2887bd32d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf\184, Quarantined, [b5e88db149509d99f95292498b78916f],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf, Quarantined, [b5e88db149509d99f95292498b78916f],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg\231, Quarantined, [a4f959e53861d264054609d2a65d37c9],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg, Quarantined, [a4f959e53861d264054609d2a65d37c9],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\183, Quarantined, [415c81bde2b7350151fa9a415fa445bb],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf, Quarantined, [415c81bde2b7350151fa9a415fa445bb],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [7c21e05e2b6ef3438ebde6f5a16208f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [7c21e05e2b6ef3438ebde6f5a16208f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155, Quarantined, [c9d481bd752481b558f37e5d0ef5fe02],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf, Quarantined, [c9d481bd752481b558f37e5d0ef5fe02],
PUP.Optional.SuperOptimizer, C:\Documents and Settings\All Users\Application Data\{b07c1466-1379-6f24-b07c-c14661375198}, Quarantined, [198436085148e056b38112db669d7d83],
PUP.Optional.BuyFast, C:\Program Files\buyfasT, Quarantined, [cad3241a4b4ec670d671b3fbd62c3dc3],
PUP.Optional.CoolNCheap, C:\Program Files\coolncheAp, Quarantined, [e0bdad913960181e8879e0d10df533cd],
PUP.Optional.ShopShop, C:\Documents and Settings\All Users\Application Data\shopshop, Quarantined, [534a43fb316835017cb512b9e41e47b9],
PUP.Optional.ShowAppIt, C:\Documents and Settings\All Users\Application Data\ShowAppIt, Quarantined, [cad3c07ebcdd8caa1336a427f30f56aa],
PUP.Optional.ShowAppIt, C:\Documents and Settings\All Users\Application Data\ShowAppIt\Setup, Quarantined, [cad3c07ebcdd8caa1336a427f30f56aa],
PUP.Optional.ShowAppIt, C:\Documents and Settings\All Users\Application Data\ShowAppIt\SW-Booster, Quarantined, [cad3c07ebcdd8caa1336a427f30f56aa],
PUP.Optional.ShowAppIt, C:\Documents and Settings\All Users\Application Data\ShowAppIt\SW-Booster\1039561752, Quarantined, [cad3c07ebcdd8caa1336a427f30f56aa],

Files: 277
PUP.Optional.MultiPlug.Uns, C:\Documents and Settings\All Users\Application Data\shopshop\shopshop.exe, Quarantined, [5a430e307722a98d7b24f031f50d49b7],
Trojan.Downloader, C:\Documents and Settings\All Users\Application Data\ShowAppIt\SW-Booster\SW-Booster.exe, Quarantined, [425bd668e7b258de5530ed2e847e916f],
PUP.Optional.MultiPlug.BHO, C:\Documents and Settings\All Users\Application Data\YoutubeAdBilocke\5EpMs04ynhJ4zEw.exe, Quarantined, [edb0ee500891e94d214c309c847dfb05],
PUP.Optional.PCOptimizerPro, C:\Documents and Settings\All Users\Application Data\{b07c1466-1379-6f24-b07c-c14661375198}\hqghumeaylnlf.exe, Quarantined, [c4d973cb8712dc5a3d6b69a152af8a76],
PUP.Optional.InstallCore, C:\Documents and Settings\Heba\My Documents\Downloads\DriverGuide_Driver_Download_1234318.exe, Quarantined, [2677fd41b3e63204a6d748ed08f955ab],
PUP.Optional.MultiPlug, C:\Program Files\Myibidder Auction Bid Sniper for eBay\Myibidder Auction Bid Sniper for eBay.exe, Quarantined, [1b828eb02c6dbd79d0cd21158879a25e],
PUP.Optional.MultiPlug, C:\Program Files\saAleprizes\saAleprizes.exe, Quarantined, [adf0c07eadec6ec81a8385b1fe03fe02],
PUP.Optional.MultiPlug, C:\Program Files\Sample IME for IME extension API\Sample IME for IME extension API.exe, Quarantined, [326bc17d9108e452a2fbae88af52ad53],
PUP.Optional.MultiPlug, C:\Program Files\Turntablefm Extended\Turntablefm Extended.exe, Quarantined, [1f7edd615346a88e4e4f9d99fe033bc5],
PUP.Optional.MultiPlug, C:\Program Files\YoutubeAdBilocke\iyBpvpjWGFU7xc.dll, Quarantined, [f1acf04e405950e6c61085451ae6e21e],
PUP.Optional.MultiPlug, C:\Program Files\YoutubeAdBilocke\iyBpvpjWGFU7xc.x64.dll, Quarantined, [3f5eea54cbce06302fa75d6d2ed2827e],
PUP.Optional.MultiPlug, C:\Program Files\rocckeettsalee\rocckeettsalee.exe, Quarantined, [039a47f7ecad0531c8d5ef47ff0223dd],
PUP.Optional.MultiPlug, C:\Program Files\Gom VPN  Bypass and unblock\Gom VPN  Bypass and unblock.exe, Quarantined, [782516282277af870994a98dff021ae6],
PUP.Optional.MultiPlug, C:\Program Files\GoToMeeting for  Calendar\GoToMeeting for  Calendar.exe, Quarantined, [732a8bb3eeab1224e1bc023420e158a8],
PUP.Optional.MultiPlug, C:\Program Files\Hush  private bookmarking\Hush  private bookmarking.exe, Quarantined, [3e5f96a8b1e880b64d50a78f41c01ee2],
PUP.Optional.MultiPlug, C:\Program Files\Image Dictionary\Image Dictionary.exe, Quarantined, [6a3315298a0f8aac6e2f6ec859a832ce],
PUP.Optional.ServiceRNDM, C:\Program Files\Motionless Session\Motionless Session.exe, Quarantined, [9904ce701c7d102632e4c67254adce32],
PUP.Optional.MultiPlug, C:\Program Files\Mozilla Firefox\dbghelp.dll, Quarantined, [d2cb241ab9e057df078d63d3b34e1de3],
PUP.Optional.MultiPlug, C:\Program Files\priizecouponi\priizecouponi.exe, Quarantined, [475654eacfcaf04638653ef8e9185ea2],
PUP.Optional.MultiPlug, C:\Program Files\Redirect Path\Redirect Path.exe, Quarantined, [ecb1be80f2a772c4a7f688aea55c45bb],
PUP.Optional.MultiPlug, C:\Program Files\Better Battlelog BBLog\Better Battlelog BBLog.exe, Quarantined, [7627211da8f17db9990486b0837e9f61],
PUP.Optional.MultiPlug, C:\Program Files\buyfasT\buyfasT.exe, Quarantined, [594483bb1683d462bce1bd7911f0cf31],
PUP.Optional.MultiPlug, C:\Program Files\Crash Bandicoot 3D Racing\Crash Bandicoot 3D Racing.exe, Quarantined, [7c218db121785bdb3b6264d2fd04946c],
PUP.Optional.MultiPlug, C:\Program Files\dollarsaaver\dollarsaaver.exe, Quarantined, [8a138eb02277f1452e6ffc3a25dca65a],
PUP.Optional.MultiPlug, C:\Program Files\fReea2yoiuu\fReea2yoiuu.exe, Quarantined, [8815023c84155dd96e2f4beba75ae719],
PUP.Optional.MultiPlug, C:\Program Files\FreedelIuvEryy\FreedelIuvEryy.exe, Quarantined, [e2bb1c22d9c0a5919c01e94d25dc52ae],
PUP.Optional.MultiPlug, C:\Program Files\fReedeliverry\fReedeliverry.exe, Quarantined, [801d76c8f5a4f145207dd4621ae7d828],
PUP.Optional.MultiPlug, C:\Program Files\lowPRRIcess\lowPRRIcess.exe, Quarantined, [06973fff5f3aac8a6f2ee05641c0c838],
PUP.Optional.MultiPlug, C:\Program Files\Mahjong\Mahjong.exe, Quarantined, [9508b48ae7b293a34f4e4ee8b54c6d93],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [831ad26c1089c67005f55e81b54d03fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [831ad26c1089c67005f55e81b54d03fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [831ad26c1089c67005f55e81b54d03fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [831ad26c1089c67005f55e81b54d03fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [831ad26c1089c67005f55e81b54d03fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [7f1e77c79306c76f03f7d20d44bee818],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [7f1e77c79306c76f03f7d20d44bee818],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [7f1e77c79306c76f03f7d20d44bee818],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [7f1e77c79306c76f03f7d20d44bee818],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [7f1e77c79306c76f03f7d20d44bee818],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [138a330ba4f54fe71bdf7e61c33f7c84],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [138a330ba4f54fe71bdf7e61c33f7c84],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [138a330ba4f54fe71bdf7e61c33f7c84],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [138a330ba4f54fe71bdf7e61c33f7c84],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [138a330ba4f54fe71bdf7e61c33f7c84],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [227b46f81a7f47efd72308d76b974ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [227b46f81a7f47efd72308d76b974ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [227b46f81a7f47efd72308d76b974ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [227b46f81a7f47efd72308d76b974ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [227b46f81a7f47efd72308d76b974ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [c6d758e62a6f66d0639768774cb66b95],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [c6d758e62a6f66d0639768774cb66b95],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [c6d758e62a6f66d0639768774cb66b95],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [c6d758e62a6f66d0639768774cb66b95],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [c6d758e62a6f66d0639768774cb66b95],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [732a41fd5e3b3bfb1bdf2db251b19868],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [732a41fd5e3b3bfb1bdf2db251b19868],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [732a41fd5e3b3bfb1bdf2db251b19868],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [732a41fd5e3b3bfb1bdf2db251b19868],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [732a41fd5e3b3bfb1bdf2db251b19868],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [811caf8ff8a187afc1395b841ce6eb15],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [811caf8ff8a187afc1395b841ce6eb15],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [811caf8ff8a187afc1395b841ce6eb15],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [811caf8ff8a187afc1395b841ce6eb15],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [811caf8ff8a187afc1395b841ce6eb15],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [8419f549b6e34beb48b28a559072ea16],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [8419f549b6e34beb48b28a559072ea16],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [8419f549b6e34beb48b28a559072ea16],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [8419f549b6e34beb48b28a559072ea16],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [8419f549b6e34beb48b28a559072ea16],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [227b3d010891b284cc2eb42b1be77a86],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [227b3d010891b284cc2eb42b1be77a86],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [227b3d010891b284cc2eb42b1be77a86],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [227b3d010891b284cc2eb42b1be77a86],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [227b3d010891b284cc2eb42b1be77a86],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [c4d9df5fe6b349ed3fbb479845bd9c64],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [c4d9df5fe6b349ed3fbb479845bd9c64],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [c4d9df5fe6b349ed3fbb479845bd9c64],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [c4d9df5fe6b349ed3fbb479845bd9c64],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [c4d9df5fe6b349ed3fbb479845bd9c64],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [fca146f8574243f3aa5038a72bd7d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [fca146f8574243f3aa5038a72bd7d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [fca146f8574243f3aa5038a72bd7d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [fca146f8574243f3aa5038a72bd7d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [fca146f8574243f3aa5038a72bd7d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [7627de60b4e57eb80af0fce3fa08d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [7627de60b4e57eb80af0fce3fa08d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [7627de60b4e57eb80af0fce3fa08d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [7627de60b4e57eb80af0fce3fa08d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [7627de60b4e57eb80af0fce3fa08d030],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [b4e950ee2673db5bfefcae3148bac33d],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [b4e950ee2673db5bfefcae3148bac33d],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [b4e950ee2673db5bfefcae3148bac33d],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [b4e950ee2673db5bfefcae3148bac33d],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [b4e950ee2673db5bfefcae3148bac33d],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [cad3b6882376a393a15927b8cf3339c7],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [cad3b6882376a393a15927b8cf3339c7],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [cad3b6882376a393a15927b8cf3339c7],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [cad3b6882376a393a15927b8cf3339c7],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [cad3b6882376a393a15927b8cf3339c7],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [ebb21628f5a470c6ae4c16c97f83f50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [ebb21628f5a470c6ae4c16c97f83f50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [ebb21628f5a470c6ae4c16c97f83f50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [ebb21628f5a470c6ae4c16c97f83f50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [ebb21628f5a470c6ae4c16c97f83f50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [8d102915a7f247eff10a716e689aaa56],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [8d102915a7f247eff10a716e689aaa56],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [8d102915a7f247eff10a716e689aaa56],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [8d102915a7f247eff10a716e689aaa56],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [8d102915a7f247eff10a716e689aaa56],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [e7b69ea06336d2648873914e62a0a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [e7b69ea06336d2648873914e62a0a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [e7b69ea06336d2648873914e62a0a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [e7b69ea06336d2648873914e62a0a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [e7b69ea06336d2648873914e62a0a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [bae3ce7085146cca7d7eedf246bce020],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [bae3ce7085146cca7d7eedf246bce020],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [bae3ce7085146cca7d7eedf246bce020],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [bae3ce7085146cca7d7eedf246bce020],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [bae3ce7085146cca7d7eedf246bce020],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [7924b688f9a057df6e8dc11eb64c4ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [7924b688f9a057df6e8dc11eb64c4ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [7924b688f9a057df6e8dc11eb64c4ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [7924b688f9a057df6e8dc11eb64c4ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [7924b688f9a057df6e8dc11eb64c4ab6],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [e3baf04ea7f2dc5a8378e7f8bc461ee2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [e3baf04ea7f2dc5a8378e7f8bc461ee2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [e3baf04ea7f2dc5a8378e7f8bc461ee2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [e3baf04ea7f2dc5a8378e7f8bc461ee2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [e3baf04ea7f2dc5a8378e7f8bc461ee2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [78252a14148569cdbe3d9847f70b26da],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [78252a14148569cdbe3d9847f70b26da],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [78252a14148569cdbe3d9847f70b26da],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [78252a14148569cdbe3d9847f70b26da],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [78252a14148569cdbe3d9847f70b26da],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [900dfb43673286b0e41788574bb75ea2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [900dfb43673286b0e41788574bb75ea2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [900dfb43673286b0e41788574bb75ea2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [900dfb43673286b0e41788574bb75ea2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [900dfb43673286b0e41788574bb75ea2],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [415cee50b7e2d4623bc0548bdb276898],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [415cee50b7e2d4623bc0548bdb276898],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [415cee50b7e2d4623bc0548bdb276898],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [415cee50b7e2d4623bc0548bdb276898],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [415cee50b7e2d4623bc0548bdb276898],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [d9c459e51e7bae880af1d30c798908f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [d9c459e51e7bae880af1d30c798908f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [d9c459e51e7bae880af1d30c798908f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [d9c459e51e7bae880af1d30c798908f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [d9c459e51e7bae880af1d30c798908f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [831a2a1424750c2a54a78f500ff3e818],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [831a2a1424750c2a54a78f500ff3e818],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [831a2a1424750c2a54a78f500ff3e818],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [831a2a1424750c2a54a78f500ff3e818],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [831a2a1424750c2a54a78f500ff3e818],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [ddc0ad91722781b509f2ebf428dab050],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [ddc0ad91722781b509f2ebf428dab050],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [ddc0ad91722781b509f2ebf428dab050],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [ddc0ad91722781b509f2ebf428dab050],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [ddc0ad91722781b509f2ebf428dab050],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [f0ad54ea4356989ec5369649de24b24e],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [f0ad54ea4356989ec5369649de24b24e],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [f0ad54ea4356989ec5369649de24b24e],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [f0ad54ea4356989ec5369649de24b24e],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [f0ad54ea4356989ec5369649de24b24e],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\lsdb.js, Quarantined, [0b9241fdf6a30f2723d8eef1f30f9769],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\background.html, Quarantined, [0b9241fdf6a30f2723d8eef1f30f9769],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\content.js, Quarantined, [0b9241fdf6a30f2723d8eef1f30f9769],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\manifest.json, Quarantined, [0b9241fdf6a30f2723d8eef1f30f9769],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnbidnkbnjgjjncfhomfahgcjbppkidi\2.0\Qd5loV.js, Quarantined, [0b9241fdf6a30f2723d8eef1f30f9769],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [b6e7093562374ceab34879667290a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [b6e7093562374ceab34879667290a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [b6e7093562374ceab34879667290a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [b6e7093562374ceab34879667290a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [b6e7093562374ceab34879667290a65a],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\lsdb.js, Quarantined, [c5d8fd41b5e495a1c734f6e934cef50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\background.html, Quarantined, [c5d8fd41b5e495a1c734f6e934cef50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\C5acSkC5Mp.js, Quarantined, [c5d8fd41b5e495a1c734f6e934cef50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\content.js, Quarantined, [c5d8fd41b5e495a1c734f6e934cef50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\kbhlceihnldlbehlghkndefjhiiajlek\2.0\manifest.json, Quarantined, [c5d8fd41b5e495a1c734f6e934cef50b],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\eoeillmlfljaaebddfhdbmnjgmnigpmd\lsdb.js, Quarantined, [5e3fa29cdcbdb18523a6f3b9c63dd927],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\eoeillmlfljaaebddfhdbmnjgmnigpmd\background.html, Quarantined, [5e3fa29cdcbdb18523a6f3b9c63dd927],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\eoeillmlfljaaebddfhdbmnjgmnigpmd\content.js, Quarantined, [5e3fa29cdcbdb18523a6f3b9c63dd927],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\eoeillmlfljaaebddfhdbmnjgmnigpmd\manifest.json, Quarantined, [5e3fa29cdcbdb18523a6f3b9c63dd927],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\eoeillmlfljaaebddfhdbmnjgmnigpmd\zk.js, Quarantined, [5e3fa29cdcbdb18523a6f3b9c63dd927],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\pcpdpfagdemccpfaaoeilpoppplkiado\lsdb.js, Quarantined, [f4a96ad4ff9a9a9ce7e2e4c835ce926e],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\pcpdpfagdemccpfaaoeilpoppplkiado\background.html, Quarantined, [f4a96ad4ff9a9a9ce7e2e4c835ce926e],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\pcpdpfagdemccpfaaoeilpoppplkiado\content.js, Quarantined, [f4a96ad4ff9a9a9ce7e2e4c835ce926e],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\pcpdpfagdemccpfaaoeilpoppplkiado\k.js, Quarantined, [f4a96ad4ff9a9a9ce7e2e4c835ce926e],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\pcpdpfagdemccpfaaoeilpoppplkiado\manifest.json, Quarantined, [f4a96ad4ff9a9a9ce7e2e4c835ce926e],
PUP.Optional.Dregol, C:\Documents and Settings\Heba\Local Settings\Application Data\Microsoft\Internet Explorer\Services\Run_Dregol.ico, Quarantined, [405dcb73c5d475c16d48b90eb94a6799],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140923173252, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\2a0b23fa8d6e74d43ffd9c87f735618a.ini, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\465f8e59c1c2d7743ffd9c87f735618a.ini, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\8c84dcdc46445dd63ffd9c87f735618a.ini, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\d08d3ab0b9962d8d3ffd9c87f735618a.ini, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140923173259, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140923173233, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140923173243, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\ae7e7b862a4d743a\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140923173447, Quarantined, [b4e96cd2e1b857df90a5a13a22e1768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [28758ab46930fe38e764cd0e788b01ff],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [28758ab46930fe38e764cd0e788b01ff],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [28758ab46930fe38e764cd0e788b01ff],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [28758ab46930fe38e764cd0e788b01ff],
PUP.Optional.MultiPlug, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [28758ab46930fe38e764cd0e788b01ff],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [cbd2df5f3d5c54e2d477ca1143c0738d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [cbd2df5f3d5c54e2d477ca1143c0738d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [cbd2df5f3d5c54e2d477ca1143c0738d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [cbd2df5f3d5c54e2d477ca1143c0738d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [cbd2df5f3d5c54e2d477ca1143c0738d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin\122\lsdb.js, Quarantined, [9c013608eaafbb7b351682599073fa06],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin\122\background.html, Quarantined, [9c013608eaafbb7b351682599073fa06],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin\122\content.js, Quarantined, [9c013608eaafbb7b351682599073fa06],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin\122\manifest.json, Quarantined, [9c013608eaafbb7b351682599073fa06],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ceaajjmckiakobniehbjpdcidfpohlin\122\PXdI.js, Quarantined, [9c013608eaafbb7b351682599073fa06],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp\159\lsdb.js, Quarantined, [efae66d82e6b2c0a400b36a57a8951af],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp\159\background.html, Quarantined, [efae66d82e6b2c0a400b36a57a8951af],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp\159\content.js, Quarantined, [efae66d82e6b2c0a400b36a57a8951af],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp\159\manifest.json, Quarantined, [efae66d82e6b2c0a400b36a57a8951af],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp\159\YPwDn.js, Quarantined, [efae66d82e6b2c0a400b36a57a8951af],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch\214\lsdb.js, Quarantined, [d5c83b0302973df9f754ad2e18eb8779],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch\214\background.html, Quarantined, [d5c83b0302973df9f754ad2e18eb8779],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch\214\content.js, Quarantined, [d5c83b0302973df9f754ad2e18eb8779],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch\214\ijrc8cOV.js, Quarantined, [d5c83b0302973df9f754ad2e18eb8779],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaonpiemcjiihedemhopdoefaohcjoch\214\manifest.json, Quarantined, [d5c83b0302973df9f754ad2e18eb8779],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff\204\lsdb.js, Quarantined, [247952ec13868da9b695ba2172919e62],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff\204\A9gT.js, Quarantined, [247952ec13868da9b695ba2172919e62],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff\204\background.html, Quarantined, [247952ec13868da9b695ba2172919e62],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff\204\content.js, Quarantined, [247952ec13868da9b695ba2172919e62],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff\204\manifest.json, Quarantined, [247952ec13868da9b695ba2172919e62],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf\137\lsdb.js, Quarantined, [5f3e74ca7b1e0f27e86314c73fc4a35d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf\137\background.html, Quarantined, [5f3e74ca7b1e0f27e86314c73fc4a35d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf\137\content.js, Quarantined, [5f3e74ca7b1e0f27e86314c73fc4a35d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf\137\H.js, Quarantined, [5f3e74ca7b1e0f27e86314c73fc4a35d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf\137\manifest.json, Quarantined, [5f3e74ca7b1e0f27e86314c73fc4a35d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma\124\lsdb.js, Quarantined, [4e4fa39bdebb73c3f754e4f723e08878],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma\124\B.js, Quarantined, [4e4fa39bdebb73c3f754e4f723e08878],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma\124\background.html, Quarantined, [4e4fa39bdebb73c3f754e4f723e08878],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma\124\content.js, Quarantined, [4e4fa39bdebb73c3f754e4f723e08878],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma\124\manifest.json, Quarantined, [4e4fa39bdebb73c3f754e4f723e08878],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\191\lsdb.js, Quarantined, [108d231b6732999d2f1cf9e2887bd32d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\191\background.html, Quarantined, [108d231b6732999d2f1cf9e2887bd32d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\191\content.js, Quarantined, [108d231b6732999d2f1cf9e2887bd32d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\191\manifest.json, Quarantined, [108d231b6732999d2f1cf9e2887bd32d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\191\zx.js, Quarantined, [108d231b6732999d2f1cf9e2887bd32d],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf\184\lsdb.js, Quarantined, [b5e88db149509d99f95292498b78916f],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf\184\background.html, Quarantined, [b5e88db149509d99f95292498b78916f],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf\184\content.js, Quarantined, [b5e88db149509d99f95292498b78916f],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf\184\fem6.js, Quarantined, [b5e88db149509d99f95292498b78916f],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf\184\manifest.json, Quarantined, [b5e88db149509d99f95292498b78916f],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg\231\lsdb.js, Quarantined, [a4f959e53861d264054609d2a65d37c9],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg\231\background.html, Quarantined, [a4f959e53861d264054609d2a65d37c9],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg\231\content.js, Quarantined, [a4f959e53861d264054609d2a65d37c9],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg\231\manifest.json, Quarantined, [a4f959e53861d264054609d2a65d37c9],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg\231\NOa7S0g.js, Quarantined, [a4f959e53861d264054609d2a65d37c9],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\183\lsdb.js, Quarantined, [415c81bde2b7350151fa9a415fa445bb],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\183\background.html, Quarantined, [415c81bde2b7350151fa9a415fa445bb],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\183\content.js, Quarantined, [415c81bde2b7350151fa9a415fa445bb],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\183\manifest.json, Quarantined, [415c81bde2b7350151fa9a415fa445bb],
PUP.Optional.MultiPlug, C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neoimfbegckkjkghndcgicfcknplgjcf\183\YFA5Rq.js, Quarantined, [415c81bde2b7350151fa9a415fa445bb],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [7c21e05e2b6ef3438ebde6f5a16208f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [7c21e05e2b6ef3438ebde6f5a16208f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [7c21e05e2b6ef3438ebde6f5a16208f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [7c21e05e2b6ef3438ebde6f5a16208f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [7c21e05e2b6ef3438ebde6f5a16208f8],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\lsdb.js, Quarantined, [c9d481bd752481b558f37e5d0ef5fe02],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\background.html, Quarantined, [c9d481bd752481b558f37e5d0ef5fe02],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\content.js, Quarantined, [c9d481bd752481b558f37e5d0ef5fe02],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\k7TGEAC1H.js, Quarantined, [c9d481bd752481b558f37e5d0ef5fe02],
PUP.Optional.MultiPlug, C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\155\manifest.json, Quarantined, [c9d481bd752481b558f37e5d0ef5fe02],
PUP.Optional.SuperOptimizer, C:\Documents and Settings\All Users\Application Data\{b07c1466-1379-6f24-b07c-c14661375198}\hqghumeaylnlf.dat, Quarantined, [198436085148e056b38112db669d7d83],
PUP.Optional.SuperOptimizer, C:\Documents and Settings\All Users\Application Data\{b07c1466-1379-6f24-b07c-c14661375198}\9ee3cb3738fcc548, Quarantined, [198436085148e056b38112db669d7d83],
PUP.Optional.SuperOptimizer, C:\Documents and Settings\All Users\Application Data\{b07c1466-1379-6f24-b07c-c14661375198}\a9431dcec18cce18, Quarantined, [198436085148e056b38112db669d7d83],
PUP.Optional.BuyFast, C:\Program Files\buyfasT\buyfasT.dat, Quarantined, [cad3241a4b4ec670d671b3fbd62c3dc3],
PUP.Optional.ShowAppIt, C:\Documents and Settings\All Users\Application Data\ShowAppIt\SW-Booster\1039561752.ini, Quarantined, [cad3c07ebcdd8caa1336a427f30f56aa],
PUP.Optional.ShowAppIt, C:\Documents and Settings\All Users\Application Data\ShowAppIt\SW-Booster\SW-Booster.exe, Quarantined, [cad3c07ebcdd8caa1336a427f30f56aa],
PUP.Optional.ShowAppIt, C:\Documents and Settings\All Users\Application Data\ShowAppIt\SW-Booster\1039561752\BIT1B.tmp, Quarantined, [cad3c07ebcdd8caa1336a427f30f56aa],
PUP.Optional.Yontoo, C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\yahoo.xml, Quarantined, [eab3e45a0198e35337636f83ab59926e],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

5.  ComboFix:

 

ComboFix 16-01-24.01 - Heba 01/27/2016   9:09.8.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.502.273 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\0Hk42awqve@g.net
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\0Hk42awqve@g.net\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\0Hk42awqve@g.net\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\0Hk42awqve@g.net\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\0Hk42awqve@g.net\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\3@UZIkqF9W.com
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\3@UZIkqF9W.com\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\3@UZIkqF9W.com\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\3@UZIkqF9W.com\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\3@UZIkqF9W.com\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\B1pr@3ty.edu
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\B1pr@3ty.edu\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\B1pr@3ty.edu\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\B1pr@3ty.edu\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\B1pr@3ty.edu\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\cdONsk@Ky0.org
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\cdONsk@Ky0.org\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\cdONsk@Ky0.org\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\cdONsk@Ky0.org\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\cdONsk@Ky0.org\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\D@8e.org
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\D@8e.org\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\D@8e.org\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\D@8e.org\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\D@8e.org\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\eJn3Z@ftb.com
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\eJn3Z@ftb.com\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\eJn3Z@ftb.com\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\eJn3Z@ftb.com\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\eJn3Z@ftb.com\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\m62@N.com
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\m62@N.com\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\m62@N.com\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\m62@N.com\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\m62@N.com\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ohdJ7@64vCa.com
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ohdJ7@64vCa.com\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ohdJ7@64vCa.com\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ohdJ7@64vCa.com\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ohdJ7@64vCa.com\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\rPuuXX@0cyPu.com
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\rPuuXX@0cyPu.com\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\rPuuXX@0cyPu.com\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\rPuuXX@0cyPu.com\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\rPuuXX@0cyPu.com\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\t4@bUuLsMj.org
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\t4@bUuLsMj.org\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\t4@bUuLsMj.org\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\t4@bUuLsMj.org\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\t4@bUuLsMj.org\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ueQB@H.com
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ueQB@H.com\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ueQB@H.com\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ueQB@H.com\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\ueQB@H.com\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\z@92L.com
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\z@92L.com\bootstrap.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\z@92L.com\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\z@92L.com\content\bg.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5exg81y2.default\extensions\staged\z@92L.com\install.rdf
c:\documents and settings\All Users\ntuser.pol
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\msdownld.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2015-12-27 to 2016-01-27  )))))))))))))))))))))))))))))))
.
.
2016-01-27 04:48 . 2016-01-27 04:49    170200    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-27 04:48 . 2016-01-27 04:48    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2016-01-27 04:48 . 2015-10-05 14:50    121560    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2016-01-27 04:48 . 2015-10-05 14:50    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2016-01-27 04:26 . 2016-01-27 04:26    --------    d-----w-    C:\AdwCleaner
2016-01-26 11:33 . 2016-01-26 11:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\8ee743a900004f91
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-19 23:41 . 2014-11-16 15:50    796864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2016-01-19 23:41 . 2011-09-01 03:45    142528    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2006-10-12 03:09    94208    --sha-w-    c:\windows\system32\SalaatTime.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2007-08-26 13443072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-27 185896]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-29 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
NETGEAR WNA3100 Genie.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2014-10-8 8266456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Zipeg\\zipeg.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15832:UDP"= 15832:UDP:UDP 15832
"24673:TCP"= 24673:TCP:TCP 24673
.
R0 BlackBox;BlackBox SR2;c:\windows\system32\drivers\BlackBox.sys [10/1/2011 8:43 PM 35712]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [10/8/2014 6:56 AM 1034240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/26/2016 11:48 PM 23256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [1/26/2016 11:48 PM 1135416]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [10/8/2014 6:56 AM 307928]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [8/17/2001 12:11 PM 20160]
S3 KDZfiltr;KidzMouse filter driver;c:\windows\system32\drivers\KDZfiltr.sys [4/22/2008 10:45 PM 4864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16 23:41]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{165B91E0-6835-43C6-8515-8A96CCF0A8D6}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\
FF - ExtSQL: !HIDDEN! 2011-08-31 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DriverToolkit - c:\program files\DriverToolkit\DriverToolkit.exe
AddRemove-MWASPI - c:\mwaspi\uninst.exe
AddRemove-{E1527582-8509-4011-B922-29E3FB548882}_is1 - c:\program files\DNS Unlocker\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-01-27 09:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\fxssvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2016-01-27  09:27:01 - machine was rebooted
ComboFix-quarantined-files.txt  2016-01-27 14:26
ComboFix2.txt  2012-06-28 01:52
.
Pre-Run: 31,984,467,968 bytes free
Post-Run: 31,925,473,280 bytes free
.
- - End Of File - - 681F290DEAA7D5E55BD258FC0E787EC1
5CB90281D1A59B251F6603134774EEC3



#12 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 28 January 2016 - 12:23 PM

Hi crojj42,

Thank you for the Logs.

 

Please do the following.

Please press the delete button on the adwcleaner. (for cleaning)

===========================================================================
To remove the .NET Framework Assistant for Firefox from your computer, follow these steps:
Delete the registry key for the extension. To do this, use one of the following methods.

 

       Use Registry Editor:

  • Log on with an account that has Administrator permissions.
  • Click Start, click Run, type regedit, and then press ENTER.
  • Locate and then click the following registry subkey.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
           
 Delete the {20a82645-c095-46ed-80e3-08825760534b} subkey.

        Use a command prompt:

  • Log on with an account that has Administrator permissions
  • Click Start, click Run, type cmd, and then press ENTER.
  • At the command prompt, type the appropriate command, and then press ENTER.

reg DELETE "HKLM\SOFTWARE\Mozilla\Firefox\Extensions" /v "{20a82645-c095-46ed-80e3-08825760534b}" /f

==========================================================

Step 1:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 2:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 28 January 2016 - 10:44 PM

Will try to have all this done by Saturday,

#14 olgun52

olgun52

  • Malware Response Team
  • 3,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 29 January 2016 - 12:53 PM

Okay. Thank you. I am waiting.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 30 January 2016 - 12:47 PM

Hi.  I did everything as you recommended, except for the Emsisoft scan.  When i tried to run it, it gave me a message that it cannot run on Windows versions older than 7.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users