Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome keeps opening with ads


  • Please log in to reply
18 replies to this topic

#1 Sharkb0y24

Sharkb0y24

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 28 July 2016 - 09:40 AM

Hey guys i ran into a problem couple of days ago, Chrome my default browser keeps opening up on its own, all of it is useless ads. Removed and reinstalled chrom,  Ran MBAM and sophos and it came up with nothing. Noticed that my windows defender was turned off from group policy, changed it and ran it, nothing. I have scaned for rootkits and got nothing, but running rkill comes up with several hosts that i can seem to get terminated. Not sure if im dealing with persistent malware that MBAM cant find or what. Anyone have any ideas on whats next 



BC AdBot (Login to Remove)

 


#2 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 28 July 2016 - 10:39 AM

Hello, and welcome to the fourms. I have signed up just to help you.

 

Here are a few things you can do to resolve this problem.

 

First, open Google Chrome and click the three bars on the top right side. Choose "Settings". On the left side, click "Extensions". If you see anything odd, remove it with the trash can symbol.

 

Second, install Adblock Plus to Google Chrome. This should help with future adware infections and popups. Download link: https://adblockplus.org/

 

-- This step may not be needed if the above fixes the issue --

 

Third, install AdwCleaner. This should detect and kill any adware on the machine. Download link: http://www.bleepingcomputer.com/download/adwcleaner/

 

When the scan is finished, choose to restart the machine and see if the popups presist. If they do, please let me know and I'd be glad to help you.

 

Happy Surfing!


Edited by Ant_Teh_Nee, 28 July 2016 - 10:42 AM.


#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:33 AM

Posted 28 July 2016 - 10:48 AM

RKill is not intended to used to remove what it finds, it kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  You need to start RKill without restarting the computer and then run scans with antimalware and antivirus programs.

 

After you have run your scan post the logs in your topic.  If you need instructions for locating your logs, let me know.


Edited by dc3, 28 July 2016 - 10:52 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Sharkb0y24

Sharkb0y24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 28 July 2016 - 11:03 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/28/2016
Scan Time: 8:34 AM
Logfile: Log1.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.28.03
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Steven
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283307
Time Elapsed: 3 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Rkill log is as follows 
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/28/2016 08:44:09 AM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * NetBT (NetBT) is not Running.
   Startup Type set to: System
 
 * NSI Proxy Service Driver (nsiproxy) is not Running.
   Startup Type set to: System
 
 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com
 
Program finished at: 07/28/2016 08:44:21 AM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
 
The 5 host entries stays the same, but killing them does nothing. 


#5 Sharkb0y24

Sharkb0y24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 28 July 2016 - 11:13 AM

Apologizes for the crazyness, so far i have come up with a possible smart new tab virus. If i delete the hosts listed above in rkill from the windows host file does that solve the problem or does it go deeper than that. First virus that i have seen that is this good at hiding 


Edited by Sharkb0y24, 28 July 2016 - 11:13 AM.


#6 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 28 July 2016 - 11:21 AM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/28/2016
Scan Time: 8:34 AM
Logfile: Log1.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.28.03
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Steven
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283307
Time Elapsed: 3 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Rkill log is as follows 
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/28/2016 08:44:09 AM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * NetBT (NetBT) is not Running.
   Startup Type set to: System
 
 * NSI Proxy Service Driver (nsiproxy) is not Running.
   Startup Type set to: System
 
 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com
 
Program finished at: 07/28/2016 08:44:21 AM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
 
The 5 host entries stays the same, but killing them does nothing. 

 

 

Hello! It seems you have not completed the following steps I've provided. However, I did notice on the logs some rootkit-like activity on the computer. Evasiveness almost always points to a Rootkit. However, I cannot determine anything until the steps earlier are followed. However, I will help with what you have provided me.

 

First, Please re-enable Malware Protection, Malicious Website Protection, and Self-protection on Malwarebytes.

 

Second, check and see if Windows Firewall is running. Malwarebytes claimed to have set the Firewall to start. All of the most important Windows processes to help against infections seems to have been disabled. If Windows Firewall is not on, this will confirm an issue with your computer.

 

All of the info on the logs points to a likely Rootkit infection. Evasiveness almost always points to a Rootkit. After following the steps above, please run another CUSTOM SCAN on Malwarebytes, but this time enable rootkit scanning (Mid Left when configuring the scan) and check mark all drives.

 

Please give me the results.

 

Happy Surfing!


Edited by Ant_Teh_Nee, 28 July 2016 - 11:24 AM.


#7 Sharkb0y24

Sharkb0y24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 28 July 2016 - 12:20 PM

ADW runs as follows, no malware was found 

 

# AdwCleaner v5.201 - Logfile created 28/07/2016 at 13:12:46
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.1 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Steven - LCARS
# Running from : C:\Users\Steven\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2685 bytes] - [27/07/2016 15:48:00]
C:\AdwCleaner\AdwCleaner[C2].txt - [1445 bytes] - [28/07/2016 08:53:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [2591 bytes] - [27/07/2016 15:47:15]
C:\AdwCleaner\AdwCleaner[S2].txt - [1265 bytes] - [28/07/2016 08:51:43]
C:\AdwCleaner\AdwCleaner[S3].txt - [909 bytes] - [28/07/2016 13:12:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [981 bytes] ##########
 
Windows firewall looks to be running,Malware was disabled while i am running safe mode. New MBAM log with root kit on is as follows 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/28/2016
Scan Time: 1:10 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.28.03
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Steven
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 284343
Time Elapsed: 6 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:33 AM

Posted 28 July 2016 - 12:48 PM

In order to enable the changes for Malware Protection, Malicious Website Protection, and Self-protection on Malwarebytes you need to click on Settings.  You will see an image like the one below.

 

malware%20settings_zpsixkea5sd.png


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 28 July 2016 - 12:51 PM

Looks okay. I see you ran a Threat Scan rather than a Custom scan. A simple Threat Scan probably will not come up with anything. Please run a Custom Scan. How to run it:

 

1. Open Malwarebytes.

 

2. On the top, click "Scan".

 

3. Choose "Custom Scan".

 

4. Checkmark all of the drives on your computer.

 

5. Enable Scanning Rootkits.

 

When the scan is finished, post the log.

 

-- Other things to try (Complete in order) Stop if the expected outcome doesn't occur --

 

  • What is your current Google Chrome homepage? If it is not google or google related, change it to google.com.
  • Have you checked your Chrome extensions and installed Adblock Plus as instructed? If not, please do so.
  • Clear your browser history or run CCleaner (Get the Professional Trial). Download link: https://www.piriform.com/ccleaner/download
  • Restart the computer out of safe mode and attempt to duplicate the issue. Let me know what happens.

Let me know the results.

 

Happy Surfing!


Edited by Ant_Teh_Nee, 28 July 2016 - 12:52 PM.


#10 Sharkb0y24

Sharkb0y24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 28 July 2016 - 02:47 PM

Did a system restore and got function of Internet explorer, chrome and firefox is still somewhat trashed. MBAM is still giving me the same thing, must have ran it 20 times since I woke up this morning. What I don't understand is how is this thing hiding from every scanner out there. One or two is somewhat ok but 4 or 5 is too much. Its a simple browser hijacker yet seemingly impossible to get rid of



#11 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 28 July 2016 - 02:52 PM

Not sure what else I can do here, but I have one more trick up my sleeve.

 

Install Hitman Pro. This should remove any stubborn files. Download link: http://www.bleepingcomputer.com/download/hitmanpro/

 

This thing will kill almost anything it even THINKS could be bad.

 

Happy Surfing!


Edited by Ant_Teh_Nee, 28 July 2016 - 02:56 PM.


#12 Sharkb0y24

Sharkb0y24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 28 July 2016 - 03:06 PM

Awesome, finally a scanner that tells me what i know. Ill update tommorow and let you know if the problem is solved. Looked like two trojans and a ton of cookies. Thanks m8



#13 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 28 July 2016 - 03:11 PM

What was the name of the Trojan it found? I want to post a thread about it so antiviruses pick it up.

 

Also, no problem! I'm always glad to help!

 

Happy Surfing!


Edited by Ant_Teh_Nee, 28 July 2016 - 03:15 PM.


#14 Sharkb0y24

Sharkb0y24
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 28 July 2016 - 03:15 PM

HitmanPro 3.7.14.265
www.hitmanpro.com
 
   Computer name . . . . : LCARS
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : LCARS\Steven
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2016-07-28 16:00:27
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
 
   Threats . . . . . . . : 5
   Traces  . . . . . . . : 91
 
   Objects scanned . . . : 1,189,863
   Files scanned . . . . : 23,761
   Remnants scanned  . . : 237,015 files / 929,087 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe -> Quarantined
      Size . . . . . . . : 2,499,742 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 4A7457731775502A6C696FA102571F7CE0EBC9C3A9DE01DAADBA9F31A08CEDF7
      Product  . . . . . : Setup Factory Runtime
      Description  . . . : Setup Application
      Version  . . . . . : 9.5.0.0
      Copyright  . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.euew
      Fuzzy  . . . . . . : 111.0
      Forensic Cluster
         -7.6s C:\Users\Steven\AppData\Local\Temp\ads.exe
         -0.6s C:\Users\Steven\AppData\Local\Temp\appstart.exe
         -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
         -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
          0.0s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
          0.8s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          0.8s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          4.3s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\Temp\appstart.exe -> Quarantined
      Size . . . . . . . : 5,236,472 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:20)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 218714F222C5099DEE7E5DD3C7C7286CDA23EAD30C39D22E0D2A63A7E3C6E5F4
      Product  . . . . . : Setup Factory Runtime
      Description  . . . : Setup Application
      Version  . . . . . : 9.5.0.0
      Copyright  . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.euew
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
         -7.0s C:\Users\Steven\AppData\Local\Temp\ads.exe
          0.0s C:\Users\Steven\AppData\Local\Temp\appstart.exe
          0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
          0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
          0.6s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
          1.4s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          1.4s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          4.9s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe -> Deleted
      Size . . . . . . . : 514,048 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:21)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 182075DC0DDB6B345CAD7695E9B55B5565314F5296BDEF65CFB986BFBABA3170
    > Bitdefender  . . . : Trojan.Agent.BWKB
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -8.4s C:\Users\Steven\AppData\Local\Temp\ads.exe
         -1.4s C:\Users\Steven\AppData\Local\Temp\appstart.exe
         -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
         -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
         -0.8s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
         -0.0s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          0.0s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          3.5s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe -> Quarantined
      Size . . . . . . . : 378,880 bytes
      Age  . . . . . . . : 18.1 days (2016-07-10 13:59:56)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : AA40E64435087BADE85CE96E268A920CCEFE7ED53F2E6418CA1891C6C2266508
    > Bitdefender  . . . : Gen:Variant.Adware.Symmi.66748
      Fuzzy  . . . . . . : 109.0
      Startup
         C:\Windows\system32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}
      Forensic Cluster
         -24.0s C:\Program Files\DAEMON Tools Lite\
         -24.0s C:\Program Files\DAEMON Tools Lite\DTAgent.exe
         -23.8s C:\Program Files\DAEMON Tools Lite\DTLauncher.exe
         -23.8s C:\Program Files\DAEMON Tools Lite\Engine.dll
         -23.5s C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
         -23.3s C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
         -23.2s C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
         -23.2s C:\Program Files\DAEMON Tools Lite\DTHelper.exe
         -23.2s C:\Program Files\DAEMON Tools Lite\imgengine.dll
         -23.1s C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
         -23.1s C:\Program Files\DAEMON Tools Lite\sptdintf.dll
         -23.1s C:\Program Files\DAEMON Tools Lite\DTLite.exe
         -22.9s C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
         -22.9s C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
         -22.9s C:\Program Files\DAEMON Tools Lite\Extractor.exe
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\
         -22.4s C:\Program Files\DAEMON Tools Lite\Profiles.ini
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\uninst.exe
         -21.3s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BGR.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BIH.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHS.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHT.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CSY.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\DEU.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ESN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FIN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FRA.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HEB.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HUN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HYE.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\IND.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\ITA.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\JPN.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PLK.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PTB.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\RUS.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SRL.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SVE.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\TRK.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\UKR.dll
         -21.2s C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
         -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\
         -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.cat
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.inf
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.sys
         -21.1s C:\Windows\System32\drivers\dtlitescsibus.sys
         -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\
         -18.5s C:\Windows\Inf\oem7.inf
         -18.5s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.cat
         -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.PNF
         -18.5s C:\Windows\Inf\oem7.PNF
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.sys
         -18.4s C:\Windows\System32\drivers\dtliteusbbus.sys
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.inf
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.cat
         -18.3s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\
         -18.3s C:\Windows\Inf\oem8.inf
         -18.3s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.cat
         -18.2s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.PNF
         -18.2s C:\Windows\Inf\oem8.PNF
         -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\
         -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini
         -15.9s C:\Windows\Prefetch\DTAGENT.EXE-464D25E0.pf
         -15.2s C:\Users\Steven\AppData\LocalLow\Microsoft\Internet Explorer\Services\winsearch.ico
         -15.0s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
         -15.0s C:\Windows\System32\GroupPolicy\Machine\
         -15.0s C:\Windows\System32\GroupPolicy\User\
         -15.0s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
         -15.0s C:\Windows\System32\GroupPolicy\GPT.INI
         -14.9s C:\ProgramData\ntuser.pol
         -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\
         -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\info.dat
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\ledo
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\nifa.txt
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat1
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat2
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\tolido
         -10.6s C:\Users\Public\Documents\Daemon Tools Images\
         -9.7s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\IconsCache\
          0.0s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe
          0.7s C:\Windows\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}.job
          0.7s C:\Windows\System32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}
          0.7s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\config.dat
          2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx
          2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx
 
   C:\Users\Steven\Downloads\[R.G. Mechanics] Bioshock 2\setup.exe -> Quarantined
      Size . . . . . . . : 2,141,964 bytes
      Age  . . . . . . . : 4.3 days (2016-07-24 09:53:03)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1D216480B0FBC1F04CE2EFB90AD1FE02D06B2B95F7CD801F19ED325D9B5B2A5A
      Product  . . . . . : BioShock 2                                                  
      Publisher  . . . . : tapochek.net                                                
      Description  . . . : BioShock 2                                                  
      Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.Generic.15073150
      Fuzzy  . . . . . . : 110.0
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
   HKU\S-1-5-21-3332964688-1481943379-240360241-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
 
Cookies _____________________________________________________________________
 
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:as.sexad.net
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhublive.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornhub.com
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\06S4J44R.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\08O15D5T.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\0DWKKW3E.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\12B82KEQ.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\14UR2U88.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\2WOIT99D.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\3GUO7CQ8.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\3IFRJGTP.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\4A9W657X.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\5WEE1HOD.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\6C28YCS2.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\6T3O706X.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\758ZNQD4.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\79L0D28O.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\7NDY8CR7.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\7XABB1BS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\876VF9UN.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\8BGN1BAQ.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\8K6IY5JM.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\8XRT0YQ1.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\96NTRTD8.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\9COABMQS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\9LK25V3I.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\9METL30K.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\BMK22CIS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\BX3LALO3.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\D8YY9XL6.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\DTBWXW5P.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\F2E8E2R9.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\G0EA05FA.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\GH7AYH9R.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\H81T6D3J.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\HTWZI805.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\HW5I198L.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\HZADQ5BX.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\IJCTKZQE.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\IT4OI6IX.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\IYKITARG.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\JAM9S12B.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\JU2OTFUS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\JY1QQTRN.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\K2HLNY0N.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\L7VE2K23.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\Low\D4J1EIP3.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\Low\IL5DZZO5.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\M2KRCT86.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\MH96M6HB.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\MN9CM8T3.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\NVXEQHR8.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\OIXR8Y2A.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\OWB950QP.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\PQ46V248.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\PX4F0YA7.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\Q2SQMJK4.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\SMBQQU9H.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\T019NR05.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\U55N6A2K.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\UHH4NVYO.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\UNMGOKLZ.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\UWXSF3FC.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\V1GH37I3.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\WJRH8OZS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\WU1RZ05B.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\WV37YT2V.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\WVQ9YE8V.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\X90ZWI1X.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\XUC33KYD.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\XXRBSFD5.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\YNFUO3P7.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\YTLH4IYY.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\YV49MTTE.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\ZZS2BOS4.txt
   C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\fg648dwi.default\cookies.sqlite:pornhub.com
 
 
HitmanPro 3.7.14.265
www.hitmanpro.com
 
   Computer name . . . . : LCARS
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : LCARS\Steven
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2016-07-28 16:00:27
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
 
   Threats . . . . . . . : 5
   Traces  . . . . . . . : 91
 
   Objects scanned . . . : 1,189,863
   Files scanned . . . . : 23,761
   Remnants scanned  . . : 237,015 files / 929,087 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe -> Quarantined
      Size . . . . . . . : 2,499,742 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 4A7457731775502A6C696FA102571F7CE0EBC9C3A9DE01DAADBA9F31A08CEDF7
      Product  . . . . . : Setup Factory Runtime
      Description  . . . : Setup Application
      Version  . . . . . : 9.5.0.0
      Copyright  . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.euew
      Fuzzy  . . . . . . : 111.0
      Forensic Cluster
         -7.6s C:\Users\Steven\AppData\Local\Temp\ads.exe
         -0.6s C:\Users\Steven\AppData\Local\Temp\appstart.exe
         -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
         -0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
          0.0s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
          0.8s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          0.8s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          0.9s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          4.3s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\Temp\appstart.exe -> Quarantined
      Size . . . . . . . : 5,236,472 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:20)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 218714F222C5099DEE7E5DD3C7C7286CDA23EAD30C39D22E0D2A63A7E3C6E5F4
      Product  . . . . . : Setup Factory Runtime
      Description  . . . : Setup Application
      Version  . . . . . : 9.5.0.0
      Copyright  . . . . : Setup Engine Copyright © 2004-2015 Indigo Rose Corporation
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.euew
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
         -7.0s C:\Users\Steven\AppData\Local\Temp\ads.exe
          0.0s C:\Users\Steven\AppData\Local\Temp\appstart.exe
          0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
          0.3s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
          0.6s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
          1.4s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          1.4s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          1.5s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          4.9s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe -> Deleted
      Size . . . . . . . : 514,048 bytes
      Age  . . . . . . . : 5.9 days (2016-07-22 17:57:21)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 182075DC0DDB6B345CAD7695E9B55B5565314F5296BDEF65CFB986BFBABA3170
    > Bitdefender  . . . : Trojan.Agent.BWKB
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -8.4s C:\Users\Steven\AppData\Local\Temp\ads.exe
         -1.4s C:\Users\Steven\AppData\Local\Temp\appstart.exe
         -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
         -1.1s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
         -0.8s C:\Users\Steven\AppData\Local\Temp\_ir_sf_temp_2\after.exe
         -0.0s C:\Users\Steven\AppData\Local\Temp\dxdiag.exe
          0.0s C:\Users\Steven\AppData\Local\Temp\CodecFixDivx.exe
          0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.data
          0.1s C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine\3882897648.quar
          3.5s C:\Users\Steven\AppData\Local\Temp\180563750\ic-0.8f5c1633f5964.exe
 
   C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe -> Quarantined
      Size . . . . . . . : 378,880 bytes
      Age  . . . . . . . : 18.1 days (2016-07-10 13:59:56)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : AA40E64435087BADE85CE96E268A920CCEFE7ED53F2E6418CA1891C6C2266508
    > Bitdefender  . . . : Gen:Variant.Adware.Symmi.66748
      Fuzzy  . . . . . . : 109.0
      Startup
         C:\Windows\system32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}
      Forensic Cluster
         -24.0s C:\Program Files\DAEMON Tools Lite\
         -24.0s C:\Program Files\DAEMON Tools Lite\DTAgent.exe
         -23.8s C:\Program Files\DAEMON Tools Lite\DTLauncher.exe
         -23.8s C:\Program Files\DAEMON Tools Lite\Engine.dll
         -23.5s C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
         -23.3s C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
         -23.2s C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
         -23.2s C:\Program Files\DAEMON Tools Lite\DTHelper.exe
         -23.2s C:\Program Files\DAEMON Tools Lite\imgengine.dll
         -23.1s C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
         -23.1s C:\Program Files\DAEMON Tools Lite\sptdintf.dll
         -23.1s C:\Program Files\DAEMON Tools Lite\DTLite.exe
         -22.9s C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
         -22.9s C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
         -22.9s C:\Program Files\DAEMON Tools Lite\Extractor.exe
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\
         -22.4s C:\Program Files\DAEMON Tools Lite\Profiles.ini
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
         -22.4s C:\Program Files\DAEMON Tools Lite\uninst.exe
         -21.3s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BGR.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\BIH.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHS.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CHT.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\CSY.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\DEU.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\ESN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FIN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\FRA.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HEB.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HUN.dll
         -21.3s C:\Program Files\DAEMON Tools Lite\Lang\HYE.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\IND.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\ITA.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\JPN.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PLK.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\PTB.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\RUS.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SRL.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\SVE.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\TRK.dll
         -21.2s C:\Program Files\DAEMON Tools Lite\Lang\UKR.dll
         -21.2s C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
         -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\
         -21.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf
         -21.1s C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.cat
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.inf
         -21.1s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.sys
         -21.1s C:\Windows\System32\drivers\dtlitescsibus.sys
         -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\
         -18.5s C:\Windows\Inf\oem7.inf
         -18.5s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.cat
         -18.5s C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_a0cc27bc19a57edc\dtlitescsibus.PNF
         -18.5s C:\Windows\Inf\oem7.PNF
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.sys
         -18.4s C:\Windows\System32\drivers\dtliteusbbus.sys
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.inf
         -18.4s C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat
         -18.4s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.cat
         -18.3s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\
         -18.3s C:\Windows\Inf\oem8.inf
         -18.3s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.cat
         -18.2s C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_eeb3514d1bc76a40\dtliteusbbus.PNF
         -18.2s C:\Windows\Inf\oem8.PNF
         -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\
         -16.9s C:\Users\Steven\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini
         -15.9s C:\Windows\Prefetch\DTAGENT.EXE-464D25E0.pf
         -15.2s C:\Users\Steven\AppData\LocalLow\Microsoft\Internet Explorer\Services\winsearch.ico
         -15.0s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
         -15.0s C:\Windows\System32\GroupPolicy\Machine\
         -15.0s C:\Windows\System32\GroupPolicy\User\
         -15.0s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
         -15.0s C:\Windows\System32\GroupPolicy\GPT.INI
         -14.9s C:\ProgramData\ntuser.pol
         -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\
         -13.5s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\info.dat
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\ledo
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\nifa.txt
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat1
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\hdat2
         -13.3s C:\ProgramData\{4FE08A83-C5A2-0045-4364-9E07D92615C9}\tolido
         -10.6s C:\Users\Public\Documents\Daemon Tools Images\
         -9.7s C:\Users\Steven\AppData\Roaming\DAEMON Tools Lite\IconsCache\
          0.0s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\productupdate.exe
          0.7s C:\Windows\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}.job
          0.7s C:\Windows\System32\Tasks\{18D0E60F-C668-315A-6353-70ECD95D1F49}
          0.7s C:\Users\Steven\AppData\Local\{26FF1044-03AD-7D32-689B-5AE0B449A7DE}\config.dat
          2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx
          2.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx
 
   C:\Users\Steven\Downloads\[R.G. Mechanics] Bioshock 2\setup.exe -> Quarantined
      Size . . . . . . . : 2,141,964 bytes
      Age  . . . . . . . : 4.3 days (2016-07-24 09:53:03)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1D216480B0FBC1F04CE2EFB90AD1FE02D06B2B95F7CD801F19ED325D9B5B2A5A
      Product  . . . . . : BioShock 2                                                  
      Publisher  . . . . : tapochek.net                                                
      Description  . . . : BioShock 2                                                  
      Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.Generic.15073150
      Fuzzy  . . . . . . : 110.0
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
   HKU\S-1-5-21-3332964688-1481943379-240360241-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
 
Cookies _____________________________________________________________________
 
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:as.sexad.net
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhublive.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornhub.com
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\06S4J44R.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\08O15D5T.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\0DWKKW3E.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\12B82KEQ.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\14UR2U88.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\2WOIT99D.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\3GUO7CQ8.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\3IFRJGTP.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\4A9W657X.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\5WEE1HOD.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\6C28YCS2.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\6T3O706X.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\758ZNQD4.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\79L0D28O.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\7NDY8CR7.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\7XABB1BS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\876VF9UN.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\8BGN1BAQ.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\8K6IY5JM.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\8XRT0YQ1.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\96NTRTD8.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\9COABMQS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\9LK25V3I.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\9METL30K.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\BMK22CIS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\BX3LALO3.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\D8YY9XL6.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\DTBWXW5P.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\F2E8E2R9.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\G0EA05FA.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\GH7AYH9R.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\H81T6D3J.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\HTWZI805.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\HW5I198L.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\HZADQ5BX.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\IJCTKZQE.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\IT4OI6IX.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\IYKITARG.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\JAM9S12B.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\JU2OTFUS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\JY1QQTRN.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\K2HLNY0N.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\L7VE2K23.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\Low\D4J1EIP3.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\Low\IL5DZZO5.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\M2KRCT86.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\MH96M6HB.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\MN9CM8T3.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\NVXEQHR8.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\OIXR8Y2A.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\OWB950QP.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\PQ46V248.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\PX4F0YA7.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\Q2SQMJK4.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\SMBQQU9H.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\T019NR05.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\U55N6A2K.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\UHH4NVYO.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\UNMGOKLZ.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\UWXSF3FC.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\V1GH37I3.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\WJRH8OZS.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\WU1RZ05B.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\WV37YT2V.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\WVQ9YE8V.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\X90ZWI1X.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\XUC33KYD.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\XXRBSFD5.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\YNFUO3P7.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\YTLH4IYY.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\YV49MTTE.txt
   C:\Users\Steven\AppData\Local\Microsoft\Windows\INetCookies\ZZS2BOS4.txt
  
 
 
P.S I am not a pornhub sex rail member  :hysterical:
 


#15 Ant_Teh_Nee

Ant_Teh_Nee

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 28 July 2016 - 03:42 PM

"C:\Users\Steven\Downloads\[R.G. Mechanics] Bioshock 2\setup.exe -> Quarantined
      Size . . . . . . . : 2,141,964 bytes
     
Age  . . . . . . . : 4.3 days (2016-07-24 09:53:03)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1D216480B0FBC1F04CE2EFB90AD1FE02D06B2B95F7CD801F19ED325D9B5B2A5A
      Product  . . . . . : BioShock 2                                                  
     
Publisher  . . . . : tapochek.net                                                
     
Description  . . . : BioShock 2                                                  
     
Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.Generic.15073150
      Fuzzy  . . . . . . : 110.0"

 

Welp, this is what the source likely was... A fake Bioshock Infinite 2 installer... LMAO Posting this on the Malwarebytes forums now. Surprised that they never picked this up.
 


Edited by Ant_Teh_Nee, 28 July 2016 - 03:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users