Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with check.exe and construtor.exe


  • Please log in to reply
7 replies to this topic

#1 nego191

nego191

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 26 July 2015 - 12:47 PM

Hi,

 

 

Yesterday I got infected with check.exe, construtor.exe and a bunch of adware programs that came along with these threats. I ran malwarebytes fast scan and got 350 results (!!!), removed all of then, but both executables persist, along with program "Calendar Tool".

 

However I can't play songs anymore (Winamp, media player...). System sounds still work though

 

Below are the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Marcos (administrator) on MARCOS-PC (26-07-2015 14:38:45)
Running from C:\Users\Marcos\Downloads
Loaded Profiles: Marcos (Available Profiles: Marcos)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Checker\check.exe
() C:\Users\Marcos\AppData\Local\Construtorde\construtor.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Marcos\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-03-10] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2013-02-18] (Banco Itaú Unibanco)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-06-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-06-17] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50828;https=127.0.0.1:50828
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1438545249-339806314-3607663721-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1438545249-339806314-3607663721-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1438545249-339806314-3607663721-1002 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-03-10] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2013-02-18] (Banco Itaú Unibanco)
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1364304 2013-02-18] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1864576 2015-03-10] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{419C90FF-B205-4320-B83F-E78B5F27BFC1}: [DhcpNameServer] 192.168.43.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default
FF SelectedSearchEngine: oursurfing
FF Homepage: www.google.com.br
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-22] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-22] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1438545249-339806314-3607663721-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Marcos\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-1438545249-339806314-3607663721-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1438545249-339806314-3607663721-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Marcos\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1438545249-339806314-3607663721-1002: gastecnologia.com.br/sf/bb -> C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1438545249-339806314-3607663721-1002: gastecnologia.com.br/sf/bb64 -> C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-03-06] (GAS Tecnologia)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-05-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-05-16]
FF Extension: deskCut - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\Extensions\1437877266_xpi [2015-07-25]
FF Extension: United States English Spellchecker - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\Extensions\en-US@dictionaries.addons.mozilla.org [2015-03-26]
FF Extension: Adblock Plus - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-22]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1438545249-339806314-3607663721-1002\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-07-11]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]
CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1128840 2015-07-08] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 Bluetooth Device Monitor; c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
R2 Checker; C:\Program Files\Checker\check.exe [376832 2015-07-20] () [File not signed]
R2 EJKD14; C:\Users\Marcos\AppData\Local\Construtorde\construtor.exe [33280 2015-07-25] () [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [565560 2015-01-20] (GAS Tecnologia)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-03] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-11] ()
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe [133256 2015-06-17] ()
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [847160 2014-09-06] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-06-26] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-06-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-14] (Duplex Secure Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
U3 aep9i8w3; C:\Windows\System32\Drivers\aep9i8w3.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 ALSysIO; \??\C:\Users\Marcos\AppData\Local\Temp\ALSysIO64.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 mdf16; \??\C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [X]
S3 mvd23; \??\C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-26 14:37 - 2015-07-26 14:37 - 02146816 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64 (1).exe
2015-07-26 14:11 - 2015-07-26 14:11 - 00178000 _____ C:\Users\Marcos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-26 14:09 - 2015-07-26 14:10 - 05181296 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-26 14:09 - 2015-07-26 14:10 - 00000168 _____ C:\Windows\setupact.log
2015-07-26 14:09 - 2015-07-26 14:09 - 00000350 _____ C:\Windows\PFRO.log
2015-07-26 14:09 - 2015-07-26 14:09 - 00000000 _____ C:\Windows\setuperr.log
2015-07-26 00:34 - 2015-07-26 14:39 - 00021484 _____ C:\Users\Marcos\Downloads\FRST.txt
2015-07-26 00:34 - 2015-07-26 14:38 - 00000000 ____D C:\FRST
2015-07-26 00:34 - 2015-07-26 00:34 - 00022045 _____ C:\Users\Marcos\Downloads\Addition.txt
2015-07-26 00:33 - 2015-07-26 00:33 - 00001705 _____ C:\Users\Marcos\Downloads\FSS.txt
2015-07-26 00:31 - 2015-07-26 00:31 - 00000512 _____ C:\Users\Marcos\Downloads\Dump_Hdd0_DR0.mbr
2015-07-25 23:21 - 2015-07-25 23:26 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-07-25 23:21 - 2015-07-25 23:21 - 00000008 _____ C:\END
2015-07-25 23:21 - 2013-05-25 19:28 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-25 23:20 - 2015-07-26 00:18 - 00000000 ____D C:\Users\Marcos\AppData\Local\Construtorde
2015-07-25 23:20 - 2015-07-26 00:17 - 00000000 ____D C:\Program Files\Checker
2015-07-25 23:20 - 2015-07-25 23:47 - 00000622 _____ C:\Windows\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job
2015-07-25 23:20 - 2015-07-25 23:35 - 00003630 _____ C:\Windows\System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}
2015-07-25 23:20 - 2015-07-25 23:20 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2015-07-25 23:20 - 2015-07-25 23:20 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-07-25 23:20 - 2015-07-25 23:20 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-07-25 23:20 - 2015-07-25 23:20 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\CalendarTool
2015-07-25 23:20 - 2015-07-25 23:20 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-25 23:20 - 2015-07-25 23:20 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-07-25 23:09 - 2015-07-25 23:47 - 00000334 _____ C:\Windows\Tasks\LightningDisk.job
2015-07-25 23:09 - 2015-07-25 23:36 - 00003260 _____ C:\Windows\System32\Tasks\LightningDisk
2015-07-25 09:22 - 2015-07-25 09:22 - 00000000 ____D C:\Users\Marcos\Desktop\iGO
2015-07-24 16:02 - 2015-07-24 16:07 - 00000000 ____D C:\Users\Marcos\Documents\Diversos
2015-07-23 15:57 - 2015-07-23 15:57 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Steam
2015-07-23 15:42 - 2015-07-23 15:42 - 00000976 _____ C:\Users\Marcos\Desktop\DiRT Rally.lnk
2015-07-23 15:42 - 2015-07-23 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiRT Rally
2015-07-23 15:29 - 2015-07-23 15:56 - 00000000 ____D C:\Program Files (x86)\DiRT Rally
2015-07-23 11:09 - 2015-07-25 23:40 - 00000000 ____D C:\Users\Marcos\Downloads\iso
2015-07-22 15:07 - 2015-07-22 15:07 - 00000000 ____D C:\Users\Marcos\AppData\Local\CEF
2015-07-22 15:00 - 2015-07-03 01:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-22 15:00 - 2015-07-03 01:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-22 14:53 - 2015-07-23 20:10 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 14:53 - 2015-07-23 16:48 - 00003842 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-21 19:19 - 2015-07-21 19:19 - 00000000 ____D C:\Users\Marcos\Documents\Autodesk Application Manager
2015-07-21 19:18 - 2015-07-21 19:18 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-07-21 19:15 - 2015-07-21 19:15 - 00000000 ____D C:\Program Files (x86)\Autodesk
2015-07-21 19:14 - 2015-07-21 19:14 - 00001813 _____ C:\Users\Public\Desktop\AutoCAD 2016 - English.lnk
2015-07-21 19:14 - 2015-07-21 19:14 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2015-07-21 19:12 - 2015-07-21 19:12 - 00000000 ____D C:\Users\Marcos\Documents\Inventor Server SDK ACAD 2016
2015-07-21 18:56 - 2015-07-21 19:08 - 00000000 ____D C:\Program Files\Autodesk
2015-07-21 18:53 - 2015-07-21 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-07-21 18:41 - 2015-07-21 18:49 - 16878352 _____ C:\Users\Marcos\Downloads\AutoCAD_2016_English_Win_32_64bit_Trial_wi_en-us_Setup.exe
2015-07-21 18:41 - 2015-07-21 18:42 - 00000000 ____D C:\Users\Marcos\AppData\Local\Akamai
2015-07-21 18:40 - 2015-07-21 18:40 - 00337808 _____ (Autodesk Inc.) C:\Users\Marcos\Downloads\AutoCAD_2016_English_Win_32_64bit_Trial_wi_en-us_Setup_webinstall.exe
2015-07-16 20:37 - 2015-07-16 20:37 - 00024064 _____ C:\Users\Marcos\Downloads\PIQUINEZ 14-07-2015.xls
2015-07-14 00:20 - 2015-07-14 00:20 - 00246216 _____ (Microsoft Corporation) C:\Users\Marcos\Downloads\dxcpl.exe
2015-07-14 00:15 - 2015-07-14 00:15 - 01809704 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Marcos\Downloads\GPU-Z.0.8.4.exe
2015-07-14 00:09 - 2015-07-14 00:25 - 00000000 ____D C:\Users\Marcos\Documents\FIFA 15
2015-07-14 00:05 - 2015-07-14 00:05 - 00053405 _____ C:\Users\Marcos\Documents\VideoCards1.txt
2015-07-13 23:52 - 2015-07-25 23:47 - 00000334 _____ C:\Windows\Tasks\DirectSpeech.job
2015-07-13 23:52 - 2015-07-25 23:37 - 00003260 _____ C:\Windows\System32\Tasks\DirectSpeech
2015-07-13 17:42 - 2015-07-13 17:44 - 00000000 ____D C:\Users\Marcos\Documents\FIFA 14
2015-07-11 20:56 - 2015-07-11 20:57 - 00001024 _____ C:\.rnd
2015-07-11 20:56 - 2015-07-11 20:56 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2015-07-11 20:56 - 2015-07-11 20:56 - 00000000 ___HD C:\Program Files (x86)\Diebold
2015-07-11 20:56 - 2015-07-11 20:56 - 00000000 ____D C:\Program Files\Diebold
2015-07-11 20:54 - 2015-07-24 18:31 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2015-07-11 20:54 - 2015-07-24 18:31 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2015-07-11 20:54 - 2015-07-11 20:57 - 00003421 _____ C:\Users\Marcos\Downloads\Diagnóstico BB.log
2015-07-11 20:54 - 2015-07-11 20:55 - 00018376 _____ C:\Users\Marcos\AppData\Roaming\unins000.dat
2015-07-11 20:54 - 2015-07-11 20:54 - 02482048 _____ (Banco do Brasil SA) C:\Users\Marcos\Downloads\DiagnosticoBB.exe
2015-07-11 20:54 - 2015-07-11 20:54 - 00815826 _____ C:\Users\Marcos\AppData\Roaming\unins000.exe
2015-07-11 20:54 - 2015-07-11 20:54 - 00000000 ____D C:\Users\Marcos\AppData\Local\GAS Tecnologia
2015-07-11 20:13 - 2015-07-11 20:14 - 00000000 ____D C:\Users\Marcos\Documents\Battlefield 3
2015-07-04 23:36 - 2015-07-25 23:56 - 00003090 _____ C:\Windows\System32\Tasks\{21BF226E-026F-44D7-86D2-A86F2C1189F5}
2015-07-03 22:00 - 2015-07-03 22:00 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-03 02:58 - 2015-07-25 23:37 - 00003470 _____ C:\Windows\System32\Tasks\{1FDE2E93-6045-4C41-98B7-B4BB139744F5}
2015-07-03 02:58 - 2015-07-03 02:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio
2015-07-03 02:42 - 2015-07-03 02:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-06-28 00:47 - 2015-06-28 00:47 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-06-28 00:47 - 2015-06-28 00:47 - 00000000 ____D C:\Windows\system32\NV
2015-06-28 00:47 - 2015-06-17 03:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-28 00:44 - 2015-06-17 06:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-28 00:44 - 2015-06-17 06:10 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 00299664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2015-06-28 00:44 - 2015-06-17 06:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-28 00:44 - 2015-06-17 06:10 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-06-27 17:55 - 2015-06-27 17:55 - 01640768 _____ C:\Users\Marcos\Downloads\battlelog-web-plugins_2.7.1_162.exe
2015-06-27 16:41 - 2015-06-29 13:21 - 00000000 ____D C:\Users\Marcos\Downloads\madden
2015-06-26 22:54 - 2015-07-14 01:49 - 00000000 ____D C:\Users\Marcos\Documents\Madden NFL 08
2015-06-26 22:52 - 2015-06-26 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports
2015-06-26 22:51 - 2015-06-26 22:51 - 00000000 ____D C:\Program Files (x86)\EA Sports
2015-06-26 22:45 - 2015-06-26 22:47 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2015-06-26 22:45 - 2015-06-26 22:45 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-26 14:19 - 2011-10-26 19:55 - 01894286 _____ C:\Windows\WindowsUpdate.log
2015-07-26 14:18 - 2009-07-14 01:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-26 14:18 - 2009-07-14 01:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-26 14:10 - 2015-05-16 16:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-26 14:10 - 2013-03-13 20:26 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-07-26 14:10 - 2012-01-10 10:31 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-26 14:09 - 2013-05-25 19:28 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\SysWOW64\Drivers\gbpndisrd.sys
2015-07-26 14:09 - 2013-05-25 19:28 - 00010266 _____ C:\Windows\SysWOW64\Drivers\ndisrd.cat
2015-07-26 14:09 - 2013-05-25 19:28 - 00001402 _____ C:\Windows\SysWOW64\Drivers\gas.cer
2015-07-26 14:09 - 2011-10-26 19:54 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2015-07-26 14:09 - 2011-10-26 19:54 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-26 14:09 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 00:32 - 2013-11-08 19:35 - 00012420 _____ C:\Users\Marcos\Downloads\hijackthis.log
2015-07-26 00:19 - 2011-12-13 17:22 - 00000000 ____D C:\Users\Marcos\Documents\Backup Registros
2015-07-25 23:57 - 2015-05-16 14:51 - 00003298 _____ C:\Windows\System32\Tasks\{FDE09AD0-E8CF-496A-859A-2726B0981DAE}
2015-07-25 23:56 - 2012-02-17 18:04 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002UA.job
2015-07-25 23:45 - 2011-12-08 15:43 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-07-25 23:37 - 2012-03-24 23:50 - 00003038 _____ C:\Windows\System32\Tasks\{D7807652-85D1-4CD8-AF48-C2B083F07717}
2015-07-25 23:37 - 2011-12-15 13:40 - 00003042 _____ C:\Windows\System32\Tasks\{96D411C2-3739-4D4C-8C53-A7A2097EC04E}
2015-07-25 23:36 - 2015-05-18 22:01 - 00003136 _____ C:\Windows\System32\Tasks\{3903386B-0DAF-4BB7-995E-4C987E93331F}
2015-07-25 23:36 - 2012-04-16 15:27 - 00003000 _____ C:\Windows\System32\Tasks\{2EA13EAB-8382-43A2-9AFA-099592A53AFF}
2015-07-25 23:36 - 2011-12-25 20:50 - 00002992 _____ C:\Windows\System32\Tasks\{4C51C2B9-89E9-4B69-BEB9-D0386F556BA1}
2015-07-25 23:35 - 2012-04-16 15:29 - 00003000 _____ C:\Windows\System32\Tasks\{AC601E81-840D-49E9-82E6-D076EE824445}
2015-07-25 23:35 - 2012-04-16 15:27 - 00003000 _____ C:\Windows\System32\Tasks\{F3AF71A4-3CEF-4E9D-9347-42BB0B7D7365}
2015-07-25 23:35 - 2012-04-16 15:27 - 00003000 _____ C:\Windows\System32\Tasks\{BA69FBCA-592C-42A6-9139-F10015D2144A}
2015-07-25 23:35 - 2011-12-25 20:54 - 00002992 _____ C:\Windows\System32\Tasks\{ECB562DB-18F8-4DA4-8824-5591E5A3292D}
2015-07-25 23:35 - 2011-12-25 20:52 - 00002992 _____ C:\Windows\System32\Tasks\{EB1C56EC-D37B-4302-A51C-D78598626176}
2015-07-25 23:29 - 2015-05-16 20:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-25 23:29 - 2013-12-26 22:51 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\uTorrent
2015-07-25 23:29 - 2013-02-14 07:22 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\DAEMON Tools Pro
2015-07-25 23:29 - 2012-01-11 00:27 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Media Player Classic
2015-07-25 23:20 - 2015-05-16 19:30 - 00001665 _____ C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-25 23:20 - 2012-02-11 22:52 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-25 11:22 - 2010-11-21 06:37 - 00706134 _____ C:\Windows\system32\prfh0416.dat
2015-07-25 11:22 - 2010-11-21 06:37 - 00147922 _____ C:\Windows\system32\prfc0416.dat
2015-07-25 11:22 - 2009-07-14 02:13 - 01636198 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-24 20:56 - 2012-02-17 18:04 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002Core.job
2015-07-24 16:01 - 2011-12-13 17:00 - 00000000 ____D C:\Users\Marcos\Desktop\Stuff
2015-07-23 16:48 - 2013-05-21 17:04 - 00003202 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-07-23 15:57 - 2015-01-05 21:59 - 00000000 ____D C:\Users\Marcos\Documents\My Games
2015-07-23 15:57 - 2014-06-25 21:35 - 00000000 ____D C:\Users\Todos os Usuários\Codemasters
2015-07-23 15:57 - 2014-06-25 21:35 - 00000000 ____D C:\ProgramData\Codemasters
2015-07-23 15:27 - 2014-09-14 14:29 - 00000000 ____D C:\Users\Marcos\Desktop\SwB
2015-07-23 15:01 - 2015-05-16 16:22 - 00237056 ___SH C:\Users\Marcos\Desktop\Thumbs.db
2015-07-22 17:11 - 2013-04-28 19:17 - 00000000 ____D C:\Users\Marcos\AppData\Local\CrashDumps
2015-07-22 17:11 - 2012-06-04 12:54 - 00000000 ___DC C:\Users\Marcos\AppData\Local\MigWiz
2015-07-22 17:11 - 2012-01-17 19:57 - 00000000 ____D C:\Windows\Minidump
2015-07-22 17:11 - 2011-02-12 13:12 - 00000000 ____D C:\Windows\panther
2015-07-22 15:25 - 2015-04-13 22:00 - 00000080 _____ C:\Users\Marcos\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-07-22 15:25 - 2012-04-02 16:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-22 15:25 - 2011-10-26 20:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-22 15:01 - 2015-05-16 15:57 - 00001339 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-22 15:01 - 2011-10-26 19:54 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2015-07-22 15:01 - 2011-10-26 19:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-22 14:56 - 2011-12-07 14:33 - 00000000 ____D C:\Users\Marcos\AppData\Local\Adobe
2015-07-21 19:43 - 2012-11-27 09:10 - 00000000 ____D C:\Users\Marcos\AppData\Local\Autodesk
2015-07-21 19:40 - 2012-11-27 09:10 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk
2015-07-21 19:40 - 2012-11-27 09:10 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Autodesk
2015-07-21 19:40 - 2012-11-27 09:10 - 00000000 ____D C:\ProgramData\Autodesk
2015-07-21 19:40 - 2012-04-10 17:58 - 00000000 ____D C:\Users\Todos os Usuários\FLEXnet
2015-07-21 19:40 - 2012-04-10 17:58 - 00000000 ____D C:\ProgramData\FLEXnet
2015-07-21 19:17 - 2013-12-08 21:05 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2015-07-21 19:17 - 2013-12-08 21:05 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-21 19:16 - 2014-05-18 19:38 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-07-21 19:08 - 2014-05-18 19:31 - 00000000 ____D C:\Autodesk
2015-07-17 22:17 - 2013-03-13 20:53 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Skype
2015-07-16 16:36 - 2012-06-15 09:17 - 00348856 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-07-16 16:36 - 2012-06-11 15:53 - 00348856 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-07-16 16:36 - 2012-06-09 15:24 - 00291296 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-07-16 16:02 - 2012-11-20 11:41 - 00000000 ____D C:\Users\Todos os Usuários\Origin
2015-07-16 16:02 - 2012-11-20 11:41 - 00000000 ____D C:\ProgramData\Origin
2015-07-15 20:51 - 2012-02-17 18:04 - 00004054 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002UA
2015-07-15 20:51 - 2012-02-17 18:04 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002Core
2015-07-14 16:06 - 2015-05-16 15:56 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-07-14 16:06 - 2015-05-16 15:56 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-07-14 16:05 - 2015-05-16 15:56 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-07-14 16:05 - 2015-05-16 15:56 - 01710056 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-07-14 00:42 - 2012-04-13 10:12 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-14 00:01 - 2013-04-12 10:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-14 00:00 - 2012-02-10 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-11 20:57 - 2015-05-07 20:56 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2015-07-11 20:57 - 2015-05-07 20:56 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-11 20:57 - 2011-10-26 20:25 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2015-07-11 20:57 - 2011-10-26 20:25 - 00000000 ____D C:\ProgramData\Temp
2015-07-11 20:55 - 2013-03-13 20:26 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-07-11 20:55 - 2013-03-13 20:26 - 00000000 ____D C:\ProgramData\GbPlugin
2015-07-11 20:18 - 2012-06-15 09:17 - 00076152 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-07-09 23:04 - 2014-08-25 22:49 - 00000000 ____D C:\Users\Marcos\Desktop\PIBIC
2015-07-09 03:40 - 2015-05-04 22:10 - 00000000 ____D C:\Users\Marcos\Documents\Rockstar Games
2015-07-09 03:39 - 2015-05-16 20:46 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-07-09 03:39 - 2015-05-16 20:45 - 00000000 ____D C:\Program Files\Rockstar Games
2015-07-09 00:18 - 2013-04-21 10:49 - 00000000 ___RD C:\Users\Marcos\Desktop\Engenharia Civil
2015-07-05 16:24 - 2015-02-22 22:23 - 00000000 ____D C:\Users\Marcos\Desktop\CsF
2015-07-04 23:36 - 2011-10-26 20:22 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-07-04 23:36 - 2011-10-26 20:22 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 21:16 - 2012-06-09 13:58 - 00000000 ____D C:\Users\Marcos\Documents\BFBC2
2015-07-03 19:15 - 2012-11-20 11:41 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-03 01:28 - 2015-05-16 15:49 - 00069992 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-07-02 12:14 - 2011-12-07 14:49 - 00000000 ____D C:\Users\Marcos\Documents\Meus arquivos recebidos
2015-07-01 10:54 - 2015-05-16 16:21 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-01 10:54 - 2015-05-16 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-01 10:54 - 2014-05-04 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-28 00:52 - 2012-03-27 20:13 - 00007826 _____ C:\Users\Todos os Usuários\hpzinstall.log
2015-06-28 00:52 - 2012-03-27 20:13 - 00007826 _____ C:\ProgramData\hpzinstall.log
2015-06-28 00:51 - 2015-06-15 15:31 - 00000000 ____D C:\Users\Marcos\AppData\Local\Citrix
2015-06-28 00:47 - 2013-03-18 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-28 00:47 - 2011-10-26 20:22 - 00000000 ____D C:\Temp
2015-06-28 00:47 - 2011-10-26 19:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-27 17:55 - 2013-12-08 21:06 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-27 17:54 - 2013-11-28 16:58 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-26 22:48 - 2013-02-14 07:21 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Pro
2015-06-26 22:48 - 2013-02-14 07:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
 
==================== Files in the root of some directories =======
 
2014-05-04 22:49 - 2014-05-04 22:49 - 0000089 _____ () C:\Users\Marcos\AppData\Roaming\mbam.context.scan
2015-07-11 20:54 - 2015-07-11 20:55 - 0018376 _____ () C:\Users\Marcos\AppData\Roaming\unins000.dat
2015-07-11 20:54 - 2015-07-11 20:54 - 0815826 _____ () C:\Users\Marcos\AppData\Roaming\unins000.exe
2011-12-07 14:10 - 2015-06-14 11:12 - 0015872 _____ () C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-14 13:25 - 2014-06-17 15:04 - 0007623 _____ () C:\Users\Marcos\AppData\Local\Resmon.ResmonCfg
2013-12-20 18:28 - 2013-12-20 18:30 - 0024272 _____ () C:\Users\Marcos\AppData\Local\WiDiSetupLog.20131220.192846.txt
2012-03-27 20:13 - 2015-06-28 00:52 - 0007826 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 12:10
 
==================== End of log ============================
 
Addition attached. Thanks for the help.

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:46 PM

Posted 29 July 2015 - 03:09 PM

Hi nego191

Before we get to work, can you confirm if you set this proxy yourself.
 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50828;https=127.0.0.1:50828

If not I'll add a reset to the fix.

I ran malwarebytes fast scan and got 350 results (!!!), removed all of then,

Could you please post the MBAM report in your next reply.

Restart MBAM
  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.

    mbamlog_zpsa7413aad.png
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
Thanks

Edited by Starbuck, 29 July 2015 - 03:14 PM.

BBPP6nz.png


#3 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 July 2015 - 10:49 PM

I have not set up the proxy you described before. How can I disable it?

 

 

On the other hand, Malwarebytes was able to put both check and construtor on quarentine.

 

Below is the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 25/07/2015
Scan Time: 23:21
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.25.04
Rootkit Database: v2015.07.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marcos
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413686
Time Elapsed: 23 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
 
Processes: 15
Adware.Bundle, C:\Users\Marcos\AppData\Local\Temp\moxcli.exe, 1240, Delete-on-Reboot, [0bed8c59296152e4cc6d7e775ba5aa56]
PUP.Optional.Outbrowse, C:\Users\Marcos\AppData\Local\Temp\Vlc media player.exe, 2252, Delete-on-Reboot, [43b593520585d75f6f50adc33ec7b64a]
PUP.Optional.Outbrowse, C:\Users\Marcos\AppData\Local\Temp\bedhcifheb.exe, 3480, Delete-on-Reboot, [827632b36f1b3afc2c935020fa0bc937]
PUP.Optional.OurSeaching.A, C:\Users\Marcos\AppData\Local\Temp\81437877180\0QFdCMEpQTg==2.exe, 6936, Delete-on-Reboot, [05f3d31232581d194ec65f0fbf46f40c]
Trojan.MSIL.Dropper, C:\Program Files (x86)\SpaceSondPro_v57.956\SpaceSondPro_Service.exe, 5188, Delete-on-Reboot, [00f89b4ae3a762d464d78c38db26cf31]
PUP.Optional.SavePass.A, C:\Users\Marcos\AppData\Local\Temp\81437877180\1QFdCMEpQTg==53.exe, 5456, Delete-on-Reboot, [d325fbea7c0e3501576b461f32cf51af]
PUP.Optional.SavePass.A, C:\Users\Marcos\AppData\Local\Temp\nsbB6F2.tmp\Jykyspgnrvq.exe, 4448, Delete-on-Reboot, [3eba4a9bc2c8f93d5270e085e021aa56]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancer.exe, 1408, Delete-on-Reboot, [6197bf264c3e61d556d35e3d3cc839c7]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe, 3956, Delete-on-Reboot, [6197bf264c3e61d556d35e3d3cc839c7]
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\hnsr9936.tmp, 6460, Delete-on-Reboot, [6f89f5f04a40d75f0a9af2ad3fc52cd4]
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\jnsr7714.tmp, 6812, Delete-on-Reboot, [6f89f5f04a40d75f0a9af2ad3fc52cd4]
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\knsg5C4D.tmpfs, 5588, Delete-on-Reboot, [6f89f5f04a40d75f0a9af2ad3fc52cd4]
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\vnsl4E7D.tmp, 7056, Delete-on-Reboot, [6f89f5f04a40d75f0a9af2ad3fc52cd4]
PUP.Optional.SpaceSoundPro.A, C:\Program Files (x86)\SpaceSondPro_v57.956\SpaceSondPro_Service.exe, 5188, Delete-on-Reboot, [f40492531278280e1300de2b4bb81ae6]
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe, 6480, Delete-on-Reboot, [df193baa5733ee48a87b37d2d92aaf51]
 
Modules: 4
PUP.Optional.SkyTech.A, C:\Users\Marcos\AppData\Local\Temp\Miui-tmp\QQBrowserFrame.dll, Delete-on-Reboot, [00f8f6ef7218d3638d75b2a3a55c5ba5], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\ApiHandlr.dll, Delete-on-Reboot, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\FiddlerCore.dll, Delete-on-Reboot, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\Newtonsoft.Json.dll, Delete-on-Reboot, [6197bf264c3e61d556d35e3d3cc839c7], 
 
Registry Keys: 30
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavePass 1.1, Quarantined, [95631dc8305af343e8d0789449ba6d93], 
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WaInterEnhancer Service, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SpaceSoundPro, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\CLASSES\CLSID\{5013A5D0-34A9-489F-BF9A-3A0E34D8902B}, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\CLASSES\CLSID\{B43F10EC-BD1C-48D5-A123-3DCA3321C187}, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hyverumu, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\kojyciwo, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\SpaceSoundPro, Quarantined, [c63283621b6fe94d6d1468375aaa07f9], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [ba3e4d98345686b023102b1f857ee31d], 
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [c92fbf26414949ed7e87167eb2524cb4], 
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, Quarantined, [6d8b687dccbe3402967e33daf60dd12f], 
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\oursurfingSoftware, Quarantined, [57a1e302eb9f51e5090c5eafd92a0ff1], 
PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\SavePass 1.1, Quarantined, [09efd90c2862fc3aed73c9699d667f81], 
PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\SavePass 1.1-nv, Quarantined, [fff9c61f2565191de27eb67c7192b54b], 
PUP.Optional.SavePass.A, HKLM\SOFTWARE\WOW6432NODE\SavePass 1.1-nv-ie, Quarantined, [9a5ed114afdbfa3c5808082a907341bf], 
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\WOW6432NODE\SpaceSondPro, Quarantined, [5e9a4e974743cb6ba1df6f30f70d9070], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WaInterEnhancer, Quarantined, [80786b7a48427eb897798c7ea75c1be5], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [0deb43a296f4ab8b1a9b47c617ecaf51], 
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, Quarantined, [6395db0aaae0979f1d1bc7d03ec63bc5], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [af494f961872ea4c38fbdd6d16edbb45], 
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [be3a8065aedc320413f2672de91bdb25], 
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [15e36a7b1c6e9a9cfdad4a4550b4e11f], 
PUP.Optional.ToolsUpdatePlatform.A, HKLM\SOFTWARE\WOW6432NODE\TOOLSUPDATEPLATFORM, Quarantined, [906827bef298d66098e34957bb492bd5], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\WaInterEnhancer, Quarantined, [23d531b40882aa8c17f8a664c34003fd], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\WajIEnhance, Quarantined, [30c87f66c1c9112562cfaa75e0231be5], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7c7cd2130783fe3892b7502b3dc76f91], 
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [956365803159a88e6c98ace8da2a06fa], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WaInterEnhancer, Quarantined, [0aeefee79cee3df9f50ddbfd768c14ec], 
PUP.Optional.ToolsUpdatePlatform.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6A128791-4857-4484-9BB2-71D4C1257200}, Quarantined, [df193baa5733ee48a87b37d2d92aaf51], 
 
Registry Values: 16
Trojan.MSIL.Dropper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|SpaceSondPro_v57.956, C:\Program Files (x86)\SpaceSondPro_v57.956\SpaceSondPro_Service.exe ro, Quarantined, [00f89b4ae3a762d464d78c38db26cf31]
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpaceSoundPro, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfing, Quarantined, [c92fbf26414949ed7e87167eb2524cb4]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Quarantined, [48b07a6b7b0f2016d92c6e264cb8b848]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, Quarantined, [976117ce5436cc6a4200da35f90a8080]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfing, Quarantined, [be3a8065aedc320413f2672de91bdb25]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Quarantined, [50a87075bccede588085682c82826a96]
PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\Marcos\AppData\Roaming\VOPackage\Uninstall.exe", Quarantined, [7286bb2a9af05ed8b3d551e5b053e31d]
PUP.Optional.ToolsUpdatePlatform.A, HKLM\SOFTWARE\WOW6432NODE\TOOLSUPDATEPLATFORM|partner, calendar, Quarantined, [906827bef298d66098e34957bb492bd5]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu|ImagePath, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\hnsr9936.tmp, Quarantined, [0fe918cd2565f54189aa2e6156ae0bf5]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hyverumu|ImagePath, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\jnsr7714.tmp, Quarantined, [9068eff63f4b26106cc76f20c341b34d]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\kojyciwo|ImagePath, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\knsg5C4D.tmpfs, Quarantined, [6b8d469fe5a52f072e05fd92bc48f010]
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfing, Quarantined, [956365803159a88e6c98ace8da2a06fa]
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Quarantined, [ca2e7d68e7a375c1f311a0f418ec748c]
PUP.Optional.VOPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Update, Quarantined, [0cec5b8a4248290dbc18807dd9292cd4], 
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|SpaceSondPro_v57.956, Quarantined, [f40492531278280e1300de2b4bb81ae6], 
 
Registry Data: 18
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.oursurfing.com/?type=sc&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.oursurfing.com/?type=sc&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[7088faeb7d0dfa3c8305e25bfe07718f]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[7583ae37830788aed9b145f8d233748c]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}),Replaced,[e81012d3602aa096a4e8e657ab5a1be5]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[09ef83626426ba7c3854c4793dc833cd]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[8177fde8bad088ae0686ac91bc49d729]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}),Replaced,[6e8a895c7a10c373d4b8a598a5603ac6]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}),Replaced,[619707de0b7fe6505f2ee05d37cedc24]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}),Replaced,[599f2abb355531051875b984679e7a86]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[cc2cf0f5325886b06f6c42f9ec1952ae]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.oursurfing.com/?type=sc&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.oursurfing.com/?type=sc&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[53a52cb9a9e19e9854343a03699cb64a]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[bc3c6184a9e104327713fa433fc6837d]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}),Replaced,[28d01ec73e4c81b5523ad964bf468e72]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[46b2ca1b31590630127ae6578e7740c0]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[966264814941f73fbad28cb1c63f01ff]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}),Replaced,[b74171746b1f7db9b4d8033aa0650ff1]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[b1478065038773c3bc1f281355b0e020]
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[8f6955906c1e41f56a1b56e7e22340c0]
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574),Replaced,[d523eef743476fc7e5a08db0f0154cb4]
 
Folders: 48
PUP.Optional.CrossRider.A, C:\Program Files (x86)\SavePass 1.1, Quarantined, [95631dc8305af343e8d0789449ba6d93], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Search, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Uninstall Wajam, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\defaults, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\defaults\preferences, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\userCode, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\locale, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\locale\en-US, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro, Delete-on-Reboot, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\config, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.Multiplug.F, C:\ProgramData\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}, Quarantined, [e810588db2d800368d1bd2cdf0140af6], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\11654767678893327051, Quarantined, [5a9e01e40585b185ccf22779a460926e], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, Quarantined, [0aeefee79cee3df9f50ddbfd768c14ec], 
PUP.Optional.GlobalUpdate.A, C:\Users\Marcos\AppData\Local\Temp\comh.337630, Quarantined, [49af45a0e4a6d462100575765ca610f0], 
PUP.Optional.VOPackage.A, C:\Users\Marcos\AppData\Roaming\VOPackage, Quarantined, [0cec5b8a4248290dbc18807dd9292cd4], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files (x86)\SpaceSondPro_v57.956, Quarantined, [f40492531278280e1300de2b4bb81ae6], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform, Quarantined, [47b17570523881b510127f8ac142a65a], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\Download, Quarantined, [47b17570523881b510127f8ac142a65a], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\Dump, Quarantined, [47b17570523881b510127f8ac142a65a], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform, Quarantined, [df193baa5733ee48a87b37d2d92aaf51], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com\chrome, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com\chrome\content, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com\chrome\skin, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\api, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\popupResource, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\userCode, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\icons, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\icons\actions, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
 
Files: 324
Adware.Bundle, C:\Users\Marcos\AppData\Local\Temp\moxcli.exe, Quarantined, [0bed8c59296152e4cc6d7e775ba5aa56], 
PUP.Optional.Outbrowse, C:\Users\Marcos\AppData\Local\Temp\Vlc media player.exe, Quarantined, [43b593520585d75f6f50adc33ec7b64a], 
PUP.Optional.Outbrowse, C:\Users\Marcos\AppData\Local\Temp\bedhcifheb.exe, Quarantined, [827632b36f1b3afc2c935020fa0bc937], 
PUP.Optional.OurSeaching.A, C:\Users\Marcos\AppData\Local\Temp\81437877180\0QFdCMEpQTg==2.exe, Quarantined, [05f3d31232581d194ec65f0fbf46f40c], 
PUP.Optional.SkyTech.A, C:\Users\Marcos\AppData\Local\Temp\Miui-tmp\QQBrowserFrame.dll, Quarantined, [00f8f6ef7218d3638d75b2a3a55c5ba5], 
Trojan.MSIL.Dropper, C:\Program Files (x86)\SpaceSondPro_v57.956\SpaceSondPro_Service.exe, Quarantined, [00f89b4ae3a762d464d78c38db26cf31], 
PUP.Optional.SavePass.A, C:\Users\Marcos\AppData\Local\Temp\81437877180\1QFdCMEpQTg==53.exe, Quarantined, [d325fbea7c0e3501576b461f32cf51af], 
PUP.Optional.SavePass.A, C:\Users\Marcos\AppData\Local\Temp\nsbB6F2.tmp\Jykyspgnrvq.exe, Quarantined, [3eba4a9bc2c8f93d5270e085e021aa56], 
Trojan.Downloader, C:\ProgramData\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\gamesetup.exe, Quarantined, [58a060857f0b310558d6d4f05ba652ae], 
PUP.Optional.Nova.A, C:\Program Files (x86)\22e02f83-9986-4b7b-9ee2-23d7d5e7bdf5\26f9b6b6-7b1f-450d-b4b1-6398f9dc240d.dll, Quarantined, [5a9eb530d3b7bb7b3c4b78e27f82649c], 
PUP.Optional.Crossrider, C:\Program Files (x86)\22e02f83-9986-4b7b-9ee2-23d7d5e7bdf5\5d52fa16-b6b1-4252-b93d-4f769466b795.dll, Quarantined, [5f99a342761459dd649a436aa859cc34], 
PUP.Optional.Nova.A, C:\Program Files (x86)\7-Zip\21ae5ab4-857f-495a-bc81-1161f3136497.dll, Quarantined, [9860a540c7c346f010775901e21f06fa], 
PUP.Optional.Crossrider, C:\Program Files (x86)\7-Zip\22e02f83-9986-4b7b-9ee2-23d7d5e7bdf5.dll, Quarantined, [44b40fd6a0ea3cfa2ad4e7c6a65bf30d], 
PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass 1.1\0de8e6c1-9db5-4bb2-af4f-95cd6cd3186e-5.exe, Quarantined, [8177469fbfcb74c2744e6005b74a768a], 
PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass 1.1\0de8e6c1-9db5-4bb2-af4f-95cd6cd3186e-64.exe, Quarantined, [6395af36305a1125f3cf33324db4da26], 
PUP.Optional.Nova.A, C:\Program Files (x86)\SavePass 1.1\a99a4f61-9364-430e-b9ee-ae23219f1823.dll, Quarantined, [df1919cc91f96acc98ef5208f30e946c], 
PUP.Optional.Crossrider, C:\Program Files (x86)\SavePass 1.1\e0612541-25cc-4384-b567-cc8c4bc9ae15.dll, Quarantined, [f20643a21674d363a35b06a7a160ee12], 
PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass 1.1\UninstallBrw.exe, Quarantined, [6791b72eaae0ea4cfcc686df54ad16ea], 
PUP.Optional.SavePass.A, C:\Program Files (x86)\SavePass 1.1\utils.exe, Quarantined, [3ebaf8ed4842a096784ab9acc041fc04], 
Trojan.Agent, C:\Users\Marcos\AppData\Local\Temp\nsmF39D.tmp, Quarantined, [679184613c4e38fe24cc62cc22e3dd23], 
PUP.Optional.ModGoog, C:\Users\Marcos\AppData\Local\Temp\comh.337630\globalupdateBroker.exe, Quarantined, [d523d411c5c5270fbec44a462bd69868], 
PUP.Optional.ModGoog, C:\Users\Marcos\AppData\Local\Temp\comh.337630\globalupdateCrashHandler.exe, Quarantined, [17e16e7734564fe7bcc6197704fdc937], 
PUP.Optional.ModGoog, C:\Users\Marcos\AppData\Local\Temp\comh.337630\globalupdateOnDemand.exe, Quarantined, [8573a1441b6fe0566a183b55c1405aa6], 
PUP.Optional.ModGoog, C:\Users\Marcos\AppData\Local\Temp\comh.337630\goopdate.dll, Quarantined, [de1a8461d1b9b3834a384e42669ba45c], 
PUP.Optional.ModGoog, C:\Users\Marcos\AppData\Local\Temp\comh.337630\goopdateres_en.dll, Quarantined, [44b41dc884062f07146ef59b06fb0af6], 
PUP.Optional.ModGoog, C:\Users\Marcos\AppData\Local\Temp\comh.337630\npglobalupdateUpdate4.dll, Quarantined, [24d44f9607832214dea4632db64bad53], 
PUP.Optional.ModGoog, C:\Users\Marcos\AppData\Local\Temp\comh.337630\psmachine.dll, Quarantined, [80781fc65634d95ddfa380107b8635cb], 
PUP.Optional.ModGoog, C:\Users\Marcos\AppData\Local\Temp\comh.337630\psuser.dll, Quarantined, [17e1499c6921c5716e146e22bd444bb5], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Windows\System32\Tasks\ToolsUpdatePlatform_ScheduledTask, Quarantined, [91679b4ae9a1181e41f8c347f2117c84], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job, Quarantined, [1cdce3024b3f5fd7f446ad5d91727987], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\SavePass 1.1\bgNova.html, Quarantined, [95631dc8305af343e8d0789449ba6d93], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\SavePass 1.1\0de8e6c1-9db5-4bb2-af4f-95cd6cd3186e.xpi, Quarantined, [95631dc8305af343e8d0789449ba6d93], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\SavePass 1.1\a99a4f61-9364-430e-b9ee-ae23219f1823.crx, Quarantined, [95631dc8305af343e8d0789449ba6d93], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\SavePass 1.1\Uninstall.exe, Quarantined, [95631dc8305af343e8d0789449ba6d93], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Wajam Website.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Settings.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\SignIn with Facebook.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\SignIn with Twitter.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Search\Ask.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Search\Google.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Search\IMDb.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Search\Shopping.com.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Search\TripAdvisor.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Search\Wikipedia.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Search\Yahoo!.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Amazon.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Argos.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Ebay.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Etsy.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\HomeDepot.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Ikea.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Lowe's.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Mercadolivre.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\MyShopping.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Sears.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Target.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Tesco.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Walmart.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Explore Social Shopping\Zalando.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer\Uninstall Wajam\uninstall.lnk, Quarantined, [6c8c29bc8ffbfa3c6960818b798a0cf4], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\crossrider_statusbar.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\button1.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\button2.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\button3.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\button4.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\button5.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\icon128.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\icon16.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\icon24.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\icon48.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\panelarrow-up.png, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\popup.html, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\skin.css, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\skin\update.css, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome.manifest, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\install.rdf, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\219512fb705477159c900c8860e9f3dc.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\3dcdae56e91b80105cd362793ba06418.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\643883921b9d7710192ad4519f524030.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\656a311b41cd050f33c8e6e1e6186c38.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\b12db8ba51969eb0796a2ff0790f53b3.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\background.html, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\browser.xul, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\dialog.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\f502b535a284e605a40b51da7c71fedd.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\options.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\options.xul, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\search_dialog.xul, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\af95f709649f2140b00eae0d21e8ca1a.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\086ca342e926b29f68f4dbf7c5341f32.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\25252787301a17894e2976fce524137d.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\3e714cb30cfb3726bb7607e93903e297.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\4bc1b44ad37b5f731d910f0f5457cea0.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\58cc81639f4ebc6b5efb7f6eed94e312.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\7dbc0c1491394d2d0cda6a6be40f2477.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\861507381bd4a4ca8da7b2fbc642cc72.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\a02aedfd6e416b915eb6453be9dd6039.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\b2f51a36c0edd8c234b6984e00605317.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\b5d1c8171ed98353edff1a7411eb300a.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\bb0cbf2e1fb35b999ce45e486aa7d823.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\ccf8f2c1aab7778050b565f001202b8e.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\ce1a087a90bf6854f14f578598ad145b.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\d6a7c046cbbf3e58c5e46e5f1e669527.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\api\f045b36e756ee0a82a6f452308d1f348.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\9c2d63d342cd5d89f0e8774fb34c2bdd.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\08d71c9b7d86a2f4d0948b4ec02ee910.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\289d1f1b7181ab6fd1585e1a407795a5.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\28fc8c7c2b0c2d6223aa0d0145e81cd8.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\3d42e127df5cce52135978c83602dbd4.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\3e68be40f5da52fa425d19414565f2af.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\4c290b777a0eca02d61edc5f50550a5d.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\5cbf21acfc31fca9ca1b9714959284dc.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\71f4e89d321d77cd563e16464d665726.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\7ed7565da0ad3ef16e48daee6bc7cf74.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\8c0af02ff9fb99d4d629c566da48f31a.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\907ae0901ba47be422969427d9968e96.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\aacc89446cb626d297917cd195120d40.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\bbe29f8b138b1fb1ea5f2e58b67ed0fd.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\c1e80fc8863295e0b16950670bf0c1ca.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\df88649c6c45640f84a5980cd57745f4.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\e4c778bbce835e4147ecc3b9f390bb6a.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\fadb837dbd401e641ccd477792f578e4.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\fc293d68a706bd8f7491be1acd43871b.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\fd63af4eef9550f3baf42ee11d677360.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\chrome\content\core\installer.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\defaults\preferences\prefs.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\manifest.xml, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins.json, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\102.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\13.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\14.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\16.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\17.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\180.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\192.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\195.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\200.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\220.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\223.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\242.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\246.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\253.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\281.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\288.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\300.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\339.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\345.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\354.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\376.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\379.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\390.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\391.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\4.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\415.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\47.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\64.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\7.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\78.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\9.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\plugins\91.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\userCode\background.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\extensionData\userCode\extension.js, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\locale\en-US\translations.dtd, Quarantined, [a6522cb9f7930f27f4b4810f05ff12ee], 
PUP.Optional.OurSurfing.ShrtCln, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\searchplugins\oursurfing.xml, Quarantined, [9c5c9352d8b226109e637e163fc5e31d], 
Trojan.Agent.E, C:\Users\Marcos\AppData\Local\Temp\TNZ0r\file.exe, Quarantined, [73852abbe3a77db9ece6c0da08fcd030], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\wajam.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\amazon.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\argos.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\ask.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\bestbuy.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\ebay.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\etsy.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\facebook.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\favicon.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\google.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\homedepot.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\ikea.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\imdb.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\lowes.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\mercado.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\mysearchweb.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\myshopping.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\searchresult.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\sears.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\setting.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\settings.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\shopping.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\target.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\tesco.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\tripadvisor.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\twitter.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\walmart.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\wiki.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\yahoo.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\Logos\zalando.ico, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\uninstall.exe, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\ApiHandlr.dll, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\FiddlerCore.dll, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\HtmlAgilityPack.dll, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancer.exe, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\lan-proxy-settings.dat, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\makecert.exe, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\Newtonsoft.Json.dll, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\wie, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\WJManifest, Quarantined, [6197bf264c3e61d556d35e3d3cc839c7], 
PUP.Optional.SpaceSoundPro.A, C:\Users\Marcos\Desktop\SpaceSoundPro.lnk, Quarantined, [b93f4c99d7b34beb443709965da737c9], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\Uninstall.exe, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\backup_Realtek High Definition Audio_Alto-falantes.reg, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\backup_Realtek High Definition Audio_Realtek Digital Output.reg, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\silentconfigurator.exe, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\silentunconfigurator.exe, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\SpaceSoundPro.dll, Delete-on-Reboot, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\config\SpaceSoundPro.err, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files\SpaceSoundPro\config\SpaceSoundProUser.conf, Quarantined, [e8109c49b2d85ed8423b128d818334cc], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\hnsr9936.tmp, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\jnsr7714.tmp, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\knsg5C4D.tmpfs, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\rnsb70E8.exe, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\Uninstall.exe, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\4C4C4544-1437877256-3210-804E-B4C04F375331\vnsl4E7D.tmp, Quarantined, [6f89f5f04a40d75f0a9af2ad3fc52cd4], 
PUP.Optional.Multiplug.F, C:\ProgramData\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\gamesetup.exe, Quarantined, [e810588db2d800368d1bd2cdf0140af6], 
PUP.Optional.Multiplug.F, C:\ProgramData\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\1170912e6c0ad881, Quarantined, [e810588db2d800368d1bd2cdf0140af6], 
PUP.Optional.Multiplug.F, C:\ProgramData\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\dc8d377b4bde3f55, Quarantined, [e810588db2d800368d1bd2cdf0140af6], 
PUP.Optional.Multiplug.F, C:\ProgramData\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\gamesetup.dat, Quarantined, [e810588db2d800368d1bd2cdf0140af6], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\11654767678893327051\096c4dc5c27fa0d35c90a3a82e944380.ini, Quarantined, [5a9e01e40585b185ccf22779a460926e], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, Quarantined, [0aeefee79cee3df9f50ddbfd768c14ec], 
PUP.Optional.GlobalUpdate.A, C:\Users\Marcos\AppData\Local\Temp\comh.337630\globalupdateHelper.msi, Quarantined, [49af45a0e4a6d462100575765ca610f0], 
PUP.Optional.VOPackage.A, C:\Users\Marcos\AppData\Roaming\VOPackage\Uninstall.exe, Quarantined, [0cec5b8a4248290dbc18807dd9292cd4], 
PUP.Optional.VOPackage.A, C:\Users\Marcos\AppData\Roaming\VOPackage\VOPackage.exe, Quarantined, [0cec5b8a4248290dbc18807dd9292cd4], 
PUP.Optional.SpaceSoundPro.A, C:\Program Files (x86)\SpaceSondPro_v57.956\SpaceSondPro_Service.exe, Quarantined, [f40492531278280e1300de2b4bb81ae6], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\BrowserInfo.encode, Quarantined, [47b17570523881b510127f8ac142a65a], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\CloudUpdateInfo.encode, Quarantined, [47b17570523881b510127f8ac142a65a], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\LocalAppInfo.encode, Quarantined, [47b17570523881b510127f8ac142a65a], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\LocalInfo.encode, Quarantined, [47b17570523881b510127f8ac142a65a], 
PUP.Optional.ToolsUpdatePlatform.A, C:\ProgramData\ToolsUpdatePlatform\Dump\BugReportConfig.ini, Quarantined, [47b17570523881b510127f8ac142a65a], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\BrowserInfo.exe, Quarantined, [df193baa5733ee48a87b37d2d92aaf51], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\CrashReport.exe, Quarantined, [df193baa5733ee48a87b37d2d92aaf51], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\CrashUL.exe, Quarantined, [df193baa5733ee48a87b37d2d92aaf51], 
PUP.Optional.ToolsUpdatePlatform.A, C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe, Quarantined, [df193baa5733ee48a87b37d2d92aaf51], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com\chrome.manifest, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com\install.rdf, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com\chrome\content\toolbar.xul, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\defsearchp@gmail.com\chrome\skin\icon.png, Quarantined, [8d6bf6efc5c593a38be14fbabe45a65a], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\deeee33fe6d713812a7c23131bfc8cac.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\50455442810a4c99e54db97f857038ec.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\main.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\api\1d437031d24cce88c08d2ec1dcecd857.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\api\25ea7d1281c0f31a47ca76315e5f4ca7.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\api\7f6da8d441371f9bd2046ecde081e982.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\api\b2d8f37eb6fc26ddf5d6ba992cf01dec.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\api\e540603e4c7c2012d86bc02e9d3adbd7.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\api\pageAction.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\02937c8b33564dc30777496d9cecd826.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\2c30834499719415e41088d6b3cb349d.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\520e76a28c773668517174686cf58870.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\58bc41196ede1dca4c0fb9cb605771da.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\64118b484e19cb3c30608abd8f38a99c.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\7f8ef7dd5edda77a86bfb9c346dd6d71.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\87b3cea04543c527bdf7eeeedf2f038d.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\94a7b6e3ef537a5b5f0fac096577102f.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\a110e079d454006f10a91e0b5c4bd0f5.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\a92ce636105eb5efa17d26962d6f17d8.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\ad8a6591c9079a20a18a08a3794676ca.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\app_api.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\c01e22b2b759f07e8d0be40fd90073bd.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\c0c657f1ab9f6b1bf7feee10e6bd8c85.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\d104a63e3792f0b5fffafb049edb9a35.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\installer.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\popupResource\newPopup.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\js\lib\popupResource\popup.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\background.html, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\chromeCoreFilesIndex.txt, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\manifest.json, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\popup.html, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\Settings.json, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\manifest.xml, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins.json, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\102.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\13.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\14.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\17.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\180.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\19.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\192.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\195.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\200.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\220.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\223.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\242.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\246.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\253.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\281.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\288.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\300.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\339.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\345.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\354.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\376.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\379.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\390.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\391.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\4.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\415.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\47.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\64.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\7.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\78.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\80.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\9.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\91.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\plugins\97.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\userCode\background.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\extensionData\userCode\extension.js, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\icons\icon128.png, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\icons\icon16.png, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\icons\icon48.png, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh\1.26.85_0\icons\actions\1.png, Quarantined, [da1eb62f4b3faf87af81f08133d2b14f], 
PUP.Optional.CrossRider.A, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14ec82c15e7b3f873bad75bc60407ae0");), Replaced,[2ccc16cf800ae254c7d99dd83bca6e92]
PUP.Optional.OurSurfing.ShrtCln, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.oursurfing.com/newtab/?type=nt&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574");), Replaced,[23d5c0253852e551c8ad690df31213ed]
PUP.Optional.OurSurfing.ShrtCln, C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\prefs.js, Good: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (browser.startup.homepage", "http://www.oursurfing.com), Replaced,[47b1faeb5e2cc076c72e393e0500fb05]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:46 PM

Posted 31 July 2015 - 10:45 AM

Hi nego191

Thanks for the MBAM report.
 

I have not set up the proxy you described before. How can I disable it?

Don't worry, I'll take care of it in the fix.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, UTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Marcos\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 2
Let's double check for any adware leftovers:

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool
  • Please post the contents of that logfile with your next reply.
Step 3



CHR dev: Chrome dev build detected! <======= ATTENTION

Unless you did this yourself, malware has changed your Chrome version into the Development Build.
Among other things this allows malware to install any extension it wants. We need to resolve this.
I recommend that you uninstall Google Chrome and download a fresh copy from:
http://www.google.com/chrome/


Step 4
You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.



In your next reply, please submit:
Fixlog.txt
AdwCleaner report
also let me know which AV you installed.


Thanks.

Attached Files


Edited by Starbuck, 31 July 2015 - 10:47 AM.

BBPP6nz.png


#5 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 02 August 2015 - 10:13 PM

Fix Log:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Marcos (2015-08-01 00:00:47) Run:1
Running from C:\Users\Marcos\Downloads
Loaded Profiles: Marcos (Available Profiles: Marcos)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
() C:\Program Files\Checker\check.exe
() C:\Users\Marcos\AppData\Local\Construtorde\construtor.exe
() C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50828;https=127.0.0.1:50828
SearchScopes: HKU\S-1-5-21-1438545249-339806314-3607663721-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1438545249-339806314-3607663721-1002 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF SelectedSearchEngine: oursurfing
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
R2 Checker; C:\Program Files\Checker\check.exe [376832 2015-07-20] () [File not signed]
R2 EJKD14; C:\Users\Marcos\AppData\Local\Construtorde\construtor.exe [33280 2015-07-25] () [File not signed]
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe [133256 2015-06-17] ()
U3 aep9i8w3; C:\Windows\System32\Drivers\aep9i8w3.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 ALSysIO; \??\C:\Users\Marcos\AppData\Local\Temp\ALSysIO64.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 mdf16; \??\C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [X]
S3 mvd23; \??\C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [X]
2015-07-25 23:21 - 2015-07-25 23:26 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-07-25 23:20 - 2015-07-26 00:17 - 00000000 ____D C:\Program Files\Checker
2015-07-25 23:21 - 2015-07-25 23:21 - 00000008 _____ C:\END
2015-07-25 23:20 - 2015-07-26 00:18 - 00000000 ____D C:\Users\Marcos\AppData\Local\Construtorde
2015-07-25 23:20 - 2015-07-25 23:20 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\CalendarTool
2015-07-25 23:20 - 2015-07-25 23:20 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-07-11 20:57 - 2015-05-07 20:56 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2015-07-11 20:57 - 2015-05-07 20:56 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-13 23:52 - 2015-07-25 23:47 - 00000334 _____ C:\Windows\Tasks\DirectSpeech.job
2015-07-25 23:09 - 2015-07-25 23:47 - 00000334 _____ C:\Windows\Tasks\LightningDisk.job
2015-07-25 23:09 - 2015-07-25 23:36 - 00003260 _____ C:\Windows\System32\Tasks\LightningDisk
2015-07-25 23:37 - 2012-03-24 23:50 - 00003038 _____ C:\Windows\System32\Tasks\{D7807652-85D1-4CD8-AF48-C2B083F07717}
2015-07-25 23:37 - 2011-12-15 13:40 - 00003042 _____ C:\Windows\System32\Tasks\{96D411C2-3739-4D4C-8C53-A7A2097EC04E}
2015-07-25 23:36 - 2015-05-18 22:01 - 00003136 _____ C:\Windows\System32\Tasks\{3903386B-0DAF-4BB7-995E-4C987E93331F}
2015-07-25 23:36 - 2012-04-16 15:27 - 00003000 _____ C:\Windows\System32\Tasks\{2EA13EAB-8382-43A2-9AFA-099592A53AFF}
2015-07-25 23:36 - 2011-12-25 20:50 - 00002992 _____ C:\Windows\System32\Tasks\{4C51C2B9-89E9-4B69-BEB9-D0386F556BA1}
2015-07-25 23:35 - 2012-04-16 15:29 - 00003000 _____ C:\Windows\System32\Tasks\{AC601E81-840D-49E9-82E6-D076EE824445}
2015-07-25 23:35 - 2012-04-16 15:27 - 00003000 _____ C:\Windows\System32\Tasks\{F3AF71A4-3CEF-4E9D-9347-42BB0B7D7365}
2015-07-25 23:35 - 2012-04-16 15:27 - 00003000 _____ C:\Windows\System32\Tasks\{BA69FBCA-592C-42A6-9139-F10015D2144A}
2015-07-25 23:35 - 2011-12-25 20:54 - 00002992 _____ C:\Windows\System32\Tasks\{ECB562DB-18F8-4DA4-8824-5591E5A3292D}
2015-07-25 23:35 - 2011-12-25 20:52 - 00002992 _____ C:\Windows\System32\Tasks\{EB1C56EC-D37B-4302-A51C-D78598626176}
Task: {1FA4D59E-12CD-4C14-B3A7-C9BF198C6317} - System32\Tasks\DirectSpeech => c:\programdata\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\gamesetup.exe <==== ATTENTION
Task: {255E1B66-ACD7-4BAB-B9C5-1A84E790AE10} - System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exe [2015-06-17] ()
Task: {2ED4B3AF-E750-499F-BE4D-D7AC94FB4D90} - System32\Tasks\{1FDE2E93-6045-4C41-98B7-B4BB139744F5} => pcalua.exe -a "E:\Jogos Alexbk\Age III\Age_ of_Empires_III_-_The_Asian_Dynasties_www.agemania.com.br\age_of_empires_3_the_asian_dynasties_www.baixar.info.exe" -d "E:\Jogos Alexbk\Age III\Age_ of_Empires_III_-_The_Asian_Dynasties_www.agemania.com.br"
Task: {56C96736-9B67-44F5-B2BA-C8250428AEB3} - System32\Tasks\{96D411C2-3739-4D4C-8C53-A7A2097EC04E} => pcalua.exe -a F:\Autorun.exe -d F:\
Task: {5956CFFA-E64F-4DFF-B8EC-AB1AD0C23EC3} - System32\Tasks\LightningDisk => c:\programdata\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\gamesetup.exe <==== ATTENTION
Task: {5A5DC96C-3A02-48C8-AFE3-6FE61473833A} - System32\Tasks\{FDE09AD0-E8CF-496A-859A-2726B0981DAE} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}\setup.exe" -c -runfromtemp -l0x0416 -removeonly
Task: {E81D5DA1-E70B-40DD-B279-2418F1610FBD} - System32\Tasks\{D7807652-85D1-4CD8-AF48-C2B083F07717} => pcalua.exe -a E:\setup.exe -d E:\
Task: C:\Windows\Tasks\DirectSpeech.job => c:\programdata\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\gamesetup.exe <==== ATTENTION
Task: C:\Windows\Tasks\LightningDisk.job => c:\programdata\{eca5229b-6f4d-b020-eca5-5229b6f48a6d}\gamesetup.exe <==== ATTENTION
Task: C:\Windows\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job => C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exeo-RunCloudOPTClient C:\Program Files (x86)\CalendarTool\1.3.1.10384\CloudOPTClient\CloudOPTClient.exe
2015-07-20 10:17 - 2015-07-20 10:17 - 00376832 _____ () C:\Program Files\Checker\check.exe
2015-07-25 23:20 - 2015-07-25 23:20 - 00033280 _____ () C:\Users\Marcos\AppData\Local\Construtorde\construtor.exe
2015-06-17 06:20 - 2015-06-17 06:20 - 00133256 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe
2015-06-17 06:20 - 2015-06-17 06:20 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPTask.dll
2015-06-17 06:20 - 2015-06-17 06:20 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPNet.dll
2015-06-17 06:20 - 2015-06-17 06:20 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPDR.dll
AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:FB1B13D8
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\SpaceSondPro_v57.956
CMD: ipconfig /flushdns
EmptyTemp:
RemoveProxy:
Hosts:
*****************
 
C:\Program Files\Checker\check.exe => No running process found
C:\Users\Marcos\AppData\Local\Construtorde\construtor.exe => No running process found
C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe => No running process found
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => key removed successfully
HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513" => key removed successfully
Checker => service not found.
EJKD14 => service not found.
TheCalendarService => service not found.
aep9i8w3 => service not found.
ALSysIO => service removed successfully
hwdatacard => service removed successfully
mdf16 => service removed successfully
mvd23 => service removed successfully
"C:\Program Files (x86)\SpaceSondPro" => File/Folder not found.
C:\Program Files\Checker => moved successfully.
C:\END => moved successfully.
"C:\Users\Marcos\AppData\Local\Construtorde" => File/Folder not found.
"C:\Users\Marcos\AppData\Roaming\CalendarTool" => File/Folder not found.
"C:\Program Files (x86)\CalendarTool" => File/Folder not found.
C:\Users\Todos os Usuários\boost_interprocess => moved successfully.
"C:\ProgramData\boost_interprocess" => File/Folder not found.
C:\Windows\Tasks\DirectSpeech.job => moved successfully.
C:\Windows\Tasks\LightningDisk.job => moved successfully.
C:\Windows\System32\Tasks\LightningDisk => moved successfully.
C:\Windows\System32\Tasks\{D7807652-85D1-4CD8-AF48-C2B083F07717} => moved successfully.
C:\Windows\System32\Tasks\{96D411C2-3739-4D4C-8C53-A7A2097EC04E} => moved successfully.
C:\Windows\System32\Tasks\{3903386B-0DAF-4BB7-995E-4C987E93331F} => moved successfully.
C:\Windows\System32\Tasks\{2EA13EAB-8382-43A2-9AFA-099592A53AFF} => moved successfully.
C:\Windows\System32\Tasks\{4C51C2B9-89E9-4B69-BEB9-D0386F556BA1} => moved successfully.
C:\Windows\System32\Tasks\{AC601E81-840D-49E9-82E6-D076EE824445} => moved successfully.
C:\Windows\System32\Tasks\{F3AF71A4-3CEF-4E9D-9347-42BB0B7D7365} => moved successfully.
C:\Windows\System32\Tasks\{BA69FBCA-592C-42A6-9139-F10015D2144A} => moved successfully.
C:\Windows\System32\Tasks\{ECB562DB-18F8-4DA4-8824-5591E5A3292D} => moved successfully.
C:\Windows\System32\Tasks\{EB1C56EC-D37B-4302-A51C-D78598626176} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FA4D59E-12CD-4C14-B3A7-C9BF198C6317}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FA4D59E-12CD-4C14-B3A7-C9BF198C6317}" => key removed successfully
C:\Windows\System32\Tasks\DirectSpeech => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DirectSpeech" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{255E1B66-ACD7-4BAB-B9C5-1A84E790AE10} => key not found. 
C:\Windows\System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ED4B3AF-E750-499F-BE4D-D7AC94FB4D90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ED4B3AF-E750-499F-BE4D-D7AC94FB4D90}" => key removed successfully
C:\Windows\System32\Tasks\{1FDE2E93-6045-4C41-98B7-B4BB139744F5} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1FDE2E93-6045-4C41-98B7-B4BB139744F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56C96736-9B67-44F5-B2BA-C8250428AEB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56C96736-9B67-44F5-B2BA-C8250428AEB3}" => key removed successfully
C:\Windows\System32\Tasks\{96D411C2-3739-4D4C-8C53-A7A2097EC04E} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{96D411C2-3739-4D4C-8C53-A7A2097EC04E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5956CFFA-E64F-4DFF-B8EC-AB1AD0C23EC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5956CFFA-E64F-4DFF-B8EC-AB1AD0C23EC3}" => key removed successfully
C:\Windows\System32\Tasks\LightningDisk not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LightningDisk" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A5DC96C-3A02-48C8-AFE3-6FE61473833A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A5DC96C-3A02-48C8-AFE3-6FE61473833A}" => key removed successfully
C:\Windows\System32\Tasks\{FDE09AD0-E8CF-496A-859A-2726B0981DAE} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDE09AD0-E8CF-496A-859A-2726B0981DAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E81D5DA1-E70B-40DD-B279-2418F1610FBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E81D5DA1-E70B-40DD-B279-2418F1610FBD}" => key removed successfully
C:\Windows\System32\Tasks\{D7807652-85D1-4CD8-AF48-C2B083F07717} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7807652-85D1-4CD8-AF48-C2B083F07717}" => key removed successfully
C:\Windows\Tasks\DirectSpeech.job not found.
C:\Windows\Tasks\LightningDisk.job not found.
C:\Windows\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job not found.
"C:\Program Files\Checker\check.exe" => File/Folder not found.
"C:\Users\Marcos\AppData\Local\Construtorde\construtor.exe" => File/Folder not found.
"C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe" => File/Folder not found.
"C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPTask.dll" => File/Folder not found.
"C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPNet.dll" => File/Folder not found.
"C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPDR.dll" => File/Folder not found.
C:\ProgramData\Temp => ":FB1B13D8" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":FB1B13D8" ADS not found.
"C:\Program Files\SpaceSoundPro" => File/Folder not found.
"C:\Program Files (x86)\SpaceSondPro_v57.956" => File/Folder not found.
 
=========  ipconfig /flushdns =========
 
 
Configura��o de IP do Windows
 
Libera��o do Cache do DNS Resolver bem-sucedida.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1438545249-339806314-3607663721-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 00:01:50 ====
 
Adware Cleaner Log:
 
# AdwCleaner v4.208 - Relatório criado 01/08/2015 às 00:10:12
# Atualizado 09/07/2015 por Xplode
# Base de dados : 2015-07-26.2 [Servidor]
# Sistema operacional : Windows 7 Home Premium Service Pack 1 (x64)
# Usuário : Marcos - MARCOS-PC
# Executando de : C:\Users\Marcos\Downloads\AdwCleaner.exe
# Opção : Verificar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
 
***** [ Tarefas agendadas ] *****
 
 
***** [ Atalhos ] *****
 
Atalho Infectado : C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Infectado : C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
 
***** [ Registro ] *****
 
Chave Encontrado : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Chave Encontrado : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Encontrado : HKLM\SOFTWARE\1afdea81-bacb-16ed-435b-0453b9aa23fe
Chave Encontrado : HKLM\SOFTWARE\GlobalUpdate
Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v
 
[8wpc2obe.default] - Linha Encontrado : user_pref("browser.search.searchengine.alias", "oursurfing");
[8wpc2obe.default] - Linha Encontrado : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/favicon.ico");
[8wpc2obe.default] - Linha Encontrado : user_pref("browser.search.searchengine.name", "oursurfing");
[8wpc2obe.default] - Linha Encontrado : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574[...]
 
-\\ Google Chrome v
 
[C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : hxxp://www.oursurfing.com/web/?type=ds&ts=1437877250&z=970a0cd5b6e6353bd863e14g6z0c6m7b2m1m5oew1t&from=2sq&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A81R6574R6574&q={searchTerms}
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [2318 bytes] - [01/08/2015 00:10:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2377 bytes] ##########
 
 
Reinstalled chrome, and have chosen Bitdefender, although I already had Malwarebytes premium. Updated both programs and ran full scan, no results were found.


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:46 PM

Posted 03 August 2015 - 12:16 PM

Hi nego191

have chosen Bitdefender, although I already had Malwarebytes premium

MBAM will run along side your resident Anti Virus program but it's not recommended to use it as a substitute for the AV.
So having both is the way to go. :)

In your opening post, you said:

However I can't play songs anymore (Winamp, media player...).

Has this been fixed now?

Thanks

BBPP6nz.png


#7 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 06 August 2015 - 05:23 PM

Yes, it looks like everything is ok now.

 

Thanks



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:46 PM

Posted 06 August 2015 - 11:41 PM

Hi nego191

it looks like everything is ok now.

That's good to hear. :)

Let's just double check everything now.

I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • If asked, allow the activex control to install
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.
Or use either Firefox or Chrome which almost certainly will be 32bit versions.

Please post the report if anything is found.

Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users