Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Pop-ups-- Again!


  • Please log in to reply
16 replies to this topic

#1 flamingporu

flamingporu

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 28 February 2017 - 10:32 AM

amulec.png
PC v21.png

Hello BC,

 

I made a post about this a few weeks ago:

 

https://www.bleepingcomputer.com/forums/t/638018/random-software-downloads-and-browser-pop-ups/

 

Recently, a few days ago, random installations have been ongoing again and new software popped up. See attached file and my browser's home page have changed again...

 

Security Check:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 YAC(Yet Another Cleaner!)   
 Adobe Reader XI  
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````

Attached Files


Edited by flamingporu, 28 February 2017 - 11:02 AM.


BC AdBot (Login to Remove)

 


#2 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 28 February 2017 - 11:00 AM

Please also check this amulec program installed... :(
 
 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Santos on Tue 02/28/2017 at 23:41:10.90.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Santos\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2017-01-22-221526.log 31817 bytes
C:\zoek-results2017-02-28-153427.log 556 bytes
 
==== System Restore Info ======================
 
2/28/2017 11:41:50 PM Zoek.exe System Restore Point Created Successfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default\prefs.js:
 
Added to C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Deleting Files \ Folders ======================
 
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Tencent deleted
C:\PROGRA~3\search deleted
C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default\searchplugins\searchinme.xml deleted
"C:\Windows\Installer\1832e8.msi" deleted
"C:\Users\Santos\AppData\Roaming\WinSAPSvc\WinSAP.dll" deleted
"C:\Users\Santos\AppData\Roaming\WinSnare\WinSnare.dll" deleted
"C:\Users\Santos\AppData\Roaming\WinSAPSvc" not deleted
"C:\Users\Santos\AppData\Roaming\WinSnare" not deleted
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Santos\AppData\Local\Temp ====
2017-02-28 12:42:27 FAD10E08538671207502F7E569C7C093 97912 ----a-w- C:\Users\Santos\AppData\Local\Temp\PH_patch_20170209to20170228.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2017-02-28 12:49:19 FAB2EBA07369BF3C6DB33469B5B36FCB 55056 ----a-w- C:\Windows\Sysnative\drivers\iSafeKrnlBoot.sys
2017-02-28 12:49:19 9FB02FBA90F6AF59537A30C3DB9777C8 52392 ----a-w- C:\Windows\Sysnative\drivers\iSafeNetFilter.sys
====== C:\Windows\Tasks ======
2017-02-24 13:59:15 F0BB50A713D1FFC5727171BB59562B13 3580 ----a-w- C:\Windows\Sysnative\Tasks\Milimili
2017-02-05 12:13:42 A92E44EDDFA56861F6CFE3217B830A6D 3890 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-05 12:13:42 8ED0101F39C4E5D8C91091583D3EB417 892 ----a-w- C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-05 10:48:25 A79689D22D5F7F677F2EDC2B47582273 3202 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2017-02-05 10:48:25 0AC789FE20EA39A966B66F0A31FA2CFA 3330 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2017-01-31 12:13:05 5EC16A93D8FAB0B1EC9F62F6AFA8C342 4966 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for Santos-PC-Santos Santos-PC
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2017-02-28 12:49:26 -------- d-----w- C:\PROGRA~2\WinSnare(4.1.9)
2017-02-28 12:49:19 -------- d-----w- C:\PROGRA~2\Explorer
2017-02-28 12:49:14 -------- d-----w- C:\PROGRA~2\Elex-tech
2017-02-28 12:48:06 -------- d---a-w- C:\PROGRA~2\Firefox
2017-02-28 12:45:14 40 ----a-w- C:\PROGRA~2\settings.dat
2017-02-28 12:45:14 13834 ----a-w- C:\PROGRA~2\metadata
2017-02-28 12:45:14 -------- d-----w- C:\PROGRA~2\reports
2017-02-28 12:44:56 -------- d-----w- C:\PROGRA~2\Ballcine
2017-02-27 12:23:42 -------- d-----w- C:\PROGRA~2\amuleCexx
2017-02-24 13:59:15 -------- d-----w- C:\PROGRA~2\MIO
2017-02-05 10:48:23 -------- d-----w- C:\PROGRA~2\Google
======= C: =====
====== C:\Users\Santos\AppData\Roaming ======
2017-02-28 12:49:13 -------- d-----w- C:\Users\Santos\AppData\Roaming\Elex-tech
2017-02-28 12:48:16 -------- d-----w- C:\Users\Santos\AppData\Locallow\Mozilla
2017-02-28 12:48:15 -------- d-----w- C:\Users\Santos\AppData\Roaming\Mozilla
2017-02-28 12:48:15 -------- d-----w- C:\Users\Santos\AppData\Roaming\Firefox
2017-02-28 12:48:15 -------- d-----w- C:\Users\Santos\AppData\Local\Firefox
2017-02-28 12:45:06 -------- d-----w- C:\Users\Santos\AppData\Local\Ballcine
2017-02-27 12:23:43 -------- d-----w- C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-02-27 12:23:42 -------- d-----w- C:\Users\Santos\AppData\Roaming\aMule
2017-02-24 13:59:31 -------- d-----w- C:\Users\Santos\AppData\Roaming\WinSAPSvc
2017-02-24 13:59:29 -------- d-----w- C:\Users\Santos\AppData\Roaming\WinSnare
2017-02-09 12:47:10 -------- d-----w- C:\Users\Santos\AppData\Local\ElevatedDiagnostics
====== C:\Users\Santos ======
2017-02-28 15:40:09 -------- d-----w- C:\ProgramData\IDM
2017-02-28 12:45:00 -------- d-----w- C:\ProgramData\Apple
 
====== C: exe-files ==
2017-02-28 12:49:20 FCB358973491095D026BB289EA5CC75A 115712 ----a-w- C:\Program Files (x86)\Explorer\ielowutil.exe
2017-02-28 12:49:20 C613E69C3B191BB02C7A191741A1D024 673040 ----a-w- C:\Program Files (x86)\Explorer\iexplore.exe
2017-02-28 12:49:20 977FDB8B4E2F0694EEC664DAA6F0AFD3 373248 ----a-w- C:\Program Files (x86)\Explorer\ieinstal.exe
2017-02-28 12:49:20 57115BC35E97829148C92DBF3005983D 55992 ----a-w- C:\Program Files (x86)\Explorer\iedvutils.exe
2017-02-28 12:49:20 2C757C9F27BD5E2460223B014DDD9FE1 1790136 ----a-w- C:\Program Files (x86)\Explorer\iehelper.exe
2017-02-28 12:49:19 76B39554938CABCC219C7471ADAF3135 145408 ----a-w- C:\Program Files (x86)\Explorer\ExtExport.exe
2017-02-28 12:49:18 ED1FF139AFD82CB4500B6511C05DE5E1 131024 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
2017-02-28 12:49:18 EC7210A6E0806CFDE79565952F3E84CC 290936 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
2017-02-28 12:49:18 EBBC91C4D1ED22AB09D15B5BD1A94B2F 890584 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe
2017-02-28 12:49:18 971B480A59B71A95DED19CA00D1AD14C 1081664 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe
2017-02-28 12:49:18 85A50FBB5C136A470BA2DEB914F39F3F 618304 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe
2017-02-28 12:49:18 77CD6E2F4E556E20CEFCA7C4D4A5EDFF 394264 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\bugreport.exe
2017-02-28 12:49:18 6FEA419122DCFABD79A17FC6C9FFB0A6 131024 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
2017-02-28 12:49:18 4821C7F93001D0C12EFB5E1A0BE3CE3C 314216 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iStart.exe
2017-02-28 12:49:18 4617EAF2CA20C96A8F58A6060472FC35 427000 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
2017-02-28 12:49:18 26F05E0B2506240FCCA50CB2B2B87017 473864 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp64.exe
2017-02-28 12:49:18 26D4DF5073053C4CF1E051F27D0290EB 459672 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeTHlp.exe
2017-02-28 12:49:18 17F1E581372B6DAE1C7C7C3FFBEBB5F5 308744 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeBugReport.exe
2017-02-28 12:48:30 42A08A901EEB0A7ECD579A6ED0AC6E92 14680605 ----a-w- C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLIHVL13\dat0221[1].exe
2017-02-28 12:48:10 F454E81F5C53EB0DC81AEDF8F9A35D82 316088 ----a-w- C:\Program Files (x86)\Firefox\updater.exe
2017-02-28 12:48:10 E0083F7F0F16A81AA6C14775435717EE 871072 ----a-w- C:\Program Files (x86)\Firefox\uninstall\helper.exe
2017-02-28 12:48:10 DD08572782AA2FC1B3A1FC7F272C6C5F 163512 ----a-w- C:\Program Files (x86)\Firefox\plugin-container.exe
2017-02-28 12:48:10 B9BE83B5B6103F594DF9DC58587EE424 97976 ----a-w- C:\Program Files (x86)\Firefox\wow_helper.exe
2017-02-28 12:48:10 B1EC95295B1510BD22D4B7DB1BB6AA5A 154680 ----a-w- C:\Program Files (x86)\Firefox\maintenanceservice_installer.exe
2017-02-28 12:48:10 AEFD0C4D458ECC95BD53098C6B6F3F9B 167600 ----a-w- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
2017-02-28 12:48:10 AB1A99A19388D509FAE66BBCDEE01FE9 169144 ----a-w- C:\Program Files (x86)\Firefox\maintenanceservice.exe
2017-02-28 12:48:10 835445546684DF854241CB583B92046C 29368 ----a-w- C:\Program Files (x86)\Firefox\plugin-hang-ui.exe
2017-02-28 12:48:10 7A0F21CF1404EE03EBE5BE0D1DA99AC6 503480 ----a-w- C:\Program Files (x86)\Firefox\Firefox.exe
2017-02-28 12:48:10 566200E0E8F310ECA82145A4CADABFBB 118456 ----a-w- C:\Program Files (x86)\Firefox\crashreporter.exe
2017-02-28 12:45:49 451D04F610865B0DC54ECF5BD4CE3516 2326520 ----a-w- C:\Users\Santos\AppData\Local\Ballcine\User Data\SwReporter\16.92.2\software_reporter_tool.exe
2017-02-28 12:44:59 38372AA4CC9FBD0EB7A26FC7B5F24562 945496 ----a-w- C:\Program Files (x86)\Ballcine\Application\chrome.exe
2017-02-28 12:42:27 FAD10E08538671207502F7E569C7C093 97912 ----a-w- C:\Users\Santos\AppData\Local\Temp\PH_patch_20170209to20170228.exe
2017-02-27 12:23:43 80815E9C29BE6E7918742D04D5FBA292 32606 ----a-r- C:\Users\Santos\AppData\Roaming\Microsoft\Installer\{B2EFFD4E-D098-4845-9D56-DE75BEB35913}\_9B1E6F016DEEE0208E2D5B.exe
2017-02-27 12:22:59 7B49A618C2CB8F835CBE1FEAC8BE1B77 10376704 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZQ4LFX4\Updater_zip_res20170227_newmm[1].exe
2017-02-24 13:59:15 41E928AF129C0583D2EB8C13A6CAEE64 331368 ----a-w- C:\Program Files (x86)\MIO\MIO.exe
2017-02-24 10:08:15 578AE25AA5CEFCF7170F9E3A4FE10EE2 62365 ----a-w- C:\ProgramData\GarenaMessenger\update\12693\gtv\GarenaTV.exe
2017-02-24 10:08:15 141B1933B69ACE22AF1B3DC9B87BB244 223711 ----a-w- C:\ProgramData\GarenaMessenger\update\12693\gtv\CrashReporter.exe
2017-02-22 02:41:24 9AF1FE1900645B7347BDFECFFF53E3CC 5357568 ----a-w- C:\Program Files (x86)\amuleCexx\aMule.exe
2017-02-22 02:40:20 A967803931F33A564F76136C7C0334B1 238592 ----a-w- C:\Program Files (x86)\amuleCexx\ed2k.exe
=== C: other files ==
2017-02-28 15:41:30 90A594537C3731C9A3AB3B540868B60B 346 ----a-w- C:\Users\Santos\AppData\Local\Temp\drives.vbs
2017-02-28 12:49:19 FAB2EBA07369BF3C6DB33469B5B36FCB 55056 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2017-02-28 12:49:19 9FB02FBA90F6AF59537A30C3DB9777C8 52392 ----a-w- C:\Windows\System32\drivers\iSafeNetFilter.sys
2017-02-28 12:49:18 FAB2EBA07369BF3C6DB33469B5B36FCB 55056 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlBoot.sys
2017-02-28 12:49:18 C7129E801982BC831831D2F6DD6FCE8B 103904 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
2017-02-28 12:49:18 A22E4FC5E5A801DAAE7978F87059CC9F 52440 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys
2017-02-28 12:49:18 9FB02FBA90F6AF59537A30C3DB9777C8 52392 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys
2017-02-28 12:49:18 5E07045CEAE146804475434227649883 262344 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
2017-02-28 12:49:18 406D4425ECFD7BAAFA0E700F7A2E64FD 110112 ----a-w- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
2017-02-28 12:48:20 33D89A6B41166A1A16F6785D7D5185C6 2673 ----a-w- C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi
2017-02-28 12:48:10 BC9B41556EFAC8D2E075F23631425D1E 4703 ----a-w- C:\Program Files (x86)\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
2017-02-28 12:48:10 A12DF9B48DD696ED42A83305B02C0911 2690 ----a-w- C:\Program Files (x86)\Firefox\browser\features\aushelper@mozilla.org.xpi
2017-02-28 12:48:10 785055FB707726C7746B66F02C410A38 3089 ----a-w- C:\Program Files (x86)\Firefox\browser\features\e10srollout@mozilla.org.xpi
2017-02-28 12:48:10 74A2651AEDCB4A5C52190C8D8AECCB32 1091 ----a-w- C:\Program Files (x86)\Firefox\browser\features\webcompat@mozilla.org.xpi
2017-02-28 12:48:10 2B4CA8E0E9F2BEEF2CDB87A63C3CF4EE 680391 ----a-w- C:\Program Files (x86)\Firefox\browser\features\firefox@getpocket.com.xpi
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default
- Undetermined - %ProfilePath%\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[12/11/2016 03:25 AM]
 
Google Slides - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Chrome Adr - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik
Google Sheets - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Santos\AppData\Local\Ballcine\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Google Slides - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
IDM Integration Module - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Web Store Payments - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Santos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
UC Resource Hunter - Santos\AppData\Local\UCBrowser\User Data\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm
 
==== Chromium Fix ======================
 
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Local Storage\http_lyricstranslate.com_0.localstorage deleted successfully
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Local Storage\http_lyricstranslate.com_0.localstorage-journal deleted successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyricstranslate.com_0.localstorage deleted successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyricstranslate.com_0.localstorage-journal deleted successfully
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage deleted successfully
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage deleted successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://linkzb.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://linkzb.com"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Reset Google Chrome ======================
 
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Preferences was reset successfully
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Secure Preferences was reset successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Preferences will be reset at reboot
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences will be reset at reboot
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Web Data was reset successfully
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Web Data-journal was reset successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Uninstall List x64 ======================
 
Adobe Flash Player 24 PPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI]
Adobe Reader XI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
amuleC  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2EFFD4E-D098-4845-9D56-DE75BEB35913}]
CCleaner  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
Garena - League of Legends [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LoLPH]
Garena+  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\im]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
HP Deskjet Ink Adv 2060 K110 Basic Device Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}]
HP Deskjet Ink Adv 2060 K110 Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{261A4762-744B-4C71-81D2-57FA5038DC7B}]
HP Support Solutions Framework [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC3C2B77-6800-48C6-A15D-9D1031130C16}]
HP Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}]
Intel® Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Internet Download Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
Microsoft .NET Framework 4.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}]
Microsoft .NET Framework 4.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUS]
NVIDIA Control Panel 314.07 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel]
NVIDIA Graphics Driver 314.07 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver]
NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer]
NVIDIA Update 1.12.12 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update]
NVIDIA Update Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update]
WinRAR 5.40 beta 4 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
WinSnare  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DE621DA6-398E-4F4C-BD45-454F0272A7AF}]
YAC(Yet Another Cleaner) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6AD126EDE893C4F4DB5454F420277AFA deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DE621DA6-398E-4F4C-BD45-454F0272A7AF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6AD126EDE893C4F4DB5454F420277AFA deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Santos\AppData\Local\Ballcine\User Data\Default\Cache emptied successfully
C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Santos\AppData\Local\UCBrowser\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=25 folders=6 7427251 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Santos\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Santos\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Preferences" not found
"C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences" not found
"C:\Users\Santos\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Santos\AppData\Roaming\WinSAPSvc"  not found
"C:\Users\Santos\AppData\Roaming\WinSnare"  not found
 
==== EOF on Tue 02/28/2017 at 23:54:58.96 ======================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Santos (01-03-2017 00:01:43)
Running from C:\Users\Santos\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-01-01 09:00:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4063383439-142346386-2490566706-500 - Administrator - Disabled)
Guest (S-1-5-21-4063383439-142346386-2490566706-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4063383439-142346386-2490566706-1003 - Limited - Enabled)
Santos (S-1-5-21-4063383439-142346386-2490566706-1000 - Administrator - Enabled) => C:\Users\Santos
UpdatusUser (S-1-5-21-4063383439-142346386-2490566706-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
amuleC (HKLM-x32\...\{B2EFFD4E-D098-4845-9D56-DE75BEB35913}) (Version: 1.0.1 - amuleC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3006 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\...\ChromeHTML: -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.) <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {20A08542-AB86-4103-8D5C-8E9C539D88AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-05] (Google Inc.)
Task: {3CFE4941-6880-4901-94F1-137289B32328} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic 
Task: {488E0BC5-B40D-4446-B63E-A336CFA09524} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Santos-PC-Santos Santos-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {613247CF-7141-4365-86E9-2A7C3FF12BDF} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-12-27] ()
Task: {6BBC17F5-234C-4075-91D3-449E3933868D} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2016-12-28] ()
Task: {9E274B14-4DCE-476B-A1C3-405F68E3C9D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-02-05] (Adobe Systems Incorporated)
Task: {A86062D9-534A-48F5-878E-B37137AE1744} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C5A20AD8-E2AA-4192-960C-220C6D96B605} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E12F2D9E-FF5B-4A84-AA98-93724C52AAD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-05] (Google Inc.)
Task: {F2448782-ED59-42F5-8EB9-817189DD525F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-01-01 17:06 - 2013-02-10 09:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-28 20:49 - 2017-02-28 11:53 - 00055992 _____ () C:\Program Files (x86)\Explorer\iedvutils.exe
2013-02-22 17:59 - 2013-02-22 17:59 - 06523456 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-12-27 19:06 - 2016-12-27 19:06 - 00175096 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2009-01-01 17:16 - 2009-01-01 17:16 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2017-02-28 20:48 - 2017-02-28 11:29 - 00167600 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
2017-02-28 20:49 - 2016-05-23 10:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2017-02-28 20:49 - 2017-02-28 11:53 - 01779896 _____ () C:\Program Files (x86)\Explorer\iedvtoolex.dll
2017-02-28 20:49 - 2017-02-28 11:53 - 02177208 _____ () C:\Program Files (x86)\Explorer\WINNSI.DLL
2016-12-27 19:06 - 2017-02-03 18:17 - 03402744 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2017-02-28 20:44 - 2017-02-28 14:21 - 00114176 _____ () c:\programdata\apple\apple application support\support.dll
2017-02-28 20:49 - 2016-05-23 10:37 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2013-02-22 17:59 - 2013-02-22 17:59 - 06523472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-02-28 20:45 - 2017-02-01 17:01 - 01870168 _____ () C:\Program Files (x86)\Ballcine\Application\libglesv2.dll
2017-02-28 20:45 - 2017-02-01 17:01 - 00085848 _____ () C:\Program Files (x86)\Ballcine\Application\libegl.dll
2017-01-22 20:12 - 2017-01-22 20:12 - 00225792 ____H () C:\Program Files (x86)\Hewlett-Packard\HewlettPackardHewlettPackard.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3F00DE79-D4E3-4400-8A8F-EE0D647E8D22}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{287BE859-68C8-43AC-9E02-C7C15802C1E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{049089B8-0DD8-4440-9B3B-9CD4A180FD10}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0C094980-767D-42E1-B842-2B084C007D40}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E7E4AEF9-54A2-407E-ADDB-50FAF544D24B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8F5860F0-E236-4725-A017-8C4C3C5E7DCF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A18EA362-DF9C-4E14-9519-1C263168880A}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{39D47612-A852-44F8-805B-9CAF1D3387B3}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{833F98E7-73F2-4E5F-8DBA-6338F42B8B35}] => (Allow) D:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{E16A26B9-86BE-4DD5-BBFB-F29A50E115E6}] => (Allow) LPort=8370
FirewallRules: [{6344B179-4CB3-4039-A9B2-352ED2717091}] => (Allow) LPort=8370
FirewallRules: [{055A9FB5-A096-4A39-998E-377701810704}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{7ABD38CF-E83D-4413-B5B2-5DC12C9D8BFD}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{B6BE08F9-E767-492B-A01C-5D36ED37752A}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{9355E314-BE2F-4C8A-810F-F41108B5DAE5}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{E5A516A0-2534-4C47-A461-D0AC044B3875}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{568165E8-30AD-4A3C-8279-06DFBD4E7A69}] => (Allow) LPort=6971
FirewallRules: [{44D4F5BA-D38C-4EB2-BC7D-B55C894467BE}] => (Allow) LPort=6971
FirewallRules: [{381E4749-7101-461E-9CE6-36483DD51033}] => (Allow) LPort=6951
FirewallRules: [{C1A2D4C4-BEBF-4AC6-9E35-AF7C37A8FD8D}] => (Allow) LPort=6951
FirewallRules: [{F336FAF8-F830-4920-ABEB-4BD5FF166595}] => (Allow) LPort=6940
FirewallRules: [{B3EEF2F0-BA19-4754-B308-D9EE0255F9C1}] => (Allow) LPort=6940
FirewallRules: [{8060545D-A20B-4381-9BC3-13FC07FA4564}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{17C7543B-78C1-49A0-9F77-13659264718C}] => (Allow) LPort=6927
FirewallRules: [{41842D38-FDC0-4D13-9BE6-EA5098AE7438}] => (Allow) LPort=6927
FirewallRules: [{BAA3A04B-4173-4689-BE91-96DB71C11A8B}] => (Allow) LPort=6986
FirewallRules: [{E481B18A-7358-44CB-9C12-39DDF72051C8}] => (Allow) LPort=6986
FirewallRules: [{4BA245D6-3268-43C6-BF9A-B985D84A5B59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C76C7AEC-CE45-4F46-B371-E55E8C936687}] => (Allow) LPort=6901
FirewallRules: [{E2E266B6-8882-4BB2-BEE1-20BD6DB2713C}] => (Allow) LPort=6901
FirewallRules: [{56722716-B5A1-4C60-8064-D7F253B75EB2}] => (Allow) LPort=6932
FirewallRules: [{938519DF-DD46-42EF-916D-561B6B0B2292}] => (Allow) LPort=6932
FirewallRules: [{AA02A9DC-72BF-46A7-A05F-7135818035F4}] => (Allow) C:\Program Files (x86)\Ballcine\Application\chrome.exe
FirewallRules: [{C87B6C33-41A4-4BC3-A39D-14F2DB094721}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{6305885E-4FD3-4C54-8C3E-F1FE7FC8738F}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{B5303ACC-7E86-4074-9EA9-82E632CD971E}] => (Allow) LPort=8393
FirewallRules: [{4A50E4D1-C836-477A-B9C6-AF5CA94FCEEF}] => (Allow) LPort=8393
FirewallRules: [{83435A13-060F-4A10-95C5-14B920BBDE45}] => (Allow) LPort=8390
FirewallRules: [{CDD48DC7-E045-497E-B287-CBE9D6C86639}] => (Allow) LPort=8390
FirewallRules: [{26EF34A3-D1B4-4B6F-9C08-E905D559B93E}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{6EA0E002-A081-44C0-85FB-7F111A4377B4}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{AE5586B3-B6F5-45FE-B2A7-63F53DC01A14}] => (Allow) LPort=6916
FirewallRules: [{BB0915FB-A8CA-41A5-906B-CCE1E3565317}] => (Allow) LPort=6916
 
==================== Restore Points =========================
 
24-02-2017 22:28:55 Scheduled Checkpoint
28-02-2017 23:41:37 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2017 11:56:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 11:41:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 11:22:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 08:24:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 08:23:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/28/2017 08:23:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/27/2017 09:44:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/27/2017 08:24:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/27/2017 08:23:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/27/2017 08:23:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/28/2017 11:55:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinSnare service terminated with the following error: 
The specified module could not be found.
 
Error: (02/28/2017 11:55:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinSAPSvc service terminated with the following error: 
The specified module could not be found.
 
Error: (02/28/2017 11:50:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/28/2017 11:50:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/28/2017 11:50:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/28/2017 11:50:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/28/2017 11:50:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/28/2017 11:50:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/28/2017 11:50:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/28/2017 11:50:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-04 07:25:15.294
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-04 07:25:15.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-03 22:58:48.234
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-03 22:58:48.194
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-03 16:19:19.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-03 16:19:18.982
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-02 16:37:02.446
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-02 16:37:02.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-01 17:39:44.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-01 17:39:44.394
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 20%
Total physical RAM: 8143.78 MB
Available physical RAM: 6466.93 MB
Total Virtual: 16285.75 MB
Available Virtual: 14454.21 MB
 
==================== Drives ================================
 
Drive c: (O,S) (Fixed) (Total:49.92 GB) (Free:18.3 GB) NTFS
Drive d: (Files) (Fixed) (Total:415.74 GB) (Free:57.15 GB) NTFS
Drive e: (Backup) (Fixed) (Total:931.51 GB) (Free:916.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8D063F16)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

Edited by flamingporu, 28 February 2017 - 11:02 AM.


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 28 February 2017 - 03:14 PM

Hello flamingporu and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  
Please do the following.

 

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

 YAC(Yet Another Cleaner!)   ===>I do not recommend this software at all.
 Adobe Reader XI

aMuleC
Getting started

 

And PC restart now.

=======================================================

Step1:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step4:
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: Additional.txt
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Edited by olgun52, 28 February 2017 - 03:18 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 01 March 2017 - 08:46 AM

 
# AdwCleaner v6.043 - Logfile created 01/03/2017 at 21:41:46
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-28.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Santos - SANTOS-PC
# Running from : C:\Users\Santos\Desktop\adwcleaner_6.043.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Apple_Cfg
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\WinSnare(4.1.9)
[-] Folder deleted: C:\Users\Santos\AppData\Roaming\Zbshareware Lab
[-] Folder deleted: C:\Program Files (x86)\MIO
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Folder deleted: C:\Program Files (x86)\Firefox
[#] Folder deleted on reboot: C:\Program Files (x86)\MIO
[-] Folder deleted: C:\Program Files (x86)\reports
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\Program Files (x86)\settings.dat
[-] File deleted: C:\Users\Public\Documents\temp.dat
[-] File deleted: C:\Users\Public\Documents\report.dat
[-] File deleted: C:\ProgramData\APPLE\APPLE APPLICATION SUPPORT\SUPPORT.DLL
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: Milimili
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Key deleted: HKU\.DEFAULT\Software\UpgSvr
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\WinSnare
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\dlr
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\PopWnd
[-] Key deleted: HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\UpgSvr
[#] Key deleted on reboot: HKU\S-1-5-18\Software\UpgSvr
[#] Key deleted on reboot: HKCU\Software\WinSnare
[#] Key deleted on reboot: HKCU\Software\dlr
[#] Key deleted on reboot: HKCU\Software\PopWnd
[#] Key deleted on reboot: HKCU\Software\UpgSvr
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\amule-custom
[-] Key deleted: HKLM\SOFTWARE\SoEasySvc
[#] Key deleted on reboot: [x64] HKCU\Software\WinSnare
[#] Key deleted on reboot: [x64] HKCU\Software\dlr
[#] Key deleted on reboot: [x64] HKCU\Software\PopWnd
[#] Key deleted on reboot: [x64] HKCU\Software\UpgSvr
[-] Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [22124 Bytes] - [24/01/2017 21:57:14]
C:\AdwCleaner\AdwCleaner[C2].txt - [2933 Bytes] - [01/03/2017 21:41:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [19269 Bytes] - [24/01/2017 20:28:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [18904 Bytes] - [24/01/2017 21:56:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [3168 Bytes] - [01/03/2017 21:40:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [3135 Bytes] - [01/03/2017 21:41:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3300 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Santos (Administrator) on Wed 03/01/2017 at 21:44:22.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 16 
 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1F0NKDGG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T3EW3H0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7A7M7P4B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALZ4MHX2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRTFHXTR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXC6V6H5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9J0C48X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSM8BVFL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1F0NKDGG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T3EW3H0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7A7M7P4B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALZ4MHX2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRTFHXTR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXC6V6H5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9J0C48X (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSM8BVFL (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/01/2017 at 21:45:38.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/1/17
Scan Time: 9:54 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1392
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Santos-PC\Santos
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366425
Time Elapsed: 1 min, 18 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 1
Adware.Elex, C:\PROGRAM FILES (X86)\EXPLORER\IEDVUTILS.EXE, Quarantined, [305], [373329],1.0.1392
 
Module: 4
Adware.Elex, C:\PROGRAM FILES (X86)\EXPLORER\IEDVUTILS.EXE, Quarantined, [305], [373329],1.0.1392
Adware.Elex, C:\PROGRAM FILES (X86)\EXPLORER\IEDVTOOLEX.DLL, Quarantined, [305], [373329],1.0.1392
Adware.Elex, C:\PROGRAM FILES (X86)\EXPLORER\WINNSI.DLL, Quarantined, [305], [373329],1.0.1392
Adware.Elex, C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HEWLETTPACKARDHEWLETTPACKARD.DLL, Quarantined, [305], [368888],1.0.1392
 
Registry Key: 104
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iedvutils, Delete-on-Reboot, [305], [373329],1.0.1392
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HewlettPackardHewlettPackard, Delete-on-Reboot, [305], [368888],1.0.1392
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, Delete-on-Reboot, [1412], [346210],1.0.1392
Adware.Ghokswa, HKU\S-1-5-21-4063383439-142346386-2490566706-1000_Classes\CHROMEHTML, Delete-on-Reboot, [557], [-1],0.0.0
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971}, Delete-on-Reboot, [305], [375406],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.001, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.002, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.003, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.004, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.005, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.006, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.007, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.008, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.009, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.010, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.011, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.012, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.013, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.014, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.015, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.016, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.017, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.018, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.019, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.020, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.021, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.022, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.023, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.024, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.025, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.026, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.027, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.028, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.029, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.030, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.031, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.032, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.033, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.034, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.035, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.036, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.037, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.038, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.039, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.040, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.041, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.042, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.043, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.044, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.045, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.046, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.047, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.048, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.049, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.050, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.051, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.052, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.053, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.054, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.055, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.056, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.057, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.058, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.059, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.060, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.061, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.062, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.063, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.064, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.065, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.066, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.067, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.068, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.069, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.070, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.071, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.072, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.073, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.074, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.075, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.076, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.077, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.078, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.079, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.080, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.081, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.082, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.083, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.084, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.085, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.086, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.087, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.088, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.089, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.090, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.091, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.092, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.093, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.094, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.095, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.096, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.097, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.098, Delete-on-Reboot, [84], [374779],1.0.1392
Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.099, Delete-on-Reboot, [84], [374779],1.0.1392
 
Registry Value: 1
Adware.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IEDVUTILS|IMAGEPATH, Delete-on-Reboot, [557], [372842],1.0.1392
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 324
Adware.Elex, C:\PROGRAM FILES (X86)\Relgregeck, Delete-on-Reboot, [305], [364481],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6Z42VRE\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6Z42VRE\macromedia.com\support\flashplayer, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6Z42VRE\macromedia.com\support, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6Z42VRE\macromedia.com, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\PYWKEH9R, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\es_419, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\zh_TW, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\zh_CN, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\pt_PT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\pt_BR, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\en_GB, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\fil, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\el, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\en, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\es, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\et, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\fi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\fr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\hi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\hr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\hu, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\id, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\it, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ja, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ko, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\lt, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\lv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\nb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\nl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\pl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ro, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\sk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\sl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\sr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\sv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\th, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\tr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\uk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\vi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ru, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\bg, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ca, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\cs, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\da, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\de, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6Z42VRE, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_metadata, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_tpc.googlesyndication.com_0.indexeddb.leveldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\html, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\css, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_www.tomshardware.com_0.indexeddb.leveldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000\t\Paths, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001\t\Paths, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002\t\Paths, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004\t\Paths, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003\t\Paths, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001\t, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002\t, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004\t, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003\t, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000\t, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\User StyleSheets, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension State, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Session Storage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Sync Data, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\databases, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\PepperFlash, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\SwiftShader, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\WidevineCDM, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\pnacl, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\USERS\SANTOS\APPDATA\LOCAL\Ckirsh, Delete-on-Reboot, [305], [364477],1.0.1392
 
File: 695
Adware.Elex, C:\PROGRAM FILES (X86)\EXPLORER\IEDVUTILS.EXE, Delete-on-Reboot, [305], [373329],1.0.1392
Adware.Elex, C:\PROGRAM FILES (X86)\EXPLORER\IEDVTOOLEX.DLL, Delete-on-Reboot, [305], [373329],1.0.1392
Adware.Elex, C:\PROGRAM FILES (X86)\EXPLORER\WINNSI.DLL, Delete-on-Reboot, [305], [373329],1.0.1392
Adware.Elex, C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HEWLETTPACKARDHEWLETTPACKARD.DLL, Delete-on-Reboot, [305], [368888],1.0.1392
Adware.Elex, C:\Program Files (x86)\Relgregeck\CrashReport.dll, Delete-on-Reboot, [305], [364481],1.0.1392
Adware.Elex, C:\Program Files (x86)\Relgregeck\prerjght.exe, Delete-on-Reboot, [305], [364481],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules\000005.ldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules\000382.ldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules\000403.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules\LOG.old, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension Rules\MANIFEST-000402, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\databases\Databases.db, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\databases\Databases.db-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension State\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension State\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension State\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension State\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extension State\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata\verified_contents.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\128.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\16.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\32.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\48.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\manifest.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\css\craw_window.css, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\html\craw_window.html, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images\flapper.gif, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images\icon_128.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images\icon_16.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images\topbar_floating_button.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images\topbar_floating_button_close.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images\topbar_floating_button_hover.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images\topbar_floating_button_maximize.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\images\topbar_floating_button_pressed.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\bg\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ca\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\cs\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\da\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\de\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\el\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\en\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\en_GB\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\es\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\es_419\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\et\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\fi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\fil\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\fr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\hi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\hr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\hu\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\id\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\it\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ja\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ko\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\lt\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\lv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\nb\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\nl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\pl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\pt_BR\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\pt_PT\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ro\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\ru\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\sk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\sl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\sr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\sv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\th\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\tr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\uk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\vi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\zh_CN\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_locales\zh_TW\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\_metadata\verified_contents.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\craw_background.js, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\craw_window.js, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\manifest.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW\messages.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata\verified_contents.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000\t\Paths\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000\t\Paths\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000\t\Paths\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000\t\Paths\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000\t\Paths\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\000\t\.usage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001\t\Paths\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001\t\Paths\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001\t\Paths\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001\t\Paths\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001\t\Paths\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\001\t\.usage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002\t\Paths\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002\t\Paths\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002\t\Paths\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002\t\Paths\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002\t\Paths\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\002\t\.usage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003\t\Paths\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003\t\Paths\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003\t\Paths\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003\t\Paths\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003\t\Paths\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\003\t\.usage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004\t\Paths\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004\t\Paths\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004\t\Paths\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004\t\Paths\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004\t\Paths\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\004\t\.usage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins\000058.ldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins\000104.ldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins\000111.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins\LOG.old, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\File System\Origins\MANIFEST-000110, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\000183.ldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\000187.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\LOG.old, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\https_twitter.com_0.indexeddb.leveldb\MANIFEST-000186, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_tpc.googlesyndication.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_tpc.googlesyndication.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_tpc.googlesyndication.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_tpc.googlesyndication.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_tpc.googlesyndication.com_0.indexeddb.leveldb\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_www.tomshardware.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_www.tomshardware.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_www.tomshardware.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_www.tomshardware.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\IndexedDB\http_www.tomshardware.com_0.indexeddb.leveldb\MANIFEST-000002, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E4AA.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E4CB.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E4DD.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E4EE.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E500.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E511.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E523.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E525.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E537.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E548.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E55A.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E56B.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E56C.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E57E.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E580.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E581.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E582.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E594.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E595.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E5B6.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E5B7.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E5B9.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E5BA.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIcons\E5CB.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F09E.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F0BF.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F0D0.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F0E2.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F0E4.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F0F6.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F107.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F119.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F12A.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F12C.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F13E.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F15F.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F160.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F172.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F183.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F184.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F185.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F197.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F198.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F1AA.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F1AB.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F1AC.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F1BD.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\JumpListIconsOld\F1CF.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.redditmedia.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_disqus.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_disqus.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_docs.google.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_docs.google.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_drive.google.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_drive.google.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_en.wikipedia.org_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_en.wikipedia.org_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_examine.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_examine.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_examine.leadpages.co_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_examine.leadpages.co_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_gifs.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_helpx.adobe.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_helpx.adobe.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_live.adyen.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_live.adyen.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_login.yahoo.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_login.yahoo.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_ph.althea.kr_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_ph.althea.kr_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_plus.google.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_plus.google.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_productforums.google.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_connexity.net_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_gifs.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_productforums.google.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_secure-au.imrworldwide.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_tpc.googlesyndication.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.cinnabon.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.google.com.ph_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_racosme.ph_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_racosme.ph_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_s.yimg.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_s.yimg.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_s0.2mdn.net_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_s0.2mdn.net_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_sb.monetate.net_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_sb.monetate.net_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_seccdn-gl.imrworldwide.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_seccdn-gl.imrworldwide.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_secure-au.imrworldwide.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_secure-dcr.imrworldwide.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_secure-dcr.imrworldwide.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_secure.livechatinc.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_secure.livechatinc.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_soundcloud.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_soundcloud.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_support.google.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_support.google.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_support.riotgames.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_support.riotgames.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_tpc.googlesyndication.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_twitter.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_twitter.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_universal.iperceptions.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_universal.iperceptions.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_widgets.outbrain.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_widgets.outbrain.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.banishacnescars.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.banishacnescars.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.buzzfeed.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.buzzfeed.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.cinnabon.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.clipartsgram.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.clipartsgram.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.dailypetition.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.dailypetition.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.domain.com.au_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.domain.com.au_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.drugs.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.drugs.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.facebook.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.facebook.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.google.com.ph_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.ncbi.nlm.nih.gov_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.ncbi.nlm.nih.gov_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.olx.ph_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.olx.ph_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.periscope.tv_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.periscope.tv_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.piliapp.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.piliapp.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.reddit.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.reddit.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.redditmedia.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_c.betrad.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_c.betrad.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_clients5.google.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_clients5.google.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_connexity.net_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.soompi.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.soompi.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.youtube-nocookie.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.youtube-nocookie.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.youtube.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\https_www.youtube.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_9gag.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_9gag.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_aegyoprincess.blogspot.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_aegyoprincess.blogspot.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_boards.na.leagueoflegends.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_boards.na.leagueoflegends.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_c.betrad.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_c.betrad.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_cdn.cxense.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_cdn.cxense.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_cdn.districtm.ca_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_cdn.playwire.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_cdn.playwire.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_connexity.net_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_connexity.net_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_d-h.st_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_d-h.st_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_en.vogue.fr_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_entertainment.abs-cbn.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_entertainment.abs-cbn.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_forum.bodybuilding.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_forum.bodybuilding.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_forums.na.leagueoflegends.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_forums.na.leagueoflegends.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_galleryroulette.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_galleryroulette.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_happycatsonline.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_happycatsonline.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_iwandered.net_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_iwandered.net_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_leagueoflegends.wikia.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_lolcounter.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_lolcounter.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_lostinpretty.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_lostinpretty.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_my.althea.kr_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_my.althea.kr_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_patient.info_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_patient.info_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_ph.althea.kr_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_player.ooyala.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_player.ooyala.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_ratemyserver.net_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_ratemyserver.net_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_sarcasmsociety.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_sarcasmsociety.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_smallbusiness.chron.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_socialpatrol.ph_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_socialpatrol.ph_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_spoonuniversity.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_spoonuniversity.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_support.hp.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_support.hp.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_tastelessgentlemen.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_tastelessgentlemen.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_tpc.googlesyndication.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_w2beauty.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_w2beauty.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_widget.perfectmarket.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_widget.perfectmarket.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_widgets.outbrain.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_widgets.outbrain.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.acne.org_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.businessinsider.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.businessinsider.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.cic.gc.ca_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.cic.gc.ca_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.clipartkid.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.clipartkid.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.esquire.co.uk_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.esquire.co.uk_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.esquire.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.esquire.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.esquiremag.ph_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.fashionpulis.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.fashionpulis.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.fitnessmagazine.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.fitnessmagazine.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.gmanetwork.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.gmanetwork.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.hm.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.hm.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.koreaboo.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.koreaboo.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.livestrong.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.lovemeow.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.lovemeow.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.mobafire.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.mobafire.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.mtv.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.mtv.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.nitroplus.co.jp_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.nitroplus.co.jp_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.oldielyrics.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.oldielyrics.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.paulaschoice.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.rappler.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.rappler.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.realasianbeauty.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.realasianbeauty.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.rejectedprincesses.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.rejectedprincesses.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.rxlist.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.rxlist.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.shape.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.shape.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.thefashionspot.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.thefashionspot.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.tomshardware.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.tomshardware.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.unilad.co.uk_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.unilad.co.uk_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.vanitycenter.ph_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.vanitycenter.ph_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.webmd.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.webmd.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_cdn.districtm.ca_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_en.vogue.fr_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_leagueoflegends.wikia.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_ph.althea.kr_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_smallbusiness.chron.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_tpc.googlesyndication.com_0.localstorage, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.acne.org_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.esquiremag.ph_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.livestrong.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Local Storage\http_www.paulaschoice.com_0.localstorage-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\D6Z42VRE\macromedia.com\support\flashplayer\sys\settings.sol, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Session Storage\000700.log, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Session Storage\000701.ldb, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Session Storage\CURRENT, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Session Storage\LOCK, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Session Storage\LOG, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Session Storage\LOG.old, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Session Storage\MANIFEST-000698, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Sync Data\SyncData.sqlite3, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Sync Data\SyncData.sqlite3-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\User StyleSheets\Custom.css, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\36CC.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Archived History, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Archived History-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Bookmarks, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Bookmarks.bak, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Cookies, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Cookies-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Current Session, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Current Tabs, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Favicons, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Favicons-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Google Profile.ico, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\History, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\History Provider Cache, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\History-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Last Session, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Last Tabs, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Login Data, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Login Data-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Network Action Predictor, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Network Action Predictor-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Preferences, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\QuotaManager, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\QuotaManager-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\README, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Shortcuts, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Shortcuts-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Top Sites, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Top Sites-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\TransportSecurity, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Visited Links, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Web Data, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Default\Web Data-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\36DD.tmp, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Certificate Revocation Lists, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Local State, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Safe Browsing Bloom, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Safe Browsing Bloom Prefix Set, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Safe Browsing Cookies, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Safe Browsing Cookies-journal, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Safe Browsing Csd Whitelist, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Safe Browsing Download, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Safe Browsing Download Whitelist, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\Users\Santos\AppData\Local\Ckirsh\Safe Browsing Extension Blacklist, Delete-on-Reboot, [305], [364477],1.0.1392
Adware.Elex, C:\PROGRAM FILES (X86)\EXPLORER\IEHELPER.EXE, Delete-on-Reboot, [305], [373329],1.0.1392
PUP.Optional.Elex, C:\USERS\SANTOS\APPDATA\ROAMING\FIREFOX\FIREFOX\PROFILES\85htvwjk.default\EXTENSIONS\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi, Delete-on-Reboot, [15], [335422],1.0.1392
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

question: there were no options to "Apply Actions" on the Malware Bytes. Do I delete the quarantined files?


Edited by flamingporu, 01 March 2017 - 09:09 AM.


#5 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 01 March 2017 - 09:08 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Santos (administrator) on SANTOS-PC (01-03-2017 22:06:08)
Running from C:\Users\Santos\Desktop
Loaded Profiles: Santos & UpdatusUser (Available Profiles: Santos & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\Explorer\iedvutils.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Windows\KMS-R@1n.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Malwarebytes) C:\Users\Santos\AppData\Local\Temp\jrt\JRT_NewerVersion\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2017-01-29] (Tonec Inc.)
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-06] (Piriform Ltd)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{076AB01B-369C-4BC8-8562-02966D169345}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://linkzb.com
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 85htvwjk.default
FF ProfilePath: C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default [2017-02-28]
FF NewTab: Firefox\Firefox\Profiles\85htvwjk.default -> about:newtab
FF Homepage: Firefox\Firefox\Profiles\85htvwjk.default -> about:home
FF HKU\S-1-5-21-4063383439-142346386-2490566706-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Santos\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Santos\AppData\Roaming\IDM\idmmzcc5 [2017-03-01] [not signed]
FF HKU\S-1-5-21-4063383439-142346386-2490566706-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-12-27] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2009-01-01] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-22] (REALiX™)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-03-01] (Malwarebytes)
S3 gkernel; \??\C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 21:52 - 2017-03-01 21:54 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-01 21:52 - 2017-03-01 21:52 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-01 21:52 - 2017-03-01 21:52 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-01 21:52 - 2017-03-01 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 21:52 - 2017-03-01 21:52 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-01 21:52 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-01 21:47 - 2017-03-01 21:51 - 55566792 _____ (Malwarebytes ) C:\Users\Santos\Downloads\mb3-setup-1878.1878-3.0.6.1469.exe
2017-03-01 21:45 - 2017-03-01 21:45 - 00003328 _____ C:\Users\Santos\Desktop\JRT.txt
2017-03-01 21:43 - 2017-03-01 22:02 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-01 21:43 - 2017-03-01 21:45 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-01 21:38 - 2017-03-01 21:39 - 04015056 _____ C:\Users\Santos\Desktop\adwcleaner_6.043.exe
2017-03-01 00:01 - 2017-03-01 22:06 - 00010498 _____ C:\Users\Santos\Desktop\FRST.txt
2017-03-01 00:01 - 2017-03-01 00:01 - 00027643 _____ C:\Users\Santos\Desktop\Addition.txt
2017-03-01 00:00 - 2017-03-01 22:05 - 00000000 ____D C:\Users\Santos\Desktop\FRST-OlderVersion
2017-02-28 23:53 - 2017-02-28 23:41 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-02-28 23:40 - 2017-02-28 23:40 - 00000000 ____D C:\ProgramData\IDM
2017-02-28 20:49 - 2017-03-01 22:01 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-02-28 20:49 - 2017-03-01 21:41 - 00000000 ____D C:\Windows\system32\log
2017-02-28 20:49 - 2017-02-28 20:49 - 00001872 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2017-02-28 20:48 - 2017-02-28 21:59 - 00000000 ____D C:\Users\Santos\AppData\LocalLow\Mozilla
2017-02-28 20:48 - 2017-02-28 20:48 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-28 20:48 - 2017-02-28 20:48 - 00001933 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-28 20:48 - 2017-02-28 20:48 - 00000000 ____D C:\Users\Santos\AppData\Roaming\Mozilla
2017-02-28 20:48 - 2017-02-28 20:48 - 00000000 ____D C:\Users\Santos\AppData\Roaming\Firefox
2017-02-28 20:48 - 2017-02-28 20:48 - 00000000 ____D C:\Users\Santos\AppData\Local\Firefox
2017-02-28 20:45 - 2017-03-01 22:02 - 00033826 _____ C:\Program Files (x86)\metadata
2017-02-28 20:45 - 2017-02-28 20:45 - 00000000 ____D C:\Users\Santos\AppData\Local\Ballcine
2017-02-28 20:45 - 2017-02-28 20:45 - 00000000 ____D C:\ProgramData\Apple
2017-02-28 20:44 - 2017-02-28 20:44 - 00000000 ____D C:\Program Files (x86)\Ballcine
2017-02-24 21:59 - 2017-02-24 21:59 - 00000000 ____D C:\Windows\SysWOW64\{66B40B24-FCF6-4C4B-AF07-4BC6FE9C4852}
2017-02-23 17:58 - 2017-02-23 17:58 - 00000000 ____D C:\Windows\SysWOW64\{80598125-B554-421E-8638-C36B8A47A5F9}
2017-02-16 22:16 - 2017-02-18 22:13 - 00028547 _____ C:\Users\Santos\Documents\Copy of numeracy_form_16-17_HSS (Autosaved) (Autosaved).xlsx
2017-02-09 21:29 - 2017-02-09 21:29 - 00018345 _____ C:\Users\Santos\Documents\tree.xlsx
2017-02-09 20:47 - 2017-02-09 20:47 - 00000000 ____D C:\Users\Santos\AppData\Local\ElevatedDiagnostics
2017-02-05 20:13 - 2017-02-26 00:53 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-05 20:13 - 2017-02-05 20:13 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-05 18:51 - 2017-03-01 22:01 - 00002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-05 18:51 - 2017-02-28 20:45 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 18:48 - 2017-02-05 18:51 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-05 18:48 - 2017-02-05 18:48 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-05 18:48 - 2017-02-05 18:48 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-05 18:47 - 2017-02-05 18:47 - 01129376 _____ (Google Inc.) C:\Users\Santos\Downloads\ChromeSetup.exe
2017-02-03 16:28 - 2017-02-03 16:28 - 00000000 ____D C:\Users\Santos\AppData\OICE_15_974FA576_32C1D314_1E0C
2017-01-31 20:13 - 2017-03-01 21:43 - 00004966 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Santos-PC-Santos Santos-PC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 22:06 - 2017-01-22 20:13 - 00000000 ____D C:\FRST
2017-03-01 22:05 - 2017-01-22 20:13 - 02423808 _____ (Farbar) C:\Users\Santos\Desktop\FRST64.exe
2017-03-01 21:52 - 2017-01-24 20:15 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 21:52 - 2017-01-24 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-01 21:52 - 2017-01-24 20:12 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-01 21:49 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-01 21:49 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-01 21:48 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-01 21:48 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-03-01 21:42 - 2017-01-27 21:03 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2017-03-01 21:42 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-01 21:41 - 2017-01-24 20:25 - 00000000 ____D C:\AdwCleaner
2017-03-01 21:36 - 2017-01-29 15:08 - 00000000 ____D C:\Users\Santos\AppData\Roaming\DMCache
2017-03-01 21:36 - 2009-01-01 17:07 - 00000000 ____D C:\ProgramData\Adobe
2017-03-01 19:58 - 2016-12-31 10:53 - 00000000 ____D C:\Users\Santos\AppData\Roaming\GarenaPlus
2017-03-01 19:58 - 2016-12-31 10:53 - 00000000 ____D C:\ProgramData\GarenaMessenger
2017-03-01 17:49 - 2009-07-14 13:08 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-28 23:52 - 2017-01-23 06:02 - 00000000 ____D C:\zoek_backup
2017-02-28 20:49 - 2009-01-01 17:00 - 00002111 _____ C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-26 15:09 - 2017-01-01 22:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-25 20:15 - 2016-12-31 11:50 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2017-02-25 06:53 - 2009-01-01 17:06 - 00000000 ____D C:\Users\UpdatusUser
2017-02-09 20:47 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-05 20:14 - 2009-01-01 17:07 - 00000000 ____D C:\Users\Santos\AppData\Local\Google
2017-02-05 20:13 - 2017-01-02 17:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-05 20:13 - 2017-01-02 17:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-05 20:13 - 2017-01-02 17:07 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-05 20:13 - 2017-01-02 17:06 - 00000000 ____D C:\Users\Santos\AppData\Local\Adobe
2017-02-05 15:42 - 2017-01-29 15:08 - 00000000 ____D C:\Users\Santos\AppData\Roaming\IDM
2017-02-02 17:45 - 2017-01-27 20:18 - 03132024 _____ C:\Users\Santos\Desktop\GRADE-2_3RD-QUARTERsampaguita.xlsx
 
==================== Files in the root of some directories =======
 
2016-12-31 11:56 - 2016-12-31 14:17 - 400556032 _____ () C:\Program Files (x86)\GarenaPHLoL_Install_20161215.0.dat
2017-02-28 20:45 - 2017-03-01 22:02 - 0033826 _____ () C:\Program Files (x86)\metadata
2017-03-01 21:43 - 2017-03-01 21:45 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-01-01 22:42 - 2017-01-10 21:42 - 0000132 _____ () C:\Users\Santos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-01-02 00:54 - 2017-01-02 00:54 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-24 22:21
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Santos (01-03-2017 22:06:27)
Running from C:\Users\Santos\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-01-01 09:00:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4063383439-142346386-2490566706-500 - Administrator - Disabled)
Guest (S-1-5-21-4063383439-142346386-2490566706-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4063383439-142346386-2490566706-1003 - Limited - Enabled)
Santos (S-1-5-21-4063383439-142346386-2490566706-1000 - Administrator - Enabled) => C:\Users\Santos
UpdatusUser (S-1-5-21-4063383439-142346386-2490566706-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3006 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09232813-763F-408A-AE21-64839B8C649A} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-12-27] ()
Task: {20A08542-AB86-4103-8D5C-8E9C539D88AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-05] (Google Inc.)
Task: {3CFE4941-6880-4901-94F1-137289B32328} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic 
Task: {488E0BC5-B40D-4446-B63E-A336CFA09524} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Santos-PC-Santos Santos-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {9E274B14-4DCE-476B-A1C3-405F68E3C9D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-02-05] (Adobe Systems Incorporated)
Task: {A86062D9-534A-48F5-878E-B37137AE1744} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C5A20AD8-E2AA-4192-960C-220C6D96B605} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E12F2D9E-FF5B-4A84-AA98-93724C52AAD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-05] (Google Inc.)
Task: {F2448782-ED59-42F5-8EB9-817189DD525F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-28 20:49 - 2017-02-28 11:53 - 00055992 _____ () C:\Program Files (x86)\Explorer\iedvutils.exe
2013-02-22 17:59 - 2013-02-22 17:59 - 06523456 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-01-01 17:16 - 2009-01-01 17:16 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2017-03-01 21:52 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-01 21:52 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-03-01 21:52 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-28 20:49 - 2017-02-28 11:53 - 01779896 _____ () C:\Program Files (x86)\Explorer\iedvtoolex.dll
2017-02-28 20:49 - 2017-02-28 11:53 - 02177208 _____ () C:\Program Files (x86)\Explorer\WINNSI.DLL
2017-01-22 20:12 - 2017-01-22 20:12 - 00225792 _____ () C:\Program Files (x86)\Hewlett-Packard\HewlettPackardHewlettPackard.dll
2013-02-22 17:59 - 2013-02-22 17:59 - 06523472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-02-28 20:45 - 2017-02-01 17:01 - 01870168 _____ () C:\Program Files (x86)\Ballcine\Application\libglesv2.dll
2017-02-28 20:45 - 2017-02-01 17:01 - 00085848 _____ () C:\Program Files (x86)\Ballcine\Application\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Santos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3F00DE79-D4E3-4400-8A8F-EE0D647E8D22}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{287BE859-68C8-43AC-9E02-C7C15802C1E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{049089B8-0DD8-4440-9B3B-9CD4A180FD10}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0C094980-767D-42E1-B842-2B084C007D40}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E7E4AEF9-54A2-407E-ADDB-50FAF544D24B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8F5860F0-E236-4725-A017-8C4C3C5E7DCF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A18EA362-DF9C-4E14-9519-1C263168880A}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{39D47612-A852-44F8-805B-9CAF1D3387B3}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{833F98E7-73F2-4E5F-8DBA-6338F42B8B35}] => (Allow) D:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{E16A26B9-86BE-4DD5-BBFB-F29A50E115E6}] => (Allow) LPort=8370
FirewallRules: [{6344B179-4CB3-4039-A9B2-352ED2717091}] => (Allow) LPort=8370
FirewallRules: [{055A9FB5-A096-4A39-998E-377701810704}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{7ABD38CF-E83D-4413-B5B2-5DC12C9D8BFD}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{B6BE08F9-E767-492B-A01C-5D36ED37752A}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{9355E314-BE2F-4C8A-810F-F41108B5DAE5}] => (Allow) D:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{E5A516A0-2534-4C47-A461-D0AC044B3875}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\USBSetup.exe
FirewallRules: [{568165E8-30AD-4A3C-8279-06DFBD4E7A69}] => (Allow) LPort=6971
FirewallRules: [{44D4F5BA-D38C-4EB2-BC7D-B55C894467BE}] => (Allow) LPort=6971
FirewallRules: [{381E4749-7101-461E-9CE6-36483DD51033}] => (Allow) LPort=6951
FirewallRules: [{C1A2D4C4-BEBF-4AC6-9E35-AF7C37A8FD8D}] => (Allow) LPort=6951
FirewallRules: [{F336FAF8-F830-4920-ABEB-4BD5FF166595}] => (Allow) LPort=6940
FirewallRules: [{B3EEF2F0-BA19-4754-B308-D9EE0255F9C1}] => (Allow) LPort=6940
FirewallRules: [{8060545D-A20B-4381-9BC3-13FC07FA4564}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{17C7543B-78C1-49A0-9F77-13659264718C}] => (Allow) LPort=6927
FirewallRules: [{41842D38-FDC0-4D13-9BE6-EA5098AE7438}] => (Allow) LPort=6927
FirewallRules: [{BAA3A04B-4173-4689-BE91-96DB71C11A8B}] => (Allow) LPort=6986
FirewallRules: [{E481B18A-7358-44CB-9C12-39DDF72051C8}] => (Allow) LPort=6986
FirewallRules: [{4BA245D6-3268-43C6-BF9A-B985D84A5B59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C76C7AEC-CE45-4F46-B371-E55E8C936687}] => (Allow) LPort=6901
FirewallRules: [{E2E266B6-8882-4BB2-BEE1-20BD6DB2713C}] => (Allow) LPort=6901
FirewallRules: [{56722716-B5A1-4C60-8064-D7F253B75EB2}] => (Allow) LPort=6932
FirewallRules: [{938519DF-DD46-42EF-916D-561B6B0B2292}] => (Allow) LPort=6932
FirewallRules: [{AA02A9DC-72BF-46A7-A05F-7135818035F4}] => (Allow) C:\Program Files (x86)\Ballcine\Application\chrome.exe
FirewallRules: [{26EF34A3-D1B4-4B6F-9C08-E905D559B93E}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{6EA0E002-A081-44C0-85FB-7F111A4377B4}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{AE5586B3-B6F5-45FE-B2A7-63F53DC01A14}] => (Allow) LPort=6916
FirewallRules: [{BB0915FB-A8CA-41A5-906B-CCE1E3565317}] => (Allow) LPort=6916
 
==================== Restore Points =========================
 
28-02-2017 23:41:37 zoek.exe restore point
01-03-2017 21:33:09 Removed amuleC
01-03-2017 21:36:03 Removed Adobe Reader XI.
01-03-2017 21:44:23 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2017 09:44:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/01/2017 09:40:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_6.043.exe, version: 6.0.4.3, time stamp: 0x588b6608
Faulting module name: adwcleaner_6.043.exe, version: 6.0.4.3, time stamp: 0x588b6608
Exception code: 0xc0000005
Fault offset: 0x00022d82
Faulting process id: 0x11a8
Faulting application start time: 0x01d292913736ecbc
Faulting application path: C:\Users\Santos\Desktop\adwcleaner_6.043.exe
Faulting module path: C:\Users\Santos\Desktop\adwcleaner_6.043.exe
Report Id: a40ca75a-fe84-11e6-aa5b-08606e682767
 
Error: (03/01/2017 09:38:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/01/2017 09:33:30 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Santos-PC)
Description: Application or service 'ed2k idle service' could not be restarted.
 
Error: (03/01/2017 07:58:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/01/2017 07:58:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/01/2017 05:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 11:56:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 11:41:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (02/28/2017 11:22:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (03/01/2017 09:44:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/01/2017 09:41:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (03/01/2017 09:41:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (03/01/2017 09:41:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/01/2017 09:41:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/01/2017 09:40:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/01/2017 09:40:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/01/2017 09:40:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HewlettPackardHewlettPackard service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/01/2017 09:40:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update Service(FirefoxU) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (03/01/2017 09:40:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-02-04 07:25:15.294
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-04 07:25:15.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-03 22:58:48.234
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-03 22:58:48.194
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-03 16:19:19.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-03 16:19:18.982
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-02 16:37:02.446
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-02 16:37:02.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-01 17:39:44.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-02-01 17:39:44.394
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 30%
Total physical RAM: 8143.78 MB
Available physical RAM: 5644.63 MB
Total Virtual: 16285.75 MB
Available Virtual: 13453.33 MB
 
==================== Drives ================================
 
Drive c: (O,S) (Fixed) (Total:49.92 GB) (Free:18.09 GB) NTFS
Drive d: (Files) (Fixed) (Total:415.74 GB) (Free:57.15 GB) NTFS
Drive e: (Backup) (Fixed) (Total:931.51 GB) (Free:916.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8D063F16)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================


#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 01 March 2017 - 02:24 PM

Hi again.
 
Thanks for the Logs.

C:\Windows\KMS-R@1n.exe

 KMS-R@1n file is related with illegal actions on Microsoft software

 

If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!

 ========================================================================================

question: there were no options to "Apply Actions" on the Malware Bytes. Do I delete the quarantined files?

That should be the option. Check again and delete it.
=======================================================================================
uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove

               Mozilla Firefox
              Google Chrome
              C:\Program Files (x86)\Ballcine
              C:\Program Files (x86)\Explorer
              C:\Program Files (x86)\Relgregeck
              C:\Program Files (x86)\Maoha
              C:\Program Files (x86)\Elex-tech
              Adobe Reader XI

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
  • And PC restart.

=================================================================================

Run FRST Fixlist:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

CreateRestorePoint:
CloseProcesses:
C:\Windows\KMS-R@1n.exe
C:\Users\Santos\AppData\Local\Temp\jrt\JRT_NewerVersion\JRT.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://linkzb.com
FF DefaultProfile: 85htvwjk.default
FF ProfilePath: C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default [2017-02-28]
FF NewTab: Firefox\Firefox\Profiles\85htvwjk.default -> about:newtab
FF Homepage: Firefox\Firefox\Profiles\85htvwjk.default -> about:home
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe
S3 gkernel; \??\C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
C:\Program Files (x86)\settings.dat
C:\Users\Santos\AppData\Local\Ckirsh
C:\PROGRAM FILES (X86)\EXPLORER
C:\Program Files (x86)\Relgregeck
C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HEWLETTPACKARDHEWLETTPACKARD.DLL
C:\Users\Santos\AppData\Local\Ballcine
c:\programdata\apple\apple application support\support.dll
C:\ProgramData\Ament.ini
C:\Program Files (x86)\Explorer\iedvutils.exe
C:\Program Files (x86)\Explorer\iedvtoolex.dll
C:\Program Files (x86)\Explorer\WINNSI.DLL
C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
FirewallRules: [{A18EA362-DF9C-4E14-9519-1C263168880A}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{39D47612-A852-44F8-805B-9CAF1D3387B3}] => (Allow) C:\Windows\KMS-R@1n.exe
C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{8060545D-A20B-4381-9BC3-13FC07FA4564}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{AA02A9DC-72BF-46A7-A05F-7135818035F4}] => (Allow) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
C:\Program Files (x86)\Ballcine
C:\Users\Santos\AppData\Local\Ballcine
C:\Program Files (x86)\Ballcine\Application\libglesv2.dll
C:\Program Files (x86)\Ballcine\Application\libegl.dll
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.
=============================================================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 03 March 2017 - 07:49 AM

Hello! Here're my logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Santos (03-03-2017 20:35:31) Run:4
Running from C:\Users\Santos\Desktop
Loaded Profiles: Santos & UpdatusUser (Available Profiles: Santos & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Windows\KMS-R@1n.exe
C:\Users\Santos\AppData\Local\Temp\jrt\JRT_NewerVersion\JRT.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://linkzb.com
FF DefaultProfile: 85htvwjk.default
FF ProfilePath: C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default [2017-02-28]
FF NewTab: Firefox\Firefox\Profiles\85htvwjk.default -> about:newtab
FF Homepage: Firefox\Firefox\Profiles\85htvwjk.default -> about:home
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe
S3 gkernel; \??\C:\Users\Santos\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
C:\Program Files (x86)\settings.dat
C:\Users\Santos\AppData\Local\Ckirsh
C:\PROGRAM FILES (X86)\EXPLORER
C:\Program Files (x86)\Relgregeck
C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HEWLETTPACKARDHEWLETTPACKARD.DLL
C:\Users\Santos\AppData\Local\Ballcine
c:\programdata\apple\apple application support\support.dll
C:\ProgramData\Ament.ini
C:\Program Files (x86)\Explorer\iedvutils.exe
C:\Program Files (x86)\Explorer\iedvtoolex.dll
C:\Program Files (x86)\Explorer\WINNSI.DLL
C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
FirewallRules: [{A18EA362-DF9C-4E14-9519-1C263168880A}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{39D47612-A852-44F8-805B-9CAF1D3387B3}] => (Allow) C:\Windows\KMS-R@1n.exe
C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{8060545D-A20B-4381-9BC3-13FC07FA4564}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{AA02A9DC-72BF-46A7-A05F-7135818035F4}] => (Allow) C:\Program Files (x86)\Ballcine\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Ballcine\Application\chrome.exe
C:\Program Files (x86)\Ballcine
C:\Users\Santos\AppData\Local\Ballcine
C:\Program Files (x86)\Ballcine\Application\libglesv2.dll
C:\Program Files (x86)\Ballcine\Application\libegl.dll
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Ballcine\Application\chrome.exe (Google Inc.)
CMD: ipconfig /flushdns
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\KMS-R@1n.exe => moved successfully
C:\Users\Santos\AppData\Local\Temp\jrt\JRT_NewerVersion\JRT.exe => moved successfully
C:\Program Files (x86)\Ballcine\Application\chrome.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
HKU\S-1-5-21-4063383439-142346386-2490566706-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
FF DefaultProfile: 85htvwjk.default => Error: No automatic fix found for this entry.
C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default => moved successfully
C:\Users\Santos\AppData\Roaming\Firefox\Firefox\Profiles\85htvwjk.default => path removed successfully
FF NewTab: Firefox\Firefox\Profiles\85htvwjk.default -> about:newtab => not found
FF Homepage: Firefox\Firefox\Profiles\85htvwjk.default -> about:home => not found
HKLM\System\CurrentControlSet\Services\KMS-R@1n => key removed successfully
KMS-R@1n => service removed successfully
HKLM\System\CurrentControlSet\Services\gkernel => key removed successfully
gkernel => service removed successfully
C:\Program Files (x86)\settings.dat => moved successfully
"C:\Users\Santos\AppData\Local\Ckirsh" => not found.
C:\PROGRAM FILES (X86)\EXPLORER => moved successfully
"C:\Program Files (x86)\Relgregeck" => not found.
"C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HEWLETTPACKARDHEWLETTPACKARD.DLL" => not found.
"C:\Users\Santos\AppData\Local\Ballcine" => not found.
"c:\programdata\apple\apple application support\support.dll" => not found.
C:\ProgramData\Ament.ini => moved successfully
"C:\Program Files (x86)\Explorer\iedvutils.exe" => not found.
"C:\Program Files (x86)\Explorer\iedvtoolex.dll" => not found.
"C:\Program Files (x86)\Explorer\WINNSI.DLL" => not found.
"C:\Program Files (x86)\Elex-tech\YAC\libpng.dll" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A18EA362-DF9C-4E14-9519-1C263168880A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39D47612-A852-44F8-805B-9CAF1D3387B3} => value removed successfully
"C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8060545D-A20B-4381-9BC3-13FC07FA4564} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA02A9DC-72BF-46A7-A05F-7135818035F4} => value removed successfully
C:\Program Files (x86)\Ballcine\Application\chrome.exe => No running process found
"C:\Program Files (x86)\Ballcine" => not found.
"C:\Users\Santos\AppData\Local\Ballcine" => not found.
"C:\Program Files (x86)\Ballcine\Application\libglesv2.dll" => not found.
"C:\Program Files (x86)\Ballcine\Application\libegl.dll" => not found.
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => moved successfully
C:\Users\Santos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36085127 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 11110 B
Edge => 0 B
Chrome => 335320841 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 17855 B
systemprofile32 => 83022 B
LocalService => 66228 B
NetworkService => 77166 B
Santos => 16668330 B
UpdatusUser => 0 B

RecycleBin => 20410 B
EmptyTemp: => 378.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:35:50 ====

Zemana AntiMalware 2.72.179.101 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/3/3
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i3-3220 CPU @ 3.30GHz
BIOS Mode              : Legacy
CUID                   : 12407B1F781B4AC937F339
Scan Type              : Scheduled Scan
Duration               : 3m 11s
Scanned Objects        : 25975
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

firefox
Status             : Scanned
Object             : NE->c:\users\santos\appdata\local\firefox
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Ghokswa.FF.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

ucbrowser
Status             : Scanned
Object             : NE->c:\users\santos\appdata\local\ucbrowser
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/UCBrowser.C!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

firefox
Status             : Scanned
Object             : NE->c:\users\santos\appdata\roaming\firefox
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Ghokswa.FF.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

nuvesy.default
Status             : Scanned
Object             : NE->c:\users\santos\appdata\roaming\profiles\nuvesy.default
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Trotux.FakeProfile!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

local64spl.dll
Status             : Scanned
Object             : NE->c:\zoek_backup\c_progra~2_gipareedese reports\local64spl.dll
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/ELEX.F!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

local64spl.dll.ini
Status             : Scanned
Object             : NE->c:\zoek_backup\c_progra~2_gipareedese reports\local64spl.dll.ini
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/ELEX.G!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

Cleaning Result
-------------------------------------------------------
Cleaned               : 6
Reported as safe      : 0
Failed                : 0



#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 03 March 2017 - 01:52 PM

Thanks for the Logs.

 

Step1:

ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

Step 2:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 
Have a nice day.
:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 03 March 2017 - 08:05 PM

Hello! Here are the logs:
 
ComboFix 17-02-24.01 - Santos 03/04/2017   8:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8144.5998 [GMT 8:00]
Running from: c:\users\Santos\Desktop\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\7f2a22a77d73d448e4e3d383c3329596.exe
c:\windows\XSxS
D:\setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-02-04 to 2017-03-04  )))))))))))))))))))))))))))))))
.
.
2017-03-04 01:02 . 2017-03-04 01:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2017-03-04 01:02 . 2017-03-04 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-03 20:49 . 2017-03-03 20:49 -------- d-----w- c:\users\Santos\AppData\Local\Apps
2017-03-03 20:49 . 2017-03-03 20:49 -------- d-----w- c:\users\Santos\AppData\Local\Deployment
2017-03-03 12:39 . 2017-03-03 12:39 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-03-03 12:39 . 2017-03-03 12:39 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-03-03 12:39 . 2017-03-03 12:39 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-03-03 12:39 . 2017-03-03 12:39 -------- d-----w- c:\users\Santos\AppData\Local\Zemana
2017-03-03 12:16 . 2017-03-03 12:16 -------- d-----w- c:\users\Santos\AppData\Local\VS Revo Group
2017-03-03 12:16 . 2017-03-03 12:16 -------- d-----w- c:\programdata\VS Revo Group
2017-03-03 12:16 . 2016-12-21 06:52 40240 ----a-w- c:\windows\system32\drivers\revoflt.sys
2017-03-03 12:16 . 2017-03-03 12:16 -------- d-----w- c:\program files\VS Revo Group
2017-03-01 13:52 . 2017-03-04 00:52 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-03-01 13:52 . 2017-03-04 00:52 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-03-01 13:52 . 2017-03-04 00:52 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-03-01 13:52 . 2017-01-19 23:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-03-01 13:52 . 2017-03-01 13:52 -------- d-----w- c:\program files\Malwarebytes
2017-03-01 13:43 . 2017-03-01 14:09 -------- d-----w- c:\program files (x86)\reports
2017-02-28 15:53 . 2017-02-28 15:41 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-28 15:53 . 2017-03-04 01:02 -------- d-----w- c:\users\Santos\AppData\Local\Temp
2017-02-28 15:40 . 2017-02-28 15:40 -------- d-----w- c:\programdata\IDM
2017-02-28 12:49 . 2017-03-01 13:41 -------- d-----w- c:\windows\system32\log
2017-02-28 12:45 . 2017-02-28 12:45 -------- d-----w- c:\programdata\Apple
2017-02-24 13:59 . 2017-02-24 13:59 -------- d-----w- c:\windows\SysWow64\{66B40B24-FCF6-4C4B-AF07-4BC6FE9C4852}
2017-02-23 09:58 . 2017-02-23 09:58 -------- d-----w- c:\windows\SysWow64\{80598125-B554-421E-8638-C36B8A47A5F9}
2017-02-09 12:47 . 2017-02-09 12:47 -------- d-----w- c:\users\Santos\AppData\Local\ElevatedDiagnostics
2017-02-05 10:48 . 2017-03-03 20:53 -------- d-----w- c:\program files (x86)\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-04 00:52 . 2017-01-24 12:15 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-03-01 13:52 . 2017-01-24 12:12 176584 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-02-05 12:13 . 2017-01-02 09:08 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-05 12:13 . 2017-01-02 09:08 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-22 11:55 . 2017-01-22 11:55 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 12:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 12:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 12:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2017-01-29 4001848]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-08-05 8894680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys;c:\windows\SYSNATIVE\drivers\MBAMChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Uktain REG_MULTI_SZ   Uktain
apple_config REG_MULTI_SZ   Apple_Cfg
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-25 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-02-05 12:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 12:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 12:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 12:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-19 2780112]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-02-02 14416624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4063383439-142346386-2490566706-1000_Classes\Wow6432Node\CLSID\{142b98c6-069d-4c0a-8f04-5600321f6c5e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000031
"Therad"=dword:00000016
.
[HKEY_USERS\S-1-5-21-4063383439-142346386-2490566706-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):93,80,c3,f0,a4,0b,ac,8e,6c,e1,de,be,f4,47,f6,0b,c0,1a,5e,02,31,
   85,6b,bf,f9,89,b3,5d,fa,43,ac,ce,ca,f4,c8,4c,6b,1f,1f,1d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-04  09:03:56
ComboFix-quarantined-files.txt  2017-03-04 01:03
.
Pre-Run: 19,699,245,056 bytes free
Post-Run: 19,344,084,992 bytes free
.
- - End Of File - - E5864F645305C31868360398AEC54C38
A36C5E4F47E84449FF07ED3517B43A31
 
 
RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Santos [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/04/2017 09:08:02 (Duration : 00:09:26)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{036CBE24-DE3B-11E6-95A0-64006A5CFC23} (C:\Users\Santos\AppData\Roaming\Vvuckchvosh\Jujutshnile.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Found
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Found
[PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4063383439-142346386-2490566706-1000\Software\UCBrowserPID -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4063383439-142346386-2490566706-1000\Software\UCBrowserPID -> Found
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4063383439-142346386-2490566706-1001\Software\UCBrowser -> Found
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4063383439-142346386-2490566706-1001\Software\UCBrowser -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\im -> Found
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {26EF34A3-D1B4-4B6F-9C08-E905D559B93E} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| [x] -> Found
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6EA0E002-A081-44C0-85FB-7F111A4377B4} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| [x] -> Found
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {26EF34A3-D1B4-4B6F-9C08-E905D559B93E} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| [x] -> Found
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6EA0E002-A081-44C0-85FB-7F111A4377B4} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| [x] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP.HackTool][File] C:\Windows\KMS-R@1nhook.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00WN4A0 ATA Device +++++
--- User ---
[MBR] b21aed05116364ebf610e1153153f062
[BSP] 0fbdb694807e23d7e6a982b4b941bc1d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 8c9db8df05887b2eb4a08d271b6e3f68
[BSP] 709d96ce5b9368214caaf3be347d884e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 51114 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 104888385 | Size: 425722 MB
User = LL1 ... OK
User = LL2 ... OK
 

Edited by flamingporu, 04 March 2017 - 07:23 AM.


#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 04 March 2017 - 08:22 AM

Hi again,

c:\program files (x86)\reports
c:\windows\SysWow64\{80598125-B554-421E-8638-C36B8A47A5F9}
c:\windows\SysWow64\{66B40B24-FCF6-4C4B-AF07-4BC6FE9C4852}

Please check the contents of this information. Whats in there?

============================================================

Step1:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

 ESET Online Scanner:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Delete found harmfulPlace a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 04 March 2017 - 10:34 PM

Hello !

 

c:\program files (x86)\reports  --> ADWcleaner deleted the contents
c
:\windows\SysWow64\{80598125-B554-421E-8638-C36B8A47A5F9} --> one co.tmp file
c:\windows\SysWow64\{66B40B24-FCF6-4C4B-AF07-4BC6FE9C4852--> one co.tmp file

 

# AdwCleaner v6.044 - Logfile created 05/03/2017 at 11:30:51

# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Santos - SANTOS-PC
# Running from : C:\Users\Santos\Downloads\adwcleaner_6.044.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\reports
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Program Files (x86)\settings.dat
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [22124 Bytes] - [24/01/2017 21:57:14]
C:\AdwCleaner\AdwCleaner[C2].txt - [3403 Bytes] - [01/03/2017 21:41:46]
C:\AdwCleaner\AdwCleaner[C3].txt - [1030 Bytes] - [05/03/2017 11:30:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [19269 Bytes] - [24/01/2017 20:28:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [18904 Bytes] - [24/01/2017 21:56:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [3168 Bytes] - [01/03/2017 21:40:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [3135 Bytes] - [01/03/2017 21:41:18]
C:\AdwCleaner\AdwCleaner[S4].txt - [1650 Bytes] - [05/03/2017 11:30:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1470 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Santos (Administrator) on Sun 03/05/2017 at 11:34:39.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2H77CLLG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6SYSWF9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8I34N42 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Santos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPUAU13A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2H77CLLG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6SYSWF9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8I34N42 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPUAU13A (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/05/2017 at 11:36:15.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
C:\AdwCleaner\quarantine\files\diyguizleqajdvqxhfbuxkkvfuexoqvb\bin\FirefoxUpdate.exe a variant of Win32/Adware.ELEX.FP application
C:\AdwCleaner\quarantine\files\loknpcbminkihnxxahwoejygwnngxvny\ktpop3.exe a variant of Win32/KuaiZip.D potentially unwanted application
C:\AdwCleaner\quarantine\files\loknpcbminkihnxxahwoejygwnngxvny\mininewsxktt.exe a variant of Win32/KuaiZip.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files\¿ìѹ\X86\Uninst.exe a variant of Win32/KuaiZip.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\¿ìѹ\X86\Update.exe a variant of Win32/KuaiZip.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\¿ìѹ\X86\UpdateChecker.exe a variant of Win32/KuaiZip.F potentially unwanted application
C:\FRST\Quarantine\C\Windows\KMS-R@1n.exe.xBAD a variant of Win64/HackKMS.H potentially unsafe application
C:\Users\Santos\Downloads\IDM.6.27.3.rar a variant of Win32/HackTool.Patcher.DG potentially unsafe application
C:\Users\Santos\Downloads\IDM.6.27.3\IDM.6.27.3\Patch\idm.6.26-6.21.x-patch.exe a variant of Win32/HackTool.Patcher.DG potentially unsafe application
C:\Windows\KMS-R@1nhook.exe Win64/HackKMS.C potentially unsafe application
C:\Windows\SysWOW64\{66B40B24-FCF6-4C4B-AF07-4BC6FE9C4852}\_ALLOWDEL_6qm\co.tmp a variant of Win32/Adware.ELEX.DF application
C:\zoek_backup\C_ProgramData_search.vir a variant of Win32/Adware.Agent.NPN application
C:\zoek_backup\C_PROGRA~3_search.vir a variant of Win32/Adware.Agent.NPN application
C:\zoek_backup\C_PROGRA~3_service.exe.vir a variant of Win32/Adware.Agent.NPN application
C:\zoek_backup\C_Users_Santos_AppData_Roaming_WinSAPSvc\WinSAP.dll a variant of Win32/Adware.ELEX.FQ application
D:\062813\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\062813\KMPlayer_3.6.0.87.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application
D:\062813\Games\BR\battle\BattleRealmsNOCD.exe a variant of Win32/HackTool.Patcher.BS potentially unsafe application
D:\062813\Games\Left 4 Dead 2\Left 4 Dead 2\bin\steamclient.dll Win32/GameHack.ANE potentially unsafe application
D:\062813\Windows 7 Loader 1.6.9 by Daz\Windows 7 Loader.exe Win32/HackTool.WinActivator.I potentially unsafe application
D:\AutoCAD 2013 64-BIT\Licence\xf-adsk2013_x64.exe a variant of Win32/Keygen.HA potentially unsafe application
D:\Backups\Downloads\Programs\ccsetup511.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Backups\Downloads\Programs\FlvPlayerSetup.exe a variant of Win32/InstallCore.AFF.gen potentially unwanted application
D:\Backups\Downloads\Programs\setup_free_pdf_merger.exe Win32/OpenCandy potentially unsafe application
D:\Backups\Downloads\Programs\installers\uTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application
D:\docs\Programs\utorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
D:\New folder\Downloads\WifiKill 2.2 (apkfullapps.com).apk a variant of Android/WifiKill.E potentially unsafe application
D:\Program Files (x86)\Downloads\Programs\setup Project64 2.1.exe Win32/Somoto.Q potentially unwanted application
D:\Program Files (x86)\Downloads\Programs\Unlocker1.9.2.exe Win32/WebDevAZ.C potentially unwanted application
D:\PS1\DTLite4491-0356_2.exe Win32/DownWare.L potentially unwanted application,Win32/OpenCandy potentially unsafe application
 

Edited by flamingporu, 05 March 2017 - 12:30 AM.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 06 March 2017 - 06:20 PM

Thanks.

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
D:\062813\Games\BR\battle\BattleRealmsNOCD.exe
D:\062813\Windows 7 Loader 1.6.9 by Daz\Windows 7 Loader.exe
D:\062813\Games\Left 4 Dead 2\Left 4 Dead 2\bin\steamclient.dll
D:\AutoCAD 2013 64-BIT\Licence\xf-adsk2013_x64.exe
D:\New folder\Downloads\WifiKill 2.2
D:\Program Files (x86)\Downloads\Programs\setup Project64 2.1.exe
D:\PS1\DTLite4491-0356_2.exe

 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 08 March 2017 - 05:00 PM

Are you still with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 08 March 2017 - 07:33 PM

Hello Olgun! Apologies, I got swamped with work and I will be back home today to take care of this. This will serve as a placeholder for my next response. Thank you!



#15 flamingporu

flamingporu
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 11 March 2017 - 01:08 AM

Hello! I tried searching all the files that you have mentioned and I can't seem to find any of them...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users