Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Endlessly repeating Adobe PDF error windows, MB and Avira finding many trojans


  • This topic is locked This topic is locked
32 replies to this topic

#1 DemyFD

DemyFD

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 11 August 2014 - 09:31 PM

The computer has had issues in the past with some type of advertisment malware that crawls any browser and highlights keywords and products to create pop-up advertisements. Malwarebytes and Avira never successfully solved the problem.

 

Recently things hit the fan. The computer moved so slow as to take many minutes to open up simple software, largely because of a consistent pop-up windown that said something to the effect of the PDF failed to open even though no file was intended to be open. IE ground to a halt and was unuseable. Firefox was useable but extremely slow.

 

MB and Avira were run several times and they are finding a large number of threats including trojans and rootkits. It looks like a real mess.

 

Initially I was not able to successfully run the DDS which would essentially freeze before the generation of the txt files and then vanish from the screen.

 

The repeated sweeps of MB and Avira did at least temporarily stop the PDF error screens and allowed the two DDS txt files to be generated. IE now opens but immediately comes up to an about:SecurityRisk screen that explain that my settings put the computer at risk. The Avira toolbar explains that there is no web protection. In the past I was unable to successfully turn the real time web protection on and responses to questions about this ranged from it's a glitch, to it's a virus, to it's a complicated conflict between avira and certain windows files.

 

This is not my computer so my access to it has been inconsistent and brief during these past issues, but I am highly engaged now to follow this thread.

 

---

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by Fraula at 22:03:36 on 2014-08-11
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2036.1076 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Users\Fraula\AppData\Roaming\Microsoft\Windows\IEUpdate\rasautou.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\dllhost.exe
C:\Windows\explorer.exe
C:\Users\Fraula\AppData\Roaming\Microsoft\Windows\IEUpdate\rasautou.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.coupons.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080603
mStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080603
uURLSearchHooks: SearchHelper Class: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - c:\program files\sgpsa\mtwb3sh.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Avira SearchFree Toolbar: {41564952-412D-5637-4300-7A786E7484D7} -
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Avira SearchFree Toolbar: {41564952-412D-5637-4300-7A786E7484D7} -
TB: Avira SearchFree Toolbar: {41564952-412D-5637-4300-7A786E7484D7} -
uRunOnce: [rasautou] "c:\users\fraula\appdata\roaming\microsoft\windows\ieupdate\rasautou.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [VNT] c:\program files\vnt\vntldr.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
StartupFolder: c:\users\fraula\appdata\roaming\micros~1\windows\startm~1\programs\startup\fontview.lnk - c:\users\fraula\appdata\roaming\microsoft\windows\ieupdate\fontview.exe
StartupFolder: c:\users\fraula\appdata\roaming\micros~1\windows\startm~1\programs\startup\rasautou.lnk - c:\users\fraula\appdata\roaming\microsoft\windows\ieupdate\rasautou.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{7C40CF85-DF0B-4020-903B-13ED91B8DF5E} : NameServer = 192.168.1.1,192.168.1.10
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fraula\appdata\roaming\mozilla\firefox\profiles\d2gjj807.default\
FF - plugin: c:\progra~1\geocom~1\gc-bro~1\217~1.1\npgc-browser-plugin-client_2_1_7.dll
FF - plugin: c:\program files\couponalert_2pei\installr\1.bin\NP2pEISb.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\users\fraula\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2014-2-23 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2014-6-22 430160]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2014-6-22 430160]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-2-13 166352]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-7-7 141392]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2008-6-26 227328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2014-6-22 97648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys [2013-5-6 23296]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys [2013-5-6 27904]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2014-6-22 1028688]
SUnknown NisSrv;NisSrv; [x]
.
=============== Created Last 30 ================
.
2014-08-12 01:05:19    --------    d-----w-    c:\programdata\OgukXovov
2014-08-12 01:05:04    --------    d-----w-    c:\programdata\IzwiRehoh
2014-08-11 01:15:10    93808    ----a-w-    c:\program files\mozilla firefox\updated\webapprt-stub.exe
2014-08-11 01:15:10    24405104    ----a-w-    c:\program files\mozilla firefox\updated\xul.dll
2014-08-11 01:15:09    91032    ----a-w-    c:\program files\mozilla firefox\updated\webapp-uninstaller.exe
2014-08-11 01:15:08    277616    ----a-w-    c:\program files\mozilla firefox\updated\updater.exe
2014-08-11 01:15:06    897648    ----a-w-    c:\program files\mozilla firefox\updated\uninstall\helper.exe
2014-08-11 01:15:05    150128    ----a-w-    c:\program files\mozilla firefox\updated\softokn3.dll
2014-08-11 01:15:04    28272    ----a-w-    c:\program files\mozilla firefox\updated\plugin-hang-ui.exe
2014-08-11 01:15:04    18544    ----a-w-    c:\program files\mozilla firefox\updated\plugin-container.exe
2014-08-11 01:15:01    92784    ----a-w-    c:\program files\mozilla firefox\updated\nssdbm3.dll
2014-08-11 01:15:00    401008    ----a-w-    c:\program files\mozilla firefox\updated\nssckbi.dll
2014-08-11 00:14:19    --------    d-----w-    c:\programdata\AlicKiva
2014-08-09 12:58:53    --------    d-----w-    c:\programdata\IbortOlsuj
2014-08-09 12:33:18    --------    d-----w-    c:\programdata\IkreBcaba
2014-08-09 12:21:09    --------    d-----w-    c:\programdata\IpcaYgivh
2014-08-09 10:14:05    --------    d-sh--w-    c:\users\fraula\appdata\roaming\AppData
2014-08-09 02:38:24    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-09 02:37:00    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-09 02:37:00    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-09 02:37:00    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-08-09 00:11:49    --------    d-sh--w-    c:\programdata\USB Adapter Updater
2014-08-08 12:10:58    --------    d-----w-    c:\programdata\UnafKirp
2014-08-08 12:10:54    --------    d--h--w-    C:\6b85c75
.
==================== Find3M  ====================
.
2014-07-09 19:20:19    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 19:20:19    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-06-24 09:33:09    97648    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
.
============= FINISH: 22:04:35.92 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 12 August 2014 - 06:58 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

    IFast Browser Search (My Tattoons)
    Safe Saver[
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 DemyFD

DemyFD
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 14 August 2014 - 08:01 PM

I successfully ran Revo Unistaller and removed the two unwanted programs, but despite mulitple attempts I was unable to successfully run combofix. The program freezes halfway through everytime. The Adobe Acrobat error window has shown up a few times during these attempts. It reads:

 

An error has occurred with Adobe Acrobat/Reader. Please close Adobe Acrobat/Reader and try again.



#4 DemyFD

DemyFD
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 14 August 2014 - 08:59 PM

A quick update.

 

I allowed the computer to idle and came back into the room to see an open adobe window, suggestive of the constant attempts before to open said window. I closed it and then attempted combofix one more time and it worked.

 

ComboFix 14-08-15.01 - Fraula 08/14/2014  21:25:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2036.763 [GMT -4:00]
Running from: c:\users\Fraula\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CouponAlert_2pEI
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\mtWB3sh.dll
c:\programdata\Microsoft\Windows\DRM\4CA9.tmp
c:\programdata\Microsoft\Windows\DRM\F4F8.tmp
c:\users\Fraula\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Fraula\AppData\Local\Z@!-d22dccce-d755-4f39-a7d7-9603ca79a5e1.tmp
c:\users\Fraula\AppData\Roaming\6b85c75.exe
c:\users\Fraula\AppData\Roaming\appdata
c:\users\Fraula\AppData\Roaming\appdata\Local\Microsoft\Windows\History\History.IE5\MSHist012014081420140815\index.dat
c:\users\Fraula\AppData\Roaming\Microsoft\Windows\IEUpdate\fontview.exe
c:\users\Fraula\AppData\Roaming\Microsoft\Windows\IEUpdate\rasautou.exe
c:\users\Fraula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6b85c75.exe
c:\users\Fraula\avira_free_antivirus_en.exe
c:\users\Fraula\cygxml2-2.dll
c:\users\Fraula\cygz.dll
c:\users\Fraula\ds9.exe
c:\users\Fraula\hqkcomka.exe
c:\users\Fraula\MGtools.exe
c:\users\Public\RemoveSGP.exe
c:\windows\PFRO.log
c:\windows\system32\drivers\127f4a126ce02088.sys
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_127f4a126ce02088
-------\Service_127f4a126ce02088
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-15 to 2014-08-15  )))))))))))))))))))))))))))))))
.
.
2014-08-15 01:36 . 2014-08-15 01:44    --------    d-----w-    c:\users\Fraula\AppData\Local\temp
2014-08-15 01:36 . 2014-08-15 01:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-15 01:36 . 2014-08-15 01:36    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-08-14 20:03 . 2014-08-14 20:03    --------    d-----w-    c:\programdata\IpiyHawhe
2014-08-14 20:03 . 2014-08-14 20:03    --------    d-----w-    c:\programdata\AcodUkahh
2014-08-14 01:18 . 2014-08-14 01:18    --------    d-----w-    c:\program files\VS Revo Group
2014-08-12 01:05 . 2014-08-12 01:05    --------    d-----w-    c:\programdata\OgukXovov
2014-08-12 01:05 . 2014-08-12 01:05    --------    d-----w-    c:\programdata\IzwiRehoh
2014-08-11 00:14 . 2014-08-11 00:14    --------    d-----w-    c:\programdata\AlicKiva
2014-08-09 12:58 . 2014-08-09 12:58    --------    d-----w-    c:\programdata\IbortOlsuj
2014-08-09 12:33 . 2014-08-11 05:48    --------    d-----w-    c:\programdata\IkreBcaba
2014-08-09 12:21 . 2014-08-11 05:49    --------    d-----w-    c:\programdata\IpcaYgivh
2014-08-09 02:38 . 2014-08-12 02:10    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-09 02:37 . 2014-08-09 02:37    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-08-09 02:37 . 2014-05-12 11:26    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-09 02:37 . 2014-05-12 11:25    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-09 00:11 . 2014-08-11 02:17    --------    d-sh--w-    c:\programdata\USB Adapter Updater
2014-08-08 12:10 . 2014-08-09 15:01    --------    d-----w-    c:\programdata\UnafKirp
2014-08-08 12:10 . 2014-08-14 20:03    --------    d-----w-    C:\6b85c75
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 19:20 . 2012-04-28 03:00    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-09 19:20 . 2011-09-21 22:43    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 09:33 . 2014-06-22 21:29    97648    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-06-03 09:42 . 2014-06-03 09:43    136216    ----a-w-    c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-02-13 05:22    12240    ----a-w-    c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BYRUA_AGENT"="c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2012-12-10 392312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
"VNT"="c:\program files\VNT\vntldr.exe" [2014-02-13 195536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-13 751184]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-07 189520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-3 50688]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1708032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-03 05:19    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Fraula^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\Fraula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59    937920    ----a-r-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57    40368    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50    1603152    ----a-w-    c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13    206064    ----a-w-    c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50    1144104    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 18:06    485208    ----a-w-    c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44    248552    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 19:20]
.
2014-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:46]
.
2014-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:46]
.
2014-08-06 c:\windows\Tasks\Norton Security Scan for Fraula.job
- c:\progra~1\NORTON~2\Engine\410~1.28\Nss.exe [2014-05-04 06:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.coupons.com/
mStart Page = hxxp://search.coupons.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{7C40CF85-DF0B-4020-903B-13ED91B8DF5E}: NameServer = 192.168.1.1,192.168.1.10
FF - ProfilePath - c:\users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-USB Adapter Updater - c:\programdata\USB Adapter Updater\safpdndnn.exe
HKCU-Run-hqkcomka - c:\users\Fraula\hqkcomka.exe
HKCU-Run-UnafKirp - c:\programdata\UnafKirp\UnafKirp.dat
HKCU-Run-IpcaYgivh - (no file)
HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
HKCU-Run-IkreBcaba - (no file)
HKCU-Run-rasautou - c:\users\Fraula\AppData\Roaming\Microsoft\Windows\IEUpdate\rasautou.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
c:\users\Fraula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fontview.lnk - c:\users\Fraula\AppData\Roaming\Microsoft\Windows\IEUpdate\fontview.exe
c:\users\Fraula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rasautou.lnk - c:\users\Fraula\AppData\Roaming\Microsoft\Windows\IEUpdate\rasautou.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3011627892-104792279-3000243707-1000\Software\Win7zip]
@Denied: (A B 2 3) (Everyone)
"Uuid"=hex:6c,03,cb,90,b8,d2,bf,4e,b6,09,af,f8,43,20,1c,10
.
[HKEY_USERS\S-1-5-21-3011627892-104792279-3000243707-1000_Classes\CLSID\{6C03CB90-B8D2-BF4E-B609-AFF843201C10}]
@Denied: (A 4) (Everyone)
.
[HKEY_USERS\S-1-5-21-3011627892-104792279-3000243707-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-177723)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\msiexec.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2014-08-14  21:51:07 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-15 01:51
.
Pre-Run: 148,880,769,024 bytes free
Post-Run: 149,041,692,672 bytes free
.
- - End Of File - - F744A888DD285140A63930AEB0D7809E
5C616939100B85E558DA92B899A0FC36
 

 

As of the system restart, Avira is telling me it block access to a file containing a previously quarantined virus and is asking me if I want to remove it.



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 15 August 2014 - 03:01 AM

Please show the avira log.

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 DemyFD

DemyFD
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 17 August 2014 - 12:42 AM

Unfortunetely I did see where Avira stored its log as the only .txt I see in the log folder are different scans.

 

 

---

 

 

ComboFix 14-08-15.01 - Fraula 08/16/2014  23:11:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2036.1054 [GMT -4:00]
Running from: c:\users\Fraula\Desktop\ComboFix.exe
Command switches used :: c:\users\Fraula\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\6b85c75
c:\6b85c75\6b85c75.exe
c:\programdata\AcodUkahh
c:\programdata\AcodUkahh\AcodUkahh.dat
c:\programdata\AlicKiva
c:\programdata\AlicKiva\AlicKiva.dat
c:\programdata\IbortOlsuj
c:\programdata\IbortOlsuj\IbortOlsuj.dat
c:\programdata\IkreBcaba
c:\programdata\IpcaYgivh
c:\programdata\IpiyHawhe
c:\programdata\IpiyHawhe\IpiyHawhe.dat
c:\programdata\IzwiRehoh
c:\programdata\IzwiRehoh\IzwiRehoh.dat
c:\programdata\OgukXovov
c:\programdata\OgukXovov\OgukXovov.dat
c:\programdata\UnafKirp
c:\users\Fraula\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Fraula\AppData\Roaming\appdata
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
.
(((((((((((((((((((((((((   Files Created from 2014-07-17 to 2014-08-17  )))))))))))))))))))))))))))))))
.
.
2014-08-17 03:27 . 2014-07-02 00:11    8217224    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98CB5767-52A4-4709-8765-5B7B81E21ED2}\mpengine.dll
2014-08-17 03:22 . 2014-08-17 03:44    --------    d-----w-    c:\users\Fraula\AppData\Local\temp
2014-08-17 03:22 . 2014-08-17 03:22    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-08-17 03:22 . 2014-08-17 03:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-17 01:25 . 2014-08-17 01:25    --------    d-----w-    c:\windows\Temp84E7FD66-491A-950C-DD40-AB2B5B02F2D0-Signatures
2014-08-17 01:15 . 2014-08-17 01:17    --------    d-----w-    C:\4387e5fd33a6782b9db865d3
2014-08-15 02:10 . 2012-05-31 03:41    6762896    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC7CD4FD-4355-4806-B317-9B51BDC770AF}\mpengine.dll
2014-08-14 01:18 . 2014-08-14 01:18    --------    d-----w-    c:\program files\VS Revo Group
2014-08-09 02:38 . 2014-08-12 02:10    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-09 02:37 . 2014-08-09 02:37    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-08-09 02:37 . 2014-05-12 11:26    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-09 02:37 . 2014-05-12 11:25    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-09 00:11 . 2014-08-11 02:17    --------    d-sh--w-    c:\programdata\USB Adapter Updater
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 19:20 . 2012-04-28 03:00    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-09 19:20 . 2011-09-21 22:43    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 09:33 . 2014-06-22 21:29    97648    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-06-03 09:42 . 2014-06-03 09:43    136216    ----a-w-    c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-02-13 05:22    12240    ----a-w-    c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BYRUA_AGENT"="c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2012-12-10 392312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
"VNT"="c:\program files\VNT\vntldr.exe" [2014-02-13 195536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-13 751184]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-07 189520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-3 50688]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1708032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-03 05:19    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Fraula^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\Fraula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59    937920    ----a-r-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57    40368    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50    1603152    ----a-w-    c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13    206064    ----a-w-    c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50    1144104    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 18:06    485208    ----a-w-    c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44    248552    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 19:20]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:46]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:46]
.
2014-08-06 c:\windows\Tasks\Norton Security Scan for Fraula.job
- c:\progra~1\NORTON~2\Engine\410~1.28\Nss.exe [2014-05-04 06:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.coupons.com/
mStart Page = hxxp://search.coupons.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{7C40CF85-DF0B-4020-903B-13ED91B8DF5E}: NameServer = 192.168.1.1,192.168.1.10
FF - ProfilePath - c:\users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3011627892-104792279-3000243707-1000\Software\Win7zip]
@Denied: (A B 2 3) (Everyone)
"Uuid"=hex:6c,03,cb,90,b8,d2,bf,4e,b6,09,af,f8,43,20,1c,10
.
[HKEY_USERS\S-1-5-21-3011627892-104792279-3000243707-1000_Classes\CLSID\{6C03CB90-B8D2-BF4E-B609-AFF843201C10}]
@Denied: (A 4) (Everyone)
.
[HKEY_USERS\S-1-5-21-3011627892-104792279-3000243707-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-177723)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\WerCon.exe
c:\windows\system32\WerFault.exe
.
**************************************************************************
.
Completion time: 2014-08-16  23:49:10 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-17 03:49
ComboFix2.txt  2014-08-15 01:51
.
Pre-Run: 149,028,179,968 bytes free
Post-Run: 147,361,611,776 bytes free
.
- - End Of File - - 80EC821251D9A70A6F53A2A8A702405C
5C616939100B85E558DA92B899A0FC36
 

 

 

 

--------------------------------------------

 

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/17/2014
Scan Time: 12:09:04 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.16.08
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Fraula

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292724
Time Elapsed: 11 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Agent.EV, HKU\S-1-5-21-3011627892-104792279-3000243707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Users\Fraula\AppData\Roaming\Microsoft\Windows\IEUpdate\rasautou.exe", Delete-on-Reboot, [e26633948deeef4772d06f6f39c94db3]

Registry Data: 0
(No malicious items detected)

Folders: 13
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\defaults, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\defaults\preferences, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\userCode, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\locale, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\locale\en-US, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],

Files: 113
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome.manifest, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\install.rdf, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\89be3ff6760cffd68912609dca8bc91e.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\a5962742dd201c6d4e66e30926b0ab0d.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\b4502cbbf2325fdb3f0f00bcc354489a.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\background.html, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\browser.xul, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\d22d6f534bf2f7ca5466e404b71e1f36.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\dialog.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\e6c887c973fbfa1222d5e979783e2860.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\ffCoreFilesIndex.txt, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\options.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\options.xul, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\search_dialog.xul, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\641bb43b962452d19ea82d0dc302741e.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\00a7c3e616a8aa7b3b640105368585b6.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\0b3a44f9e1c4985ad1fa3c8c402ad220.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\188d8bba6225c323d5cd1495dc2939fc.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\24e40de5a0a373d64b6e4af10209634e.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\39969c14c0140ba55ec5033630c2b1a9.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\410c7323eca56fff5b4d1813242d0dd6.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\5b73eefda31a4429637d1d0c6b0ca825.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\5d8080562caca74004af2d05e1e8db2e.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\6460c3d0d50567984e19f5d8f4c8008a.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\76adc14630557fed516a8b012568283c.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\7c82be8f6c88d9584e9636d60ff25553.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\8d4b07c70236b880cf293a7677dcefd9.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\96cba14f6bfb5af7c6c7bb2ef30c09d0.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\cd8112d1db7b4df8d85722b0c167a493.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\api\e5d70b2bd6a8be7b75020d8695b75a8c.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\c71ec3aabedfb22a5efe66d1b7a436bf.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\00f0a22c1d85b69972eb0d3b6237ea19.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\0fc2fe998dac1d5047cfcaececf4513c.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\1954121a91d920de68d1d38294e48ca1.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\20b4dccce66cb632ba8e61d4c9274196.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\2e55d292c5e937eec9306c0381434511.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\34f8bb0ba33a877cce66881d25b8870b.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\393150adb41ff833929d1b64ae7ef774.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\4fec59a0663c32dec63ab2f33f8a5802.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\71016134f5d16e8399f418925ff2becf.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\7e57135c5e2ec27c89dff61de81550e6.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\8982bb16f7e43b357ce1ed98daf9b156.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\9d570a84b68c28f69d339a025616c5bb.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\c4d0a28641898e354c48209d98fe5046.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\cdd001a242333767871ce013ae78f63e.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\d08b235e48414f77479abc5295837f27.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\e66b56adce1055dee3e665ec4ac41739.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\f710c068be6c49d2f3094e91a6aae1e6.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\f98573529b53958390c26102f7dc736d.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\f9f95800f52d0fd9e8897132a39f1148.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\chrome\content\core\installer.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\defaults\preferences\prefs.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\manifest.xml, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins.json, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\223.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\1.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\102.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\104.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\119.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\13.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\14.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\16.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\17.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\177.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\178.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\179.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\180.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\182.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\183.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\184.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\194.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\207.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\21.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\22.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\220.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\221.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\230.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\233.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\242.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\244.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\246.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\260.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\263.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\268.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\28.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\281.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\4.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\47.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\64.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\7.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\72.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\78.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\9.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\91.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\93.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\98.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\userCode\background.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\userCode\extension.js, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\locale\en-US\translations.dtd, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\button1.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\button2.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\button3.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\button4.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\button5.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\crossrider_statusbar.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\icon128.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\icon16.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\icon24.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\icon48.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\panelarrow-up.png, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\popup.html, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\skin.css, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],
PUP.Optional.CrossRider.A, C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\skin\update.css, No Action By User, [61e72c9b0774e254f8d97845778b2ed2],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

-------------------------------------

 

I apologize for the slowness of my replies but doing anything on this computer now requires marathon lengths of time and the patience to sit for hours to do just simple tasks as the computer chugs and grinds through the Adobe PDF Document error over and over while I'm trying to follow these directions.



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 18 August 2014 - 02:42 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 DemyFD

DemyFD
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 19 August 2014 - 06:37 PM

C:\DELL\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\DELL\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\DELL\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\DELL\Welcome Center\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\DELL\Welcome Center\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\DELL\Welcome Center\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\doctemp\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\doctemp\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\doctemp\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\doctemp\f3644\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\doctemp\f3644\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\doctemp\f3644\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\doctemp\fn554\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\doctemp\fn554\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\doctemp\fn554\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\doctemp\kp319\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\doctemp\kp319\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\doctemp\kp319\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\doctemp\up839\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\doctemp\up839\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\doctemp\up839\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\modem\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\modem\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\modem\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\modem\R139488\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\modem\R139488\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\modem\R139488\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\network\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\network\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\network\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\network\R154739\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\network\R154739\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\network\R154739\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\storage\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\storage\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\storage\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\storage\R154069\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\storage\R154069\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\storage\R154069\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\storage\R154092\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\storage\R154092\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\storage\R154092\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\ara\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ara\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ara\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\chs\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\chs\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\chs\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\cht\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\cht\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\cht\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\csy\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\csy\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\csy\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\dan\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\dan\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\dan\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\deu\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\deu\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\deu\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\ell\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ell\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ell\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\ENU\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ENU\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ENU\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\esp\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\esp\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\esp\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\fin\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\fin\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\fin\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\fra\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\fra\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\fra\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\heb\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\heb\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\heb\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\hun\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\hun\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\hun\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\ita\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ita\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ita\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\jpn\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\jpn\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\jpn\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\kor\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\kor\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\kor\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\nld\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\nld\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\nld\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\nor\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\nor\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\nor\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\plk\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\plk\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\plk\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\ptb\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ptb\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ptb\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\ptg\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ptg\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\ptg\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\rus\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\rus\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\rus\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\SKY\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\SKY\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\SKY\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\SLV\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\SLV\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\SLV\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\sve\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\sve\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\sve\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\tha\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\tha\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\tha\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Drivers\video\R178826\LANG\HDMI\trk\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\trk\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Drivers\video\R178826\LANG\HDMI\trk\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\LGMobileUpgrade\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\LGMobileUpgrade\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\LGMobileUpgrade\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\LGMobileUpgrade\LGMOBILEAX\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\LGMobileUpgrade\LGMOBILEAX\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\LGMobileUpgrade\LGMOBILEAX\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\LGMobileUpgrade\LGMOBILEAX\image\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\LGMobileUpgrade\LGMOBILEAX\image\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\LGMobileUpgrade\LGMOBILEAX\image\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\MGtools\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\MGtools\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\MGtools\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\MGtools\Process.exe    Win32/PrcView potentially unsafe application
C:\Poker Application\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Poker Application\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Poker Application\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Poker Application\Absolute Poker\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Poker Application\Absolute Poker\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Poker Application\Absolute Poker\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Poker Application\Absolute Poker\HandHistory\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Poker Application\Absolute Poker\HandHistory\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Poker Application\Absolute Poker\HandHistory\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Poker Application\Absolute Poker\HandHistory\DARETOBE\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Poker Application\Absolute Poker\HandHistory\DARETOBE\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Poker Application\Absolute Poker\HandHistory\DARETOBE\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe    Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\SO.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\toolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\ToolbarPS.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\VNT\vntldr.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Program Files\Final Draft 7\Patch.exe    a variant of Win32/HackTool.Patcher.A potentially unsafe application
C:\Program Files\VNT\vntldr.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\ProgramData\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Avira\My Avira\Temp\antivirus.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\ProgramData\Individual Software\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Individual Software\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Individual Software\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Individual Software\Typing Instructor Deluxe 9\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Individual Software\Typing Instructor Deluxe 9\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Individual Software\Typing Instructor Deluxe 9\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Intuit\Common\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Intuit\Common\Update Service\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\Update Service\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\Update Service\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Intuit\Common\Update Service\v2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\Update Service\v2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\Update Service\v2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Intuit\Common\Update Service\v2\Global\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\Update Service\v2\Global\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\Update Service\v2\Global\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Intuit\Common\Update Service\v2\Logs\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\Update Service\v2\Logs\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Intuit\Common\Update Service\v2\Logs\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Kodak\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Kodak\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Kodak\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Kodak\Registration\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Kodak\Registration\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Kodak\Registration\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\ProgramData\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\ProgramData\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\ProgramData\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Programs\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Programs\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Programs\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Programs\PartyGaming\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Programs\PartyGaming\PartyCasino\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\PartyCasino\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\PartyCasino\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Programs\PartyGaming\PartyCasino\language\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\PartyCasino\language\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\PartyCasino\language\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Programs\PartyGaming\PartyCasino\language\en_US\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\PartyCasino\language\en_US\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\PartyCasino\language\en_US\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Programs\PartyGaming\PartyCasino\language\en_US\images\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\PartyCasino\language\en_US\images\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Programs\PartyGaming\PartyCasino\language\en_US\images\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Qoobox\Quarantine\C\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll.vir    Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll.vir    a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll.vir    Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Fraula\avira_free_antivirus_en.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\All Users\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Avira\My Avira\Temp\antivirus.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\All Users\Individual Software\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Individual Software\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Individual Software\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Individual Software\Typing Instructor Deluxe 9\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Individual Software\Typing Instructor Deluxe 9\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Individual Software\Typing Instructor Deluxe 9\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Intuit\Common\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Intuit\Common\Update Service\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\Update Service\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\Update Service\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\Global\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\Global\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\Global\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\Logs\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\Logs\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Intuit\Common\Update Service\v2\Logs\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Kodak\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Kodak\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Kodak\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Kodak\Registration\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Kodak\Registration\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Kodak\Registration\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\All Users\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\All Users\Microsoft\OFFICE\DATA\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\.SunDownloadManager\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\.SunDownloadManager\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\.SunDownloadManager\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\ehome\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\ehome\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\ehome\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8SL9RUR7\pd[1].htm    JS/Exploit.Agent.NFW trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OUUG1G6Y\PopularScreensavers[1].exe    Win32/AdInstaller potentially unwanted application
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Local Folders\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Local Folders\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Local Folders\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Mail\Stationery\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Media\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Photo Gallery\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Photo Gallery\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Photo Gallery\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Hearts\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Hearts\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Hearts\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Mahjong Titans\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Mahjong Titans\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Mahjong Titans\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Minesweeper\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Minesweeper\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Minesweeper\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Purble Place\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Purble Place\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Purble Place\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Solitaire\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Spider Solitaire\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Spider Solitaire\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\Microsoft Games\Spider Solitaire\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\PokerStars\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\PokerStars\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\PokerStars\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_purchaseoffer\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_purchaseoffer\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_purchaseoffer\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_purchaseoffer\001f3896-1025-4ab3-87b9-0558891a1f46.7\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_purchaseoffer\001f3896-1025-4ab3-87b9-0558891a1f46.7\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_purchaseoffer\001f3896-1025-4ab3-87b9-0558891a1f46.7\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\009b9950-b08b-4dd5-99bc-fcd8d70a71c3.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\009b9950-b08b-4dd5-99bc-fcd8d70a71c3.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\009b9950-b08b-4dd5-99bc-fcd8d70a71c3.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\10700dd7-8be2-434b-acc4-e1eb20401c10.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\10700dd7-8be2-434b-acc4-e1eb20401c10.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\10700dd7-8be2-434b-acc4-e1eb20401c10.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\154bd104-b715-42d4-9669-732898771042.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\154bd104-b715-42d4-9669-732898771042.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\154bd104-b715-42d4-9669-732898771042.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\1b618a3c-9a55-43bc-ad0f-ab68662e3274.3\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\1b618a3c-9a55-43bc-ad0f-ab68662e3274.3\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\1b618a3c-9a55-43bc-ad0f-ab68662e3274.3\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\1f7b4bbf-a280-4d37-8a4d-170d8ea22307.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\1f7b4bbf-a280-4d37-8a4d-170d8ea22307.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\1f7b4bbf-a280-4d37-8a4d-170d8ea22307.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\30b03fff-95fb-4b68-8364-8d2d6ff7f926.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\30b03fff-95fb-4b68-8364-8d2d6ff7f926.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\30b03fff-95fb-4b68-8364-8d2d6ff7f926.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\31c2abe1-f18b-4a8a-873d-50f7d94b952c.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\31c2abe1-f18b-4a8a-873d-50f7d94b952c.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\31c2abe1-f18b-4a8a-873d-50f7d94b952c.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\347b11a7-df51-4af3-8eb7-36a981bd03be.3\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\347b11a7-df51-4af3-8eb7-36a981bd03be.3\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\347b11a7-df51-4af3-8eb7-36a981bd03be.3\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\38749802-59c7-4890-991e-fe3ce8c34e3e.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\38749802-59c7-4890-991e-fe3ce8c34e3e.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\38749802-59c7-4890-991e-fe3ce8c34e3e.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\3cfa5737-78cf-4d8c-ba90-895bf4c39c03.3\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\3cfa5737-78cf-4d8c-ba90-895bf4c39c03.3\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\3cfa5737-78cf-4d8c-ba90-895bf4c39c03.3\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\44385a1e-bf1d-4a2c-856e-e9ef82e72c60.4\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\44385a1e-bf1d-4a2c-856e-e9ef82e72c60.4\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\44385a1e-bf1d-4a2c-856e-e9ef82e72c60.4\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\452739cf-867d-4298-a568-29da2bf72626.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\452739cf-867d-4298-a568-29da2bf72626.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\452739cf-867d-4298-a568-29da2bf72626.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\4b48a309-f1a4-4cee-9b78-fe02d205c2be.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\4b48a309-f1a4-4cee-9b78-fe02d205c2be.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\4b48a309-f1a4-4cee-9b78-fe02d205c2be.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\4f065e8f-49bf-48b3-b5c8-18aff8d437b2.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\4f065e8f-49bf-48b3-b5c8-18aff8d437b2.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\4f065e8f-49bf-48b3-b5c8-18aff8d437b2.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\552e3a64-502e-4974-b55f-cdeeb3777446.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\552e3a64-502e-4974-b55f-cdeeb3777446.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\552e3a64-502e-4974-b55f-cdeeb3777446.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\62749dea-2b84-4141-988a-bacf8b60d835.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\62749dea-2b84-4141-988a-bacf8b60d835.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\62749dea-2b84-4141-988a-bacf8b60d835.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\62eee343-e896-4aad-80d6-243a5dbb90e2.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\62eee343-e896-4aad-80d6-243a5dbb90e2.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\62eee343-e896-4aad-80d6-243a5dbb90e2.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\6dd21e17-d1bd-4afa-8ae8-ac1779061720.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\6dd21e17-d1bd-4afa-8ae8-ac1779061720.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\6dd21e17-d1bd-4afa-8ae8-ac1779061720.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\6f4fc308-aed6-4f7c-b6a2-8bf51d582579.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\6f4fc308-aed6-4f7c-b6a2-8bf51d582579.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\6f4fc308-aed6-4f7c-b6a2-8bf51d582579.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\71d1908b-4bde-4ab1-9f47-0e5b3fcf665b.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\71d1908b-4bde-4ab1-9f47-0e5b3fcf665b.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\71d1908b-4bde-4ab1-9f47-0e5b3fcf665b.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\8d376d03-1b93-4a0d-9104-316a2827f8f2.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\8d376d03-1b93-4a0d-9104-316a2827f8f2.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\8d376d03-1b93-4a0d-9104-316a2827f8f2.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\8f0a1fd2-cb6a-4a97-ac14-46f37c2f364f.3\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\8f0a1fd2-cb6a-4a97-ac14-46f37c2f364f.3\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\8f0a1fd2-cb6a-4a97-ac14-46f37c2f364f.3\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\95aac226-8323-4dc8-876c-e8e129f20d82.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\95aac226-8323-4dc8-876c-e8e129f20d82.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\95aac226-8323-4dc8-876c-e8e129f20d82.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\96d3d22c-bda9-460d-8ae1-13d31f2b907d.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\96d3d22c-bda9-460d-8ae1-13d31f2b907d.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\96d3d22c-bda9-460d-8ae1-13d31f2b907d.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9983c241-ebdd-409d-931c-ad5521121961.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9983c241-ebdd-409d-931c-ad5521121961.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9983c241-ebdd-409d-931c-ad5521121961.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9c3938d2-b212-4f18-b75c-476600bbfecc.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9c3938d2-b212-4f18-b75c-476600bbfecc.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9c3938d2-b212-4f18-b75c-476600bbfecc.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9f58134e-a70f-487a-a858-b08fe792b178.3\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9f58134e-a70f-487a-a858-b08fe792b178.3\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\9f58134e-a70f-487a-a858-b08fe792b178.3\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a043dd92-c298-46f2-b7fe-00f5d1504465.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a043dd92-c298-46f2-b7fe-00f5d1504465.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a043dd92-c298-46f2-b7fe-00f5d1504465.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a1b8fd83-21c3-4dd5-926f-52dbb1c6365f.3\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a1b8fd83-21c3-4dd5-926f-52dbb1c6365f.3\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a1b8fd83-21c3-4dd5-926f-52dbb1c6365f.3\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a9bfc538-a44e-489d-b735-5d1f8ac39be1.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a9bfc538-a44e-489d-b735-5d1f8ac39be1.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\a9bfc538-a44e-489d-b735-5d1f8ac39be1.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\af57d6f5-a032-4a7e-9a1a-594792c6aad5.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\af57d6f5-a032-4a7e-9a1a-594792c6aad5.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\af57d6f5-a032-4a7e-9a1a-594792c6aad5.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bbac4425-f073-4ffd-bc68-d4d66c3277d7.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bbac4425-f073-4ffd-bc68-d4d66c3277d7.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bbac4425-f073-4ffd-bc68-d4d66c3277d7.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bd6babc5-1105-47a0-b576-ebe25addf267.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bd6babc5-1105-47a0-b576-ebe25addf267.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bd6babc5-1105-47a0-b576-ebe25addf267.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bf73c46e-3ae4-45f2-9e20-10b7368c6b05.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bf73c46e-3ae4-45f2-9e20-10b7368c6b05.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\bf73c46e-3ae4-45f2-9e20-10b7368c6b05.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\c6d6fc58-22d1-4812-a917-d656a553a835.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\c6d6fc58-22d1-4812-a917-d656a553a835.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\c6d6fc58-22d1-4812-a917-d656a553a835.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\ccbd7748-8594-40ef-af4c-f6d2f557db95.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\ccbd7748-8594-40ef-af4c-f6d2f557db95.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\ccbd7748-8594-40ef-af4c-f6d2f557db95.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\ccfb5f0d-8d3f-493f-ad69-e0633514c447.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\ccfb5f0d-8d3f-493f-ad69-e0633514c447.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\ccfb5f0d-8d3f-493f-ad69-e0633514c447.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\cd3d9855-ebfe-4107-baa3-b829932a8d43.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\cd3d9855-ebfe-4107-baa3-b829932a8d43.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\cd3d9855-ebfe-4107-baa3-b829932a8d43.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\d220718a-28d2-423d-bb18-8051a0d63d10.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\d220718a-28d2-423d-bb18-8051a0d63d10.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\d220718a-28d2-423d-bb18-8051a0d63d10.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\db8db623-56af-4129-8727-917c679089b3.3\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\db8db623-56af-4129-8727-917c679089b3.3\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\db8db623-56af-4129-8727-917c679089b3.3\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\dfe1a3e8-219b-4db6-a2be-6be68c07644c.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\dfe1a3e8-219b-4db6-a2be-6be68c07644c.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\dfe1a3e8-219b-4db6-a2be-6be68c07644c.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e1c39d90-0066-478e-87b6-42bdf7960d18.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e1c39d90-0066-478e-87b6-42bdf7960d18.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e1c39d90-0066-478e-87b6-42bdf7960d18.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e2903bde-eb4d-4fe4-9776-994b0c6a1665.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e2903bde-eb4d-4fe4-9776-994b0c6a1665.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e2903bde-eb4d-4fe4-9776-994b0c6a1665.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e477c0e0-52d0-4055-9209-7be458bb1ad3.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e477c0e0-52d0-4055-9209-7be458bb1ad3.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\e477c0e0-52d0-4055-9209-7be458bb1ad3.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f6af7f57-f49f-46b9-a50c-5a81bbaae8ba.2\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f6af7f57-f49f-46b9-a50c-5a81bbaae8ba.2\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f6af7f57-f49f-46b9-a50c-5a81bbaae8ba.2\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f6f91c65-ca35-43e2-a7f4-68bbfef71b5a.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f6f91c65-ca35-43e2-a7f4-68bbfef71b5a.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f6f91c65-ca35-43e2-a7f4-68bbfef71b5a.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f8b9dce9-0c3d-445b-9fef-38836619888e.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f8b9dce9-0c3d-445b-9fef-38836619888e.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\f8b9dce9-0c3d-445b-9fef-38836619888e.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\fa801c7b-d566-4884-9eac-c197da28308e.1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\fa801c7b-d566-4884-9eac-c197da28308e.1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\data\sprt_resource\fa801c7b-d566-4884-9eac-c197da28308e.1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\state\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\state\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\state\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\state\logs\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\state\logs\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Local\SupportSoft\DellSupportCenter\Fraula\state\logs\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Local\VNT\vntldr.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Users\Fraula\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Microsoft\Silverlight\is\uz32hzs0.0yl\5thyhnbi.bmo\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Sun\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\jre1.6.0_21\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\jre1.6.0_21\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\jre1.6.0_21\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\jre1.6.0_23\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\jre1.6.0_23\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Sun\Java\jre1.6.0_23\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Toolbar4\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Toolbar4\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Toolbar4\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\LocalLow\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\LocalLow\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Adobe\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\AssetCache\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\AssetCache\LJH68NFZ\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\AssetCache\LJH68NFZ\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Adobe\Flash Player\AssetCache\LJH68NFZ\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\res\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\res\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\res\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\mozilla-profile\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\mozilla-profile\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\mozilla-profile\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\themes\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\themes\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\themes\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\themes\windows_theme\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\themes\windows_theme\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\LimeWire\themes\windows_theme\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Malwarebytes\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Malwarebytes\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Malwarebytes\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Microsoft\Windows Photo Gallery\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Microsoft\Windows Photo Gallery\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Microsoft\Windows Photo Gallery\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\194.js    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com\extensionData\plugins\91.js    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Fraula\AppData\Roaming\Nikon\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Nikon\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Nikon\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Nikon\Nikon Transfer\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Nikon\Nikon Transfer\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Nikon\Nikon Transfer\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\Nikon\Nikon Transfer\Database\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Nikon\Nikon Transfer\Database\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\Nikon\Nikon Transfer\Database\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\partyNJ\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\partyNJ\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\partyNJ\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\partyNJ\partypokerNJ\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\partyNJ\partypokerNJ\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\partyNJ\partypokerNJ\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\SUPERAntiSpyware.com\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\SUPERAntiSpyware.com\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\SUPERAntiSpyware.com\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\2011_06_17\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\2011_06_17\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\2011_06_17\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\2011_06_17\2011_06_17\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\2011_06_17\2011_06_17\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\2011_06_17\2011_06_17\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\2011_06_17\2011_06_17\2011_09_01\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\2011_06_17\2011_06_17\2011_09_01\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\2011_06_17\2011_06_17\2011_09_01\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\Chris's pictures\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Chris's pictures\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Chris's pictures\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\Misc Pictures\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Misc Pictures\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Misc Pictures\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\Music\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Music\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Music\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\nook pics\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\nook pics\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\nook pics\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\Pictures\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Pictures\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Pictures\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\Pictures\New Photo Print.el6.Data\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Pictures\New Photo Print.el6.Data\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Pictures\New Photo Print.el6.Data\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\Programs\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Programs\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Programs\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\Programs\Final Draft v7.1.1.19\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Programs\Final Draft v7.1.1.19\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\Programs\Final Draft v7.1.1.19\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Desktop\Programs\Final Draft v7.1.1.19\Patch.exe    a variant of Win32/HackTool.Patcher.A potentially unsafe application
C:\Users\Fraula\Desktop\wedding\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\wedding\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Desktop\wedding\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Documents\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Documents\LimeWire\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\LimeWire\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\LimeWire\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Documents\LimeWire\Saved\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\LimeWire\Saved\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\LimeWire\Saved\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Documents\Logan\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\Logan\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\Logan\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Documents\New Photo Print.el6.Data\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\New Photo Print.el6.Data\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\New Photo Print.el6.Data\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Documents\Scott.el6.Data\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\Scott.el6.Data\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\Scott.el6.Data\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Documents\Symantec\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\Symantec\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Documents\Symantec\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Downloads\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Downloads\FLCL\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\FLCL\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\FLCL\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Downloads\FLCL\VIDEO_TS\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\FLCL\VIDEO_TS\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\FLCL\VIDEO_TS\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Downloads\FLCL Art\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\FLCL Art\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\FLCL Art\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Downloads\Fooly Cooly EP 1-6 English\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\Fooly Cooly EP 1-6 English\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\Fooly Cooly EP 1-6 English\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Downloads\Potter 6\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\Potter 6\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Downloads\Potter 6\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\New Folder\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\New Folder\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\New Folder\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\New Folder\2010_02_25\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\New Folder\2010_02_25\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\New Folder\2010_02_25\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2009-05-23\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-05-23\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-05-23\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2009-05-24\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-05-24\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-05-24\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2009-08-06\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-08-06\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-08-06\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2009-08-09\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-08-09\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-08-09\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2009-09-08\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-09-08\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-09-08\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2009-12-27\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-12-27\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2009-12-27\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-02-25\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-02-25\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-02-25\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-05-23\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-05-23\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-05-23\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-06-01\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-06-01\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-06-01\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-08-01\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-08-01\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-08-01\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-08-27\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-08-27\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-08-27\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-10-02\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-10-02\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-10-02\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-10-02\100OLYMP\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-10-02\100OLYMP\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-10-02\100OLYMP\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-12-11\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-12-11\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-12-11\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2010-12-18\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-12-18\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2010-12-18\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2011-01-28\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-01-28\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-01-28\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2011-03-19\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-03-19\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-03-19\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2011-08-23\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-08-23\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-08-23\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2011-09-01\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-09-01\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-09-01\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2011-10-09\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-10-09\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2011-10-09\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2012-08-21\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2012-08-21\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2012-08-21\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2013-11-10\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2013-11-10\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2013-11-10\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
C:\Users\Fraula\Pictures\2014-02-03\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2014-02-03\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
C:\Users\Fraula\Pictures\2014-02-03\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan
D:\DECRYPT_INSTRUCTION.HTML    Win32/Filecoder.CR trojan
D:\DECRYPT_INSTRUCTION.TXT    Win32/Filecoder.CR trojan
D:\DECRYPT_INSTRUCTION.URL    Win32/Filecoder.CR.Gen trojan



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 20 August 2014 - 06:06 AM

This looks like your computer is infected by a file encrypting ransom ware. :wacko:

When did you see encrypted files the first time?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 DemyFD

DemyFD
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 20 August 2014 - 10:02 AM

Couldn't say for sure it's not my computer. But shortly before I contacted you I started to see a flood of infected files in Avira.



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 21 August 2014 - 02:13 AM

As nobody told me about the symptoms showing that an encrypting trojan is present, we hopefully didn´t delete necessary information.

Tell the owner of this computer that we have bad news. Some of his or her files are encrypted by a ransomware named CryptoWall.

 

We´ve collected everything we know about it here.

 

The malware itself has been removed from the computer.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 DemyFD

DemyFD
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 23 August 2014 - 06:40 PM

When trying to run adwcleaner the computer has been clogging up everytime. Sometimes it gets to "uncheck elements" but even if you try to clean at that point it locks up during that process. The computer doesn't freeze it's just so slow that running this scan seems to put it over the edge and it grinds and grinds and grinds but nothing actually happens in the program.

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 25 August 2014 - 02:53 AM

Reboot into safe mode and try again


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 DemyFD

DemyFD
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 03 September 2014 - 07:49 PM

# AdwCleaner v3.309 - Report created 03/09/2014 at 15:00:20
# Updated 02/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : Fraula - FRAULA-PC
# Running from : C:\Users\Fraula\Downloads\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Windows Genuine Advantage
Folder Deleted : C:\Users\Fraula\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\Extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com
File Deleted : C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\invalidprefs.js
File Deleted : C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\searchplugins\bingp.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VNT]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366326654}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Fraula\AppData\Roaming\Mozilla\Firefox\Profiles\d2gjj807.default\prefs.js ]

Line Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.backgroundjs", "\n\n/*****************************************************************************[...]
Line Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.js", "\n\n  /************************************************************************************\[...]
Line Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Line Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [10165 octets] - [21/08/2014 20:21:28]
AdwCleaner[R1].txt - [10226 octets] - [22/08/2014 00:02:43]
AdwCleaner[R2].txt - [10189 octets] - [23/08/2014 06:48:33]
AdwCleaner[R3].txt - [10580 octets] - [03/09/2014 14:58:05]
AdwCleaner[S0].txt - [518 octets] - [22/08/2014 00:19:18]
AdwCleaner[S1].txt - [356 octets] - [23/08/2014 07:21:15]
AdwCleaner[S2].txt - [10466 octets] - [03/09/2014 15:00:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10527 octets] ##########
 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Fraula on Wed 09/03/2014 at 15:16:13.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3011627892-104792279-3000243707-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4FF36647-C2B3-416C-A845-627076EBEB7C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6BA7B3E2-E9D0-4FD4-B24E-656852B300F7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{F194CFD8-D3D5-42DF-805C-0087A161448F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\couponalert_2pei
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F1197502-1029-4E9E-B729-A2FDCE2183A9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Emptied folder: C:\Users\Fraula\AppData\Roaming\mozilla\firefox\profiles\d2gjj807.default\minidumps [121 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/03/2014 at 17:04:43.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

 

 

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 1 x86 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 8 Out of date!
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop                   
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java™ 6 Update 23  
 Java version out of Date!
 Adobe Flash Player     14.0.0.145  
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 17 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 

 

 

 

I believe the high memory consumption that is clogging up this computer is from the constant generation of dllhost.exe which is visible in task manager.



#15 DemyFD

DemyFD
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 03 September 2014 - 08:06 PM

Avira alerted to two discoveries in two separate windows. It ran a scan both times. The scans are as follow:

 


Avira Free Antivirus
Report file date: Wednesday, September 03, 2014  20:56


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows Vista ™ Home Premium
Windows version : (Service Pack 1)  [6.0.6001]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : FRAULA-PC

Version information:
BUILD.DAT       : 14.0.6.570     92022 Bytes   8/15/2014 10:30:00
AVSCAN.EXE      : 14.0.6.548   1046608 Bytes   8/13/2014 01:48:36
AVSCANRC.DLL    : 14.0.6.522     52816 Bytes   8/13/2014 01:48:36
LUKE.DLL        : 14.0.6.522     57936 Bytes   8/13/2014 01:49:02
AVSCPLR.DLL     : 14.0.6.548     92752 Bytes   8/13/2014 01:48:36
AVREG.DLL       : 14.0.6.522    262224 Bytes   8/13/2014 01:48:34
avlode.dll      : 14.0.6.526    603728 Bytes   8/13/2014 01:48:33
avlode.rdf      : 14.0.4.42      65114 Bytes   7/17/2014 10:38:02
XBV00009.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00010.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00011.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00012.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00013.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00014.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00015.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00016.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00017.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00018.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00019.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00020.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00021.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00022.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00023.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00024.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00025.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00026.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00027.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00028.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00029.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00030.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00031.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00032.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00033.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00034.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00035.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00036.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00037.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00038.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:59
XBV00039.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:59
XBV00040.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:59
XBV00041.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:59
XBV00157.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00158.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00159.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00160.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00161.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00162.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00163.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00164.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00165.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00166.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00167.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00168.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00169.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00170.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00171.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00172.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00173.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00174.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00175.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00176.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00177.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00178.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00179.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00180.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00181.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00182.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00183.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00184.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00185.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00186.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00187.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00188.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00189.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00190.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00191.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00192.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00193.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00194.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00195.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00196.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00197.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00198.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00199.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00200.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00201.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00202.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00203.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00204.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00205.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00206.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00207.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00208.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00209.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00210.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00211.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00212.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00213.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00214.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00215.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00216.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00217.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00218.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00219.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00220.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00221.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00222.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00223.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00224.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00225.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00226.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00227.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00228.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00229.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00230.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00231.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00232.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00233.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00234.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00235.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00236.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00237.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00238.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00239.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00240.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00241.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00242.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00243.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00244.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00245.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00246.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00247.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00248.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00249.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00250.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00251.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00252.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00253.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00254.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00255.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 21:13:12
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 21:13:12
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 21:13:12
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 21:13:12
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 21:13:12
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 21:13:12
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 03:35:01
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 03:35:03
XBV00008.VDF    : 8.11.165.192  4251136 Bytes    8/7/2014 10:56:58
XBV00042.VDF    : 8.11.167.234  1073152 Bytes   8/19/2014 16:03:58
XBV00043.VDF    : 8.11.167.236     3584 Bytes   8/19/2014 16:03:58
XBV00044.VDF    : 8.11.167.238    17408 Bytes   8/19/2014 16:03:58
XBV00045.VDF    : 8.11.167.242     7168 Bytes   8/19/2014 16:03:58
XBV00046.VDF    : 8.11.167.248     2048 Bytes   8/19/2014 16:03:58
XBV00047.VDF    : 8.11.168.26    19968 Bytes   8/19/2014 21:59:21
XBV00048.VDF    : 8.11.168.44    10240 Bytes   8/19/2014 23:50:22
XBV00049.VDF    : 8.11.168.60     2048 Bytes   8/19/2014 23:50:23
XBV00050.VDF    : 8.11.168.78    27136 Bytes   8/20/2014 23:50:25
XBV00051.VDF    : 8.11.168.80     2048 Bytes   8/20/2014 23:50:25
XBV00052.VDF    : 8.11.168.98    15360 Bytes   8/20/2014 23:50:25
XBV00053.VDF    : 8.11.168.100     2048 Bytes   8/20/2014 23:50:25
XBV00054.VDF    : 8.11.168.116    28160 Bytes   8/20/2014 23:50:26
XBV00055.VDF    : 8.11.168.118     9216 Bytes   8/20/2014 23:50:26
XBV00056.VDF    : 8.11.168.120     4096 Bytes   8/20/2014 23:50:26
XBV00057.VDF    : 8.11.168.124    12800 Bytes   8/21/2014 23:50:26
XBV00058.VDF    : 8.11.168.126    25088 Bytes   8/21/2014 23:50:26
XBV00059.VDF    : 8.11.168.132    33280 Bytes   8/21/2014 23:50:26
XBV00060.VDF    : 8.11.168.134     2048 Bytes   8/21/2014 23:50:27
XBV00061.VDF    : 8.11.168.138    11776 Bytes   8/21/2014 23:50:27
XBV00062.VDF    : 8.11.168.140     3584 Bytes   8/21/2014 23:50:28
XBV00063.VDF    : 8.11.168.158     3584 Bytes   8/22/2014 11:16:33
XBV00064.VDF    : 8.11.168.174     2048 Bytes   8/22/2014 11:16:33
XBV00065.VDF    : 8.11.168.180     5120 Bytes   8/22/2014 11:16:33
XBV00066.VDF    : 8.11.168.220     7168 Bytes   8/22/2014 11:16:34
XBV00067.VDF    : 8.11.168.222    20480 Bytes   8/22/2014 11:16:34
XBV00068.VDF    : 8.11.168.226    17920 Bytes   8/22/2014 11:16:34
XBV00069.VDF    : 8.11.168.230     8704 Bytes   8/22/2014 11:16:34
XBV00070.VDF    : 8.11.168.234     4608 Bytes   8/23/2014 11:16:34
XBV00071.VDF    : 8.11.168.236     4608 Bytes   8/23/2014 11:16:34
XBV00072.VDF    : 8.11.168.238     4608 Bytes   8/23/2014 16:58:40
XBV00073.VDF    : 8.11.168.240    37376 Bytes   8/23/2014 16:58:40
XBV00074.VDF    : 8.11.168.242     2048 Bytes   8/23/2014 16:58:41
XBV00075.VDF    : 8.11.168.244    38400 Bytes   8/24/2014 15:31:39
XBV00076.VDF    : 8.11.168.246     2048 Bytes   8/24/2014 15:31:39
XBV00077.VDF    : 8.11.168.248    14848 Bytes   8/24/2014 15:31:39
XBV00078.VDF    : 8.11.168.252     2048 Bytes   8/24/2014 15:31:39
XBV00079.VDF    : 8.11.168.254    24576 Bytes   8/24/2014 15:31:39
XBV00080.VDF    : 8.11.169.2      2048 Bytes   8/24/2014 10:25:04
XBV00081.VDF    : 8.11.169.4     22528 Bytes   8/25/2014 10:25:04
XBV00082.VDF    : 8.11.169.20     6656 Bytes   8/25/2014 10:25:04
XBV00083.VDF    : 8.11.169.36     4608 Bytes   8/25/2014 10:25:04
XBV00084.VDF    : 8.11.169.38    11264 Bytes   8/25/2014 10:25:05
XBV00085.VDF    : 8.11.169.40     2048 Bytes   8/25/2014 10:25:05
XBV00086.VDF    : 8.11.169.54     8192 Bytes   8/25/2014 10:25:05
XBV00087.VDF    : 8.11.169.62    28672 Bytes   8/25/2014 10:25:05
XBV00088.VDF    : 8.11.169.66    14336 Bytes   8/25/2014 10:25:05
XBV00089.VDF    : 8.11.169.68     3584 Bytes   8/25/2014 10:25:05
XBV00090.VDF    : 8.11.169.72    15872 Bytes   8/26/2014 10:25:05
XBV00091.VDF    : 8.11.169.74     6144 Bytes   8/26/2014 10:25:05
XBV00092.VDF    : 8.11.169.76    12288 Bytes   8/26/2014 10:25:05
XBV00093.VDF    : 8.11.169.78     5632 Bytes   8/26/2014 10:25:05
XBV00094.VDF    : 8.11.169.80    25088 Bytes   8/26/2014 10:25:05
XBV00095.VDF    : 8.11.169.82     5120 Bytes   8/26/2014 10:25:05
XBV00096.VDF    : 8.11.169.88    24064 Bytes   8/26/2014 10:25:06
XBV00097.VDF    : 8.11.169.90     9216 Bytes   8/26/2014 10:25:06
XBV00098.VDF    : 8.11.169.94    33280 Bytes   8/26/2014 10:25:06
XBV00099.VDF    : 8.11.169.108     7680 Bytes   8/26/2014 10:25:06
XBV00100.VDF    : 8.11.169.122     5120 Bytes   8/26/2014 10:25:06
XBV00101.VDF    : 8.11.169.136     3072 Bytes   8/27/2014 10:25:06
XBV00102.VDF    : 8.11.169.138     8704 Bytes   8/27/2014 10:25:06
XBV00103.VDF    : 8.11.169.140    15872 Bytes   8/27/2014 10:25:06
XBV00104.VDF    : 8.11.169.142    10240 Bytes   8/27/2014 10:25:06
XBV00105.VDF    : 8.11.169.144    17408 Bytes   8/27/2014 10:25:06
XBV00106.VDF    : 8.11.169.148    18944 Bytes   8/27/2014 10:25:06
XBV00107.VDF    : 8.11.169.150     2048 Bytes   8/27/2014 10:25:07
XBV00108.VDF    : 8.11.169.152    14336 Bytes   8/27/2014 10:25:07
XBV00109.VDF    : 8.11.169.154     2048 Bytes   8/27/2014 10:25:07
XBV00110.VDF    : 8.11.169.156     2048 Bytes   8/27/2014 10:25:07
XBV00111.VDF    : 8.11.169.160    11264 Bytes   8/27/2014 10:25:07
XBV00112.VDF    : 8.11.169.164    31744 Bytes   8/28/2014 10:25:07
XBV00113.VDF    : 8.11.169.166    18432 Bytes   8/28/2014 10:25:07
XBV00114.VDF    : 8.11.169.168    10240 Bytes   8/28/2014 10:25:07
XBV00115.VDF    : 8.11.169.186    35328 Bytes   8/28/2014 10:25:07
XBV00116.VDF    : 8.11.169.202     8192 Bytes   8/28/2014 10:25:07
XBV00117.VDF    : 8.11.169.214     2048 Bytes   8/28/2014 10:25:07
XBV00118.VDF    : 8.11.169.216     2048 Bytes   8/28/2014 10:25:08
XBV00119.VDF    : 8.11.169.230    40960 Bytes   8/29/2014 10:25:08
XBV00120.VDF    : 8.11.169.232     8192 Bytes   8/29/2014 10:25:08
XBV00121.VDF    : 8.11.169.238    45056 Bytes   8/29/2014 10:25:08
XBV00122.VDF    : 8.11.169.242     4096 Bytes   8/29/2014 10:25:08
XBV00123.VDF    : 8.11.169.248    52224 Bytes   8/29/2014 10:25:08
XBV00124.VDF    : 8.11.170.12     4096 Bytes   8/29/2014 10:25:08
XBV00125.VDF    : 8.11.170.24     2560 Bytes   8/29/2014 10:25:08
XBV00126.VDF    : 8.11.170.38     5632 Bytes   8/30/2014 10:25:08
XBV00127.VDF    : 8.11.170.40    19456 Bytes   8/30/2014 10:25:08
XBV00128.VDF    : 8.11.170.42    25088 Bytes   8/30/2014 10:25:08
XBV00129.VDF    : 8.11.170.44    69632 Bytes   8/31/2014 10:25:09
XBV00130.VDF    : 8.11.170.48     7168 Bytes   8/31/2014 10:25:09
XBV00131.VDF    : 8.11.170.50     8192 Bytes   8/31/2014 10:25:09
XBV00132.VDF    : 8.11.170.52    19456 Bytes    9/1/2014 10:25:09
XBV00133.VDF    : 8.11.170.64     3072 Bytes    9/1/2014 10:25:09
XBV00134.VDF    : 8.11.170.74     3584 Bytes    9/1/2014 10:25:09
XBV00135.VDF    : 8.11.170.84     8192 Bytes    9/1/2014 10:25:09
XBV00136.VDF    : 8.11.170.90    41472 Bytes    9/1/2014 10:25:09
XBV00137.VDF    : 8.11.170.94     2048 Bytes    9/1/2014 10:25:09
XBV00138.VDF    : 8.11.170.96    29696 Bytes    9/1/2014 10:25:09
XBV00139.VDF    : 8.11.170.100    28160 Bytes    9/1/2014 10:25:09
XBV00140.VDF    : 8.11.170.102    23552 Bytes    9/1/2014 10:25:09
XBV00141.VDF    : 8.11.170.106    13824 Bytes    9/2/2014 10:25:09
XBV00142.VDF    : 8.11.170.116    10752 Bytes    9/2/2014 10:25:09
XBV00143.VDF    : 8.11.170.126     5632 Bytes    9/2/2014 10:25:09
XBV00144.VDF    : 8.11.170.136    13824 Bytes    9/2/2014 10:25:09
XBV00145.VDF    : 8.11.170.140    23040 Bytes    9/2/2014 19:15:47
XBV00146.VDF    : 8.11.170.142     7168 Bytes    9/2/2014 19:15:48
XBV00147.VDF    : 8.11.170.144    16384 Bytes    9/2/2014 19:15:48
XBV00148.VDF    : 8.11.170.148    25600 Bytes    9/2/2014 19:15:48
XBV00149.VDF    : 8.11.170.150    12800 Bytes    9/2/2014 19:15:48
XBV00150.VDF    : 8.11.170.152     5632 Bytes    9/2/2014 19:15:48
XBV00151.VDF    : 8.11.170.158     4608 Bytes    9/3/2014 19:15:48
XBV00152.VDF    : 8.11.170.160     3072 Bytes    9/3/2014 19:15:48
XBV00153.VDF    : 8.11.170.166    25600 Bytes    9/3/2014 19:15:48
XBV00154.VDF    : 8.11.170.168    14848 Bytes    9/3/2014 19:15:48
XBV00155.VDF    : 8.11.170.170     2048 Bytes    9/3/2014 19:15:48
XBV00156.VDF    : 8.11.170.174    18944 Bytes    9/3/2014 19:15:48
LOCAL001.VDF    : 8.11.170.174 110114816 Bytes    9/3/2014 19:17:07
Engine version  : 8.3.24.20
AEVDF.DLL       : 8.3.1.6       133992 Bytes   8/21/2014 23:50:22
AESCRIPT.DLL    : 8.2.0.20      437104 Bytes    9/3/2014 19:15:47
AESCN.DLL       : 8.3.2.2       139456 Bytes   7/21/2014 11:15:41
AESBX.DLL       : 8.2.20.24    1409224 Bytes   5/27/2014 21:13:00
AERDL.DLL       : 8.2.0.138     704888 Bytes   5/27/2014 21:13:00
AEPACK.DLL      : 8.4.0.50      792488 Bytes    8/7/2014 20:26:53
AEOFFICE.DLL    : 8.3.0.20      216104 Bytes   8/14/2014 17:19:37
AEHEUR.DLL      : 8.1.4.1252   7428976 Bytes    9/3/2014 19:15:46
AEHELP.DLL      : 8.3.1.0       278728 Bytes   6/23/2014 03:34:50
AEGEN.DLL       : 8.1.7.28      450752 Bytes   6/23/2014 03:34:49
AEEXP.DLL       : 8.4.2.32      247712 Bytes    9/3/2014 19:15:47
AEEMU.DLL       : 8.1.3.4       399264 Bytes    8/7/2014 20:26:51
AEDROID.DLL     : 8.4.2.24      442568 Bytes   6/23/2014 03:34:52
AECORE.DLL      : 8.3.2.6       243712 Bytes    8/7/2014 20:26:51
AEBB.DLL        : 8.1.2.0        60448 Bytes    8/7/2014 20:26:51
AVWINLL.DLL     : 14.0.6.522     24144 Bytes   8/13/2014 01:48:31
AVPREF.DLL      : 14.0.6.522     50256 Bytes   8/13/2014 01:48:34
AVREP.DLL       : 14.0.6.522    219216 Bytes   8/13/2014 01:48:34
AVARKT.DLL      : 14.0.5.368    226384 Bytes   6/24/2014 09:33:07
AVEVTLOG.DLL    : 14.0.6.522    182352 Bytes   8/13/2014 01:48:33
SQLITE3.DLL     : 14.0.6.522    452176 Bytes   8/13/2014 01:49:05
AVSMTP.DLL      : 14.0.6.522     76368 Bytes   8/13/2014 01:48:36
NETNT.DLL       : 14.0.6.522     13392 Bytes   8/13/2014 01:49:02
RCIMAGE.DLL     : 14.0.6.522   4864080 Bytes   8/13/2014 01:48:31
RCTEXT.DLL      : 14.0.6.558     76536 Bytes    9/2/2014 10:25:00

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_54078556\guard_slideup.avp
Reporting...........................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete

Start of the scan: Wednesday, September 03, 2014  20:56

The scan of running processes will be started:
Scan process 'SearchFilterHost.exe' - '32' Module(s) have been scanned
Scan process 'avscan.exe' - '92' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '33' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '54' Module(s) have been scanned
Scan process 'RacAgent.exe' - '34' Module(s) have been scanned
Scan process 'taskeng.exe' - '24' Module(s) have been scanned
Scan process 'MpSigStub.exe' - '24' Module(s) have been scanned
Scan process 'AM_Delta.exe' - '6' Module(s) have been scanned
Scan process 'wuauclt.exe' - '45' Module(s) have been scanned
Scan process 'ipmGui.exe' - '96' Module(s) have been scanned
Scan process 'WPFFontCache_v0400.exe' - '23' Module(s) have been scanned
Scan process 'dllhost.exe' - '43' Module(s) have been scanned
Scan process 'WG111v3.exe' - '65' Module(s) have been scanned
Scan process 'ehmsas.exe' - '18' Module(s) have been scanned
Scan process 'DLG.exe' - '23' Module(s) have been scanned
Scan process 'VZWUAAgent.exe' - '72' Module(s) have been scanned
Scan process 'ehtray.exe' - '25' Module(s) have been scanned
Scan process 'Avira.OE.Systray.exe' - '127' Module(s) have been scanned
Scan process 'msseces.exe' - '49' Module(s) have been scanned
Scan process 'avgnt.exe' - '103' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '64' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '16' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '24' Module(s) have been scanned
Scan process 'igfxpers.exe' - '19' Module(s) have been scanned
Scan process 'hkcmd.exe' - '22' Module(s) have been scanned
Scan process 'igfxtray.exe' - '23' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '46' Module(s) have been scanned
Scan process 'Explorer.EXE' - '121' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'taskeng.exe' - '86' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'Avira.OE.ServiceHost.exe' - '119' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '66' Module(s) have been scanned
Scan process 'apnmcp.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '121' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'sched.exe' - '59' Module(s) have been scanned
Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '157' Module(s) have been scanned
Scan process 'svchost.exe' - '116' Module(s) have been scanned
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Fraula\AppData\Local\temp\25d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K66RB45L\insidesmartbusiness_com[1].htm'
C:\Users\Fraula\AppData\Local\temp\25d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K66RB45L\insidesmartbusiness_com[1].htm
  [DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus
  [NOTE]      The file was moved to the quarantine directory under the name '51472ff5.qua'!


End of the scan: Wednesday, September 03, 2014  20:57
Used time: 00:42 Minute(s)

The scan has been done completely.

      0 Scanned directories
    617 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
    616 Files not concerned
      3 Archives were scanned
      0 Warnings
      1 Notes
 

---------------------------------------------------------------------------------------------

 


Avira Free Antivirus
Report file date: Wednesday, September 03, 2014  20:58


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows Vista ™ Home Premium
Windows version : (Service Pack 1)  [6.0.6001]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : FRAULA-PC

Version information:
BUILD.DAT       : 14.0.6.570     92022 Bytes   8/15/2014 10:30:00
AVSCAN.EXE      : 14.0.6.548   1046608 Bytes   8/13/2014 01:48:36
AVSCANRC.DLL    : 14.0.6.522     52816 Bytes   8/13/2014 01:48:36
LUKE.DLL        : 14.0.6.522     57936 Bytes   8/13/2014 01:49:02
AVSCPLR.DLL     : 14.0.6.548     92752 Bytes   8/13/2014 01:48:36
AVREG.DLL       : 14.0.6.522    262224 Bytes   8/13/2014 01:48:34
avlode.dll      : 14.0.6.526    603728 Bytes   8/13/2014 01:48:33
avlode.rdf      : 14.0.4.42      65114 Bytes   7/17/2014 10:38:02
XBV00009.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00010.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00011.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00012.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00013.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00014.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00015.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00016.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00017.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00018.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00019.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00020.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00021.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00022.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00023.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00024.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00025.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00026.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00027.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00028.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00029.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00030.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00031.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00032.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00033.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00034.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00035.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00036.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00037.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:58
XBV00038.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:59
XBV00039.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:59
XBV00040.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:59
XBV00041.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 10:56:59
XBV00157.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00158.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00159.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00160.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00161.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00162.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00163.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:02
XBV00164.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00165.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00166.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00167.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00168.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00169.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00170.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00171.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00172.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00173.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00174.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00175.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00176.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00177.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00178.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00179.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00180.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00181.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00182.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00183.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00184.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00185.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00186.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00187.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00188.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:03
XBV00189.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00190.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00191.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00192.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00193.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00194.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00195.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00196.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00197.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00198.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00199.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00200.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00201.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00202.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00203.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00204.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00205.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00206.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00207.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00208.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00209.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00210.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00211.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00212.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00213.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00214.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00215.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00216.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00217.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00218.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00219.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00220.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00221.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00222.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00223.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00224.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:04
XBV00225.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00226.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00227.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00228.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00229.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00230.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00231.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00232.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00233.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00234.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00235.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00236.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00237.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00238.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:05
XBV00239.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00240.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00241.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00242.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00243.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00244.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00245.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00246.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00247.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00248.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00249.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00250.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00251.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00252.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00253.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00254.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00255.VDF    : 8.11.167.234     2048 Bytes   8/19/2014 16:04:06
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 21:13:12
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 21:13:12
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 21:13:12
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 21:13:12
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 21:13:12
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 21:13:12
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 03:35:01
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 03:35:03
XBV00008.VDF    : 8.11.165.192  4251136 Bytes    8/7/2014 10:56:58
XBV00042.VDF    : 8.11.167.234  1073152 Bytes   8/19/2014 16:03:58
XBV00043.VDF    : 8.11.167.236     3584 Bytes   8/19/2014 16:03:58
XBV00044.VDF    : 8.11.167.238    17408 Bytes   8/19/2014 16:03:58
XBV00045.VDF    : 8.11.167.242     7168 Bytes   8/19/2014 16:03:58
XBV00046.VDF    : 8.11.167.248     2048 Bytes   8/19/2014 16:03:58
XBV00047.VDF    : 8.11.168.26    19968 Bytes   8/19/2014 21:59:21
XBV00048.VDF    : 8.11.168.44    10240 Bytes   8/19/2014 23:50:22
XBV00049.VDF    : 8.11.168.60     2048 Bytes   8/19/2014 23:50:23
XBV00050.VDF    : 8.11.168.78    27136 Bytes   8/20/2014 23:50:25
XBV00051.VDF    : 8.11.168.80     2048 Bytes   8/20/2014 23:50:25
XBV00052.VDF    : 8.11.168.98    15360 Bytes   8/20/2014 23:50:25
XBV00053.VDF    : 8.11.168.100     2048 Bytes   8/20/2014 23:50:25
XBV00054.VDF    : 8.11.168.116    28160 Bytes   8/20/2014 23:50:26
XBV00055.VDF    : 8.11.168.118     9216 Bytes   8/20/2014 23:50:26
XBV00056.VDF    : 8.11.168.120     4096 Bytes   8/20/2014 23:50:26
XBV00057.VDF    : 8.11.168.124    12800 Bytes   8/21/2014 23:50:26
XBV00058.VDF    : 8.11.168.126    25088 Bytes   8/21/2014 23:50:26
XBV00059.VDF    : 8.11.168.132    33280 Bytes   8/21/2014 23:50:26
XBV00060.VDF    : 8.11.168.134     2048 Bytes   8/21/2014 23:50:27
XBV00061.VDF    : 8.11.168.138    11776 Bytes   8/21/2014 23:50:27
XBV00062.VDF    : 8.11.168.140     3584 Bytes   8/21/2014 23:50:28
XBV00063.VDF    : 8.11.168.158     3584 Bytes   8/22/2014 11:16:33
XBV00064.VDF    : 8.11.168.174     2048 Bytes   8/22/2014 11:16:33
XBV00065.VDF    : 8.11.168.180     5120 Bytes   8/22/2014 11:16:33
XBV00066.VDF    : 8.11.168.220     7168 Bytes   8/22/2014 11:16:34
XBV00067.VDF    : 8.11.168.222    20480 Bytes   8/22/2014 11:16:34
XBV00068.VDF    : 8.11.168.226    17920 Bytes   8/22/2014 11:16:34
XBV00069.VDF    : 8.11.168.230     8704 Bytes   8/22/2014 11:16:34
XBV00070.VDF    : 8.11.168.234     4608 Bytes   8/23/2014 11:16:34
XBV00071.VDF    : 8.11.168.236     4608 Bytes   8/23/2014 11:16:34
XBV00072.VDF    : 8.11.168.238     4608 Bytes   8/23/2014 16:58:40
XBV00073.VDF    : 8.11.168.240    37376 Bytes   8/23/2014 16:58:40
XBV00074.VDF    : 8.11.168.242     2048 Bytes   8/23/2014 16:58:41
XBV00075.VDF    : 8.11.168.244    38400 Bytes   8/24/2014 15:31:39
XBV00076.VDF    : 8.11.168.246     2048 Bytes   8/24/2014 15:31:39
XBV00077.VDF    : 8.11.168.248    14848 Bytes   8/24/2014 15:31:39
XBV00078.VDF    : 8.11.168.252     2048 Bytes   8/24/2014 15:31:39
XBV00079.VDF    : 8.11.168.254    24576 Bytes   8/24/2014 15:31:39
XBV00080.VDF    : 8.11.169.2      2048 Bytes   8/24/2014 10:25:04
XBV00081.VDF    : 8.11.169.4     22528 Bytes   8/25/2014 10:25:04
XBV00082.VDF    : 8.11.169.20     6656 Bytes   8/25/2014 10:25:04
XBV00083.VDF    : 8.11.169.36     4608 Bytes   8/25/2014 10:25:04
XBV00084.VDF    : 8.11.169.38    11264 Bytes   8/25/2014 10:25:05
XBV00085.VDF    : 8.11.169.40     2048 Bytes   8/25/2014 10:25:05
XBV00086.VDF    : 8.11.169.54     8192 Bytes   8/25/2014 10:25:05
XBV00087.VDF    : 8.11.169.62    28672 Bytes   8/25/2014 10:25:05
XBV00088.VDF    : 8.11.169.66    14336 Bytes   8/25/2014 10:25:05
XBV00089.VDF    : 8.11.169.68     3584 Bytes   8/25/2014 10:25:05
XBV00090.VDF    : 8.11.169.72    15872 Bytes   8/26/2014 10:25:05
XBV00091.VDF    : 8.11.169.74     6144 Bytes   8/26/2014 10:25:05
XBV00092.VDF    : 8.11.169.76    12288 Bytes   8/26/2014 10:25:05
XBV00093.VDF    : 8.11.169.78     5632 Bytes   8/26/2014 10:25:05
XBV00094.VDF    : 8.11.169.80    25088 Bytes   8/26/2014 10:25:05
XBV00095.VDF    : 8.11.169.82     5120 Bytes   8/26/2014 10:25:05
XBV00096.VDF    : 8.11.169.88    24064 Bytes   8/26/2014 10:25:06
XBV00097.VDF    : 8.11.169.90     9216 Bytes   8/26/2014 10:25:06
XBV00098.VDF    : 8.11.169.94    33280 Bytes   8/26/2014 10:25:06
XBV00099.VDF    : 8.11.169.108     7680 Bytes   8/26/2014 10:25:06
XBV00100.VDF    : 8.11.169.122     5120 Bytes   8/26/2014 10:25:06
XBV00101.VDF    : 8.11.169.136     3072 Bytes   8/27/2014 10:25:06
XBV00102.VDF    : 8.11.169.138     8704 Bytes   8/27/2014 10:25:06
XBV00103.VDF    : 8.11.169.140    15872 Bytes   8/27/2014 10:25:06
XBV00104.VDF    : 8.11.169.142    10240 Bytes   8/27/2014 10:25:06
XBV00105.VDF    : 8.11.169.144    17408 Bytes   8/27/2014 10:25:06
XBV00106.VDF    : 8.11.169.148    18944 Bytes   8/27/2014 10:25:06
XBV00107.VDF    : 8.11.169.150     2048 Bytes   8/27/2014 10:25:07
XBV00108.VDF    : 8.11.169.152    14336 Bytes   8/27/2014 10:25:07
XBV00109.VDF    : 8.11.169.154     2048 Bytes   8/27/2014 10:25:07
XBV00110.VDF    : 8.11.169.156     2048 Bytes   8/27/2014 10:25:07
XBV00111.VDF    : 8.11.169.160    11264 Bytes   8/27/2014 10:25:07
XBV00112.VDF    : 8.11.169.164    31744 Bytes   8/28/2014 10:25:07
XBV00113.VDF    : 8.11.169.166    18432 Bytes   8/28/2014 10:25:07
XBV00114.VDF    : 8.11.169.168    10240 Bytes   8/28/2014 10:25:07
XBV00115.VDF    : 8.11.169.186    35328 Bytes   8/28/2014 10:25:07
XBV00116.VDF    : 8.11.169.202     8192 Bytes   8/28/2014 10:25:07
XBV00117.VDF    : 8.11.169.214     2048 Bytes   8/28/2014 10:25:07
XBV00118.VDF    : 8.11.169.216     2048 Bytes   8/28/2014 10:25:08
XBV00119.VDF    : 8.11.169.230    40960 Bytes   8/29/2014 10:25:08
XBV00120.VDF    : 8.11.169.232     8192 Bytes   8/29/2014 10:25:08
XBV00121.VDF    : 8.11.169.238    45056 Bytes   8/29/2014 10:25:08
XBV00122.VDF    : 8.11.169.242     4096 Bytes   8/29/2014 10:25:08
XBV00123.VDF    : 8.11.169.248    52224 Bytes   8/29/2014 10:25:08
XBV00124.VDF    : 8.11.170.12     4096 Bytes   8/29/2014 10:25:08
XBV00125.VDF    : 8.11.170.24     2560 Bytes   8/29/2014 10:25:08
XBV00126.VDF    : 8.11.170.38     5632 Bytes   8/30/2014 10:25:08
XBV00127.VDF    : 8.11.170.40    19456 Bytes   8/30/2014 10:25:08
XBV00128.VDF    : 8.11.170.42    25088 Bytes   8/30/2014 10:25:08
XBV00129.VDF    : 8.11.170.44    69632 Bytes   8/31/2014 10:25:09
XBV00130.VDF    : 8.11.170.48     7168 Bytes   8/31/2014 10:25:09
XBV00131.VDF    : 8.11.170.50     8192 Bytes   8/31/2014 10:25:09
XBV00132.VDF    : 8.11.170.52    19456 Bytes    9/1/2014 10:25:09
XBV00133.VDF    : 8.11.170.64     3072 Bytes    9/1/2014 10:25:09
XBV00134.VDF    : 8.11.170.74     3584 Bytes    9/1/2014 10:25:09
XBV00135.VDF    : 8.11.170.84     8192 Bytes    9/1/2014 10:25:09
XBV00136.VDF    : 8.11.170.90    41472 Bytes    9/1/2014 10:25:09
XBV00137.VDF    : 8.11.170.94     2048 Bytes    9/1/2014 10:25:09
XBV00138.VDF    : 8.11.170.96    29696 Bytes    9/1/2014 10:25:09
XBV00139.VDF    : 8.11.170.100    28160 Bytes    9/1/2014 10:25:09
XBV00140.VDF    : 8.11.170.102    23552 Bytes    9/1/2014 10:25:09
XBV00141.VDF    : 8.11.170.106    13824 Bytes    9/2/2014 10:25:09
XBV00142.VDF    : 8.11.170.116    10752 Bytes    9/2/2014 10:25:09
XBV00143.VDF    : 8.11.170.126     5632 Bytes    9/2/2014 10:25:09
XBV00144.VDF    : 8.11.170.136    13824 Bytes    9/2/2014 10:25:09
XBV00145.VDF    : 8.11.170.140    23040 Bytes    9/2/2014 19:15:47
XBV00146.VDF    : 8.11.170.142     7168 Bytes    9/2/2014 19:15:48
XBV00147.VDF    : 8.11.170.144    16384 Bytes    9/2/2014 19:15:48
XBV00148.VDF    : 8.11.170.148    25600 Bytes    9/2/2014 19:15:48
XBV00149.VDF    : 8.11.170.150    12800 Bytes    9/2/2014 19:15:48
XBV00150.VDF    : 8.11.170.152     5632 Bytes    9/2/2014 19:15:48
XBV00151.VDF    : 8.11.170.158     4608 Bytes    9/3/2014 19:15:48
XBV00152.VDF    : 8.11.170.160     3072 Bytes    9/3/2014 19:15:48
XBV00153.VDF    : 8.11.170.166    25600 Bytes    9/3/2014 19:15:48
XBV00154.VDF    : 8.11.170.168    14848 Bytes    9/3/2014 19:15:48
XBV00155.VDF    : 8.11.170.170     2048 Bytes    9/3/2014 19:15:48
XBV00156.VDF    : 8.11.170.174    18944 Bytes    9/3/2014 19:15:48
LOCAL001.VDF    : 8.11.170.174 110114816 Bytes    9/3/2014 19:17:07
Engine version  : 8.3.24.20
AEVDF.DLL       : 8.3.1.6       133992 Bytes   8/21/2014 23:50:22
AESCRIPT.DLL    : 8.2.0.20      437104 Bytes    9/3/2014 19:15:47
AESCN.DLL       : 8.3.2.2       139456 Bytes   7/21/2014 11:15:41
AESBX.DLL       : 8.2.20.24    1409224 Bytes   5/27/2014 21:13:00
AERDL.DLL       : 8.2.0.138     704888 Bytes   5/27/2014 21:13:00
AEPACK.DLL      : 8.4.0.50      792488 Bytes    8/7/2014 20:26:53
AEOFFICE.DLL    : 8.3.0.20      216104 Bytes   8/14/2014 17:19:37
AEHEUR.DLL      : 8.1.4.1252   7428976 Bytes    9/3/2014 19:15:46
AEHELP.DLL      : 8.3.1.0       278728 Bytes   6/23/2014 03:34:50
AEGEN.DLL       : 8.1.7.28      450752 Bytes   6/23/2014 03:34:49
AEEXP.DLL       : 8.4.2.32      247712 Bytes    9/3/2014 19:15:47
AEEMU.DLL       : 8.1.3.4       399264 Bytes    8/7/2014 20:26:51
AEDROID.DLL     : 8.4.2.24      442568 Bytes   6/23/2014 03:34:52
AECORE.DLL      : 8.3.2.6       243712 Bytes    8/7/2014 20:26:51
AEBB.DLL        : 8.1.2.0        60448 Bytes    8/7/2014 20:26:51
AVWINLL.DLL     : 14.0.6.522     24144 Bytes   8/13/2014 01:48:31
AVPREF.DLL      : 14.0.6.522     50256 Bytes   8/13/2014 01:48:34
AVREP.DLL       : 14.0.6.522    219216 Bytes   8/13/2014 01:48:34
AVARKT.DLL      : 14.0.5.368    226384 Bytes   6/24/2014 09:33:07
AVEVTLOG.DLL    : 14.0.6.522    182352 Bytes   8/13/2014 01:48:33
SQLITE3.DLL     : 14.0.6.522    452176 Bytes   8/13/2014 01:49:05
AVSMTP.DLL      : 14.0.6.522     76368 Bytes   8/13/2014 01:48:36
NETNT.DLL       : 14.0.6.522     13392 Bytes   8/13/2014 01:49:02
RCIMAGE.DLL     : 14.0.6.522   4864080 Bytes   8/13/2014 01:48:31
RCTEXT.DLL      : 14.0.6.558     76536 Bytes    9/2/2014 10:25:00

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_54078556\guard_slideup.avp
Reporting...........................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete

Start of the scan: Wednesday, September 03, 2014  20:58

The scan of running processes will be started:
Scan process 'avscan.exe' - '92' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '33' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '53' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '44' Module(s) have been scanned
Scan process 'taskeng.exe' - '24' Module(s) have been scanned
Scan process 'MpSigStub.exe' - '24' Module(s) have been scanned
Scan process 'AM_Delta.exe' - '6' Module(s) have been scanned
Scan process 'wuauclt.exe' - '45' Module(s) have been scanned
Scan process 'ipmGui.exe' - '96' Module(s) have been scanned
Scan process 'WPFFontCache_v0400.exe' - '23' Module(s) have been scanned
Scan process 'dllhost.exe' - '43' Module(s) have been scanned
Scan process 'WG111v3.exe' - '65' Module(s) have been scanned
Scan process 'ehmsas.exe' - '18' Module(s) have been scanned
Scan process 'DLG.exe' - '23' Module(s) have been scanned
Scan process 'VZWUAAgent.exe' - '72' Module(s) have been scanned
Scan process 'ehtray.exe' - '25' Module(s) have been scanned
Scan process 'Avira.OE.Systray.exe' - '127' Module(s) have been scanned
Scan process 'msseces.exe' - '49' Module(s) have been scanned
Scan process 'avgnt.exe' - '103' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '64' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '16' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '24' Module(s) have been scanned
Scan process 'igfxpers.exe' - '19' Module(s) have been scanned
Scan process 'hkcmd.exe' - '22' Module(s) have been scanned
Scan process 'igfxtray.exe' - '23' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '46' Module(s) have been scanned
Scan process 'Explorer.EXE' - '121' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'taskeng.exe' - '86' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'Avira.OE.ServiceHost.exe' - '119' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '66' Module(s) have been scanned
Scan process 'apnmcp.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '121' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'sched.exe' - '59' Module(s) have been scanned
Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '157' Module(s) have been scanned
Scan process 'svchost.exe' - '116' Module(s) have been scanned
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Fraula\AppData\Local\temp\25d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K66RB45L\tech[1].htm'
C:\Users\Fraula\AppData\Local\temp\25d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K66RB45L\tech[1].htm
  [DETECTION] Contains recognition pattern of the HTML/Rce.Gen3 HTML script virus
  [NOTE]      The file was moved to the quarantine directory under the name '501d29b0.qua'!


End of the scan: Wednesday, September 03, 2014  20:59
Used time: 00:09 Minute(s)

The scan has been done completely.

      0 Scanned directories
    617 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
    616 Files not concerned
      3 Archives were scanned
      0 Warnings
      1 Notes
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users