Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of Winsnare


  • This topic is locked This topic is locked
13 replies to this topic

#1 Nocturnal558

Nocturnal558

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 04 July 2017 - 02:03 PM

Hi,

 

I've been trying to get rid of what appears to be winsnare from my computer. I made a bad call, installing some bundles of programs that turned out to be all harmful. I uninstalled the ones I could find in control panel, but my browser still gets strange pop-ups and redirects, even after reinstalling. Then I found this website, and hopefully you guys can help me out! I have backed up all the data on this computer, and scanned with FRST. 

 

Thanks for your help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01
Ran by user (administrator) on PC (04-07-2017 21:01:29)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Zoohair\Application\chrome.exe" "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera_crashreporter.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(AVAST Software) C:\Users\user\AppData\Local\background_fault\aswRD.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18728_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\user\Desktop\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-07-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-07-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AppHelperV5.exe] => C:\Users\user\AppData\Local\Temp\AppHelperV5.exe <==== ATTENTION
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\QQPCTray.exe" /regrun
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-11] (Facebook Inc.)
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\Run: [background_fault] => C:\Users\user\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <==== ATTENTION
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\MountPoints2: {019e0aa2-a3a6-11e4-8268-0cd292a8bb54} - "E:\AutoRun.exe" 
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\MountPoints2: {019e0c28-a3a6-11e4-8268-0cd292a8bb54} - "E:\AutoRun.exe" 
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\MountPoints2: {2ccbe282-83bd-11e6-8290-201a068c0ad8} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\MountPoints2: {e18bc5b6-03d3-11e4-824f-0cd292a8bb54} - "F:\SETUP.EXE" 
HKLM\...\Providers\vnzcyiah: C:\Program Files (x86)\Pmetainqecdom Log\local64spl.dll <==== ATTENTION
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
ShellExecuteHooks: No Name - {E3D93A26-0D4B-11E7-A752-64006A5CFC23} - C:\Users\user\AppData\Roaming\Cupchkehutain\Jawakerkaing.dll -> No File <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{90429033-A26B-4FFA-9BD3-BB2E0810E84F}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{90429033-A26B-4FFA-9BD3-BB2E0810E84F}: [DhcpNameServer] 82.163.143.176
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618&q={searchTerms}
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618&q={searchTerms}
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-864103077-3134318834-1874846933-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618&q={searchTerms}
SearchScopes: HKU\S-1-5-21-864103077-3134318834-1874846933-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618&q={searchTerms}
SearchScopes: HKU\S-1-5-21-864103077-3134318834-1874846933-1001 -> {8E90B129-551A-4759-8B65-7365119A6968} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H3Mzamobl20544BU,7e7f0273-4e67-4369-bac3-472e7dbeab86,
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\TSWebMon64.dat => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495637182&z=39b1e718ac96a17688fa0f5gczftew9qbcbm3g8mdm&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618
 
FireFox:
========
FF DefaultProfile: gt8txkdg.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\gt8txkdg.default [2017-05-16] <==== ATTENTION
FF Extension: (FF Adr) - C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\gt8txkdg.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-04] [not signed]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\gt8txkdg.default\searchplugins\startsearch.xml [2017-05-16]
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\npQMExtensionsMozilla.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-864103077-3134318834-1874846933-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - c:\program files (x86)\google\chrome\application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493280535&z=986f5c622c00c2cfa5b2302g9z8tacbobbaecw4cam&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9BDB08618
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Zoohair\Application\chrome.exe <==== ATTENTION
 
Opera: 
=======
OPR Session Restore: -> is enabled.
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BIT; C:\ProgramData\BIT\BIT.dll [1812992 2017-05-27] (TODO: <公司名>) [File not signed] <==== ATTENTION
S2 CSHMDR; C:\Users\user\AppData\Local\CSHMDR\Snare.dll [832000 2017-05-18] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 CWASRE; C:\Users\user\AppData\Local\CWASRE\Snare.dll [830464 2017-05-16] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-25] (ELAN Microelectronics Corp.)
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101016 2017-05-16] () <==== ATTENTION
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
R2 IISvr; C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll [105472 2017-05-04] () [File not signed] <==== ATTENTION
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 Kitty; C:\Users\user\AppData\Local\Kitty\Kitty.dll [124928 2017-05-04] (kitty) [File not signed] <==== ATTENTION
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-19] ()
S2 NPASRE; C:\Users\user\AppData\Local\NPASRE\Snare.dll [830464 2017-05-10] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 snare; C:\Users\user\AppData\Local\snare\Snare.dll [1050112 2017-05-24] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 SNARER; C:\Users\user\AppData\Local\SNARER\Snarer.dll [792576 2017-04-11] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 terana; C:\Users\user\AppData\Local\terana\terana.dll [908288 2017-05-27] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 VNASRE; C:\Users\user\AppData\Local\VNASRE\Snare.dll [826368 2017-05-09] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\user\AppData\Roaming\WinSAPSvc\WinSAP.dll [1932800 2017-05-27] () [File not signed] <==== ATTENTION
R2 WinSnare; C:\Users\user\AppData\Roaming\WINSNARE\WinSnare.dll [1291776 2017-04-05] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 WPDTSrv; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll [104448 2017-03-24] () [File not signed] <==== ATTENTION
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-19] (Intel® Corporation)
S2 3DM; C:\Users\user\AppData\Local\3DM\Kitty.dll [X] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 OtherSearch; rundll32.exe "C:\Program Files (x86)\zr5pRu8XoL\kl.dll",Svc [X] <==== ATTENTION
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\QQPCRtp.exe" -r [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-05] (Disc Soft Ltd)
R1 Lace514; C:\Windows\System32\drivers\Lace_wpf_x64.sys [69400 2017-03-01] (Lace514)
R1 MpKsla104cdfb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F097F9D-EB0A-418C-B295-E6B7281C050F}\MpKsla104cdfb.sys [44928 2017-07-04] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
S3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [96248 2017-03-22] (电脑管家)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S1 xldvqhbe; C:\Windows\system32\drivers\xldvqhbe.sys [55168 2017-07-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-04 21:01 - 2017-07-04 21:02 - 00025681 _____ C:\Users\user\Desktop\FRST.txt
2017-07-04 21:01 - 2017-07-04 21:01 - 02436096 _____ (Farbar) C:\Users\user\Desktop\FRST64 (1).exe
2017-07-04 20:27 - 2017-07-04 21:01 - 00000000 ____D C:\FRST
2017-07-04 18:20 - 2017-07-04 18:20 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xldvqhbe.sys
2017-06-04 11:58 - 2017-07-04 18:20 - 00000000 ____D C:\ProgramData\{9D83F7F0-2A28-405B-FBE9-522B373950C9}
2017-06-04 11:58 - 2017-06-04 11:58 - 00000000 ____D C:\ProgramData\{B7099D74-00A2-2ADF-7443-334E34E7757A}
2017-06-04 11:58 - 2017-06-04 11:58 - 00000000 ____D C:\ProgramData\{3e9407de-412c-1}
2017-06-04 11:58 - 2017-06-04 11:58 - 00000000 ____D C:\ProgramData\{2CD5718D-9B7E-C626-383A-A19AEFB351DB}
2017-06-04 11:58 - 2017-06-04 11:58 - 00000000 ____D C:\ProgramData\{2534D0ED-929F-6746-51D1-6775FE9CFBAD}
2017-06-04 11:58 - 2017-06-04 11:58 - 00000000 ____D C:\ProgramData\{19f95690-212c-0}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-04 20:59 - 2017-03-24 15:03 - 00000440 _____ C:\Users\Public\Documents\temp.dat
2017-07-04 20:32 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-07-04 20:24 - 2017-03-24 15:03 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-07-04 20:23 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-04 20:20 - 2014-07-05 01:11 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-864103077-3134318834-1874846933-1001
2017-07-04 19:58 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-07-04 19:57 - 2014-07-05 01:05 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2017-07-04 19:50 - 2017-05-04 12:26 - 00000000 ____D C:\Users\user\AppData\Local\background_fault
2017-07-04 19:28 - 2014-08-11 09:23 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-864103077-3134318834-1874846933-1001UA.job
2017-07-04 19:07 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-04 19:07 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-04 19:06 - 2014-08-01 18:57 - 00000000 ____D C:\Windows\system32\MRT
2017-07-04 19:05 - 2014-08-01 18:57 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-04 18:01 - 2017-05-04 12:28 - 00002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-04 18:01 - 2017-05-04 12:28 - 00002092 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-04 18:01 - 2014-08-08 07:15 - 00001489 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-04 17:59 - 2014-07-05 01:08 - 00820548 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-04 17:55 - 2014-08-27 22:24 - 00000000 ___DO C:\Users\user\OneDrive
2017-07-04 17:52 - 2017-05-11 09:32 - 00000000 ____D C:\ProgramData\6c750828-0f87-1
2017-07-04 17:52 - 2017-05-09 17:47 - 00000000 ____D C:\Program Files (x86)\Fijushreibuent
2017-07-04 17:52 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-04 17:51 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-04 17:24 - 2015-08-24 10:04 - 00000000 ____D C:\Users\user\Desktop\The great escape
2017-06-18 12:49 - 2016-11-13 13:12 - 00000000 ____D C:\Users\user\Desktop\POZE
2017-06-18 12:29 - 2016-08-06 17:44 - 00000000 ____D C:\Users\user\Desktop\IR
2017-06-18 12:27 - 2017-01-25 11:54 - 00000000 ____D C:\Users\user\Desktop\UN Online Volunteering
2017-06-18 12:25 - 2016-11-21 19:43 - 00000000 ____D C:\Users\user\Desktop\Nowegian Norsk
2017-06-04 12:15 - 2017-01-21 15:07 - 00000000 ____D C:\Users\user\Desktop\OUR WEDDING
2017-06-04 12:01 - 2016-08-06 17:13 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1470496361
2017-06-04 12:01 - 2016-08-06 17:12 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-06-04 12:01 - 2016-08-06 17:11 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-04 11:58 - 2017-05-14 21:32 - 00000000 ____D C:\ProgramData\6c750828-6c17-1
2017-06-04 11:58 - 2017-05-14 21:32 - 00000000 ____D C:\ProgramData\6c750828-2fa7-0
2017-06-04 11:58 - 2017-05-14 20:08 - 00000000 ____D C:\ProgramData\{0dab667c-612c-0}
2017-06-04 11:58 - 2017-05-14 20:07 - 00000000 ____D C:\ProgramData\{31c558c6-512c-0}
2017-06-04 11:58 - 2017-05-03 21:15 - 00000000 ____D C:\ProgramData\{C4D86944-7373-DEEF-F942-1E1325B02935}
2017-06-04 11:58 - 2017-05-03 21:15 - 00000000 ____D C:\ProgramData\{25990222-9232-B589-5759-885A5316344D}
2017-06-04 11:58 - 2017-05-03 21:15 - 00000000 ____D C:\ProgramData\{1E6021D7-A9CB-967C-7E19-A1F3FFE59D8D}
2017-06-04 11:58 - 2017-03-24 23:34 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
 
==================== Files in the root of some directories =======
 
2014-12-20 16:54 - 2014-12-20 16:54 - 0000000 _____ () C:\Users\user\AppData\Roaming\Microsoft\A2C3.tmp
2014-07-05 01:17 - 2014-07-05 01:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-03-22 15:32 - 2017-03-23 10:37 - 0327680 _____ () C:\ProgramData\smp2.exe
 
Files to move or delete:
====================
C:\Users\user\AppData\Local\background_fault\aswRD.exe
C:\ProgramData\smp2.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-04 18:55
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:36 AM

Posted 04 July 2017 - 02:38 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Nocturnal558

Nocturnal558
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 July 2017 - 03:26 PM

Average response time being 5 days... I'm very happy to receive help so fast, thank you! :-)
 
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 28th June, 2017
Running from:C:\Users\user\Desktop (08:52:25 - 07/05/2017)
***---------------------------------------------------------***
Microsoft Windows 8.1 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: 
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 26 NPAPI is not installed
Java (8.0.310)
Microsoft Silverlight (5.1.30214.0)
Opera (45.0.2552.888)
 
***----------------Analysis Complete-------------------------***
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.3.9200 Windows 8.1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18666
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 4190998528, free: 1552551936
 
Downloaded database version: v2017.07.05.02
Downloaded database version: v2017.05.27.01
Downloaded database version: v2017.06.16.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     07/05/2017 08:57:15
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\amdkmpfd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\dtsoftbus01.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\Lace_wpf_x64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\AMPPAL.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Users\user\AppData\Local\Temp\7500.tmp.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F097F9D-EB0A-418C-B295-E6B7281C050F}\MpKsla104cdfb.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.07.05.02
  rootkit: v2017.05.27.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000af55e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000af55d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000af55f250, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xffffe000af55e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000af572700, DeviceName: \Device\0000001e\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File C:\WINDOWS\SYSTEM32\drivers\iSafeKrnlBoot.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\iSafeKrnlBoot.sys --> [FraudTool.YAC]
File C:\WINDOWS\SYSTEM32\drivers\iSafeNetFilter.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\iSafeNetFilter.sys --> [FraudTool.YAC]
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthA2DP.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthA2DP.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthHfAud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthHfAud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File C:\WINDOWS\SYSTEM32\drivers\Lace_wpf_x64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\Lace_wpf_x64.sys --> [Rootkit.Komodia.PUA]
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D9FA2484
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 1952802816
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Infected: C:\ProgramData\BIT\BIT.dll --> [Adware.Elex]
Infected: C:\ProgramData\BIT\BIT.dll --> [Adware.Elex]
Infected: C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FirefoxU --> [Adware.Elex]
Infected: C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe --> [Adware.Elex]
Infected: C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll --> [Adware.Elex]
Infected: C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll --> [Adware.Elex]
Infected: C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll --> [Adware.Elex]
Infected: C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll --> [Adware.Elex]
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthHfAud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthA2DP.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
Infected: C:\Users\user\AppData\Local\SNARER\Snarer.dll --> [Adware.Elex]
File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\MsApoFxProxy.dll" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
Infected: C:\Windows\Temp\d7dCF8B.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\se8CB6A.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\kitty1.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\XOBc.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\XOBd.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\XOBr.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp4E30.tmp\yacqq.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hp539B.tmp\kitty.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hp539B.tmp\yacqq.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5FDC.tmp\WinSAP.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp6164.tmp\WinSAP.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\kitty1.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\XOBc.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\XOBd.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\XOBr.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\kitty1.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\XOBc.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\XOBd.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\XOBr.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\Berserker.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\kitty.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\yacqq.exe --> [Adware.Elex]
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-CCBBC488445F97FD832FCCA7667C6106AE98961E.bin.83" is compressed (flags = 1)
Infected: C:\Windows\System32\Tasks\Milimili --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\Snarer.msi --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\BigFarm.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\big_bang_empire.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\CasasBahia.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\CJ --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\fxjp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\mio.ini --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\PontoFrio.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\SJ --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\UAC.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp23E8.tmp\yacqq.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp4E30.tmp\Snarer.msi --> [Adware.Elex]
Infected: C:\Windows\Temp\hp4E30.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp4E30.tmp\mio.ini --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5065.tmp\Snarer.msi --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5065.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5065.tmp\CJ --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5065.tmp\CPK.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5065.tmp\kitty.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5065.tmp\mio.ini --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5065.tmp\SJ --> [Adware.Elex]
Infected: C:\Windows\Temp\hp5065.tmp\yacqq.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp539B.tmp\Snarer.msi --> [Adware.Elex]
Infected: C:\Windows\Temp\hp539B.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp539B.tmp\mio.ini --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\Snarer.msi --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\00 --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\11 --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\1111 --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\Americanas.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\BigFarm.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\big_bang_empire.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\CasasBahia.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\CJ --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\fxjp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\mio.ini --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\SJ --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\UAC.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp7DE6.tmp\yacqq.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\Snarer.msi --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\BigFarm.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\big_bang_empire.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\CasasBahia.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\CJ --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\mio.ini --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\PontoFrio.ico --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\SJ --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\UAC.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hp90F9.tmp\yacqq.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\Snarer.msi --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\bk.dat --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\cab.ini --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\CCinit.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\DoDKP.dat --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\DoDKP64.dat --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\DV.dat --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\hhhhh.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\License --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\mio.ini --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\QQBrowser.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\QQBrowserFrame.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\simple.dat --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\SSS.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\TTT.dat --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\ttttt.exe --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\UAC.dll --> [Adware.Elex]
Infected: C:\Windows\Temp\hpDA23.tmp\Update.dll --> [Adware.Elex]
Infected: C:\Windows\System32\Tasks\Windows-PG --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\CSHMDR\Snare.dll --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\CSHMDR --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\CWASRE\Snare.dll --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\CWASRE --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\NPASRE\Snare.dll --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\NPASRE --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\VNASRE\Snare.dll --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\VNASRE --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\terana\terana.dll --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\terana --> [Adware.Elex.Generic]
Infected: C:\Windows\psgo\psgo.ps1 --> [Adware.Elex.EncJob]
Infected: C:\Windows\psgo --> [Adware.Elex.EncJob]
Infected: C:\Update\psgo\psgo.ps1 --> [Adware.Elex.EncJob]
Infected: C:\Update\psgo --> [Adware.Elex.EncJob]
Infected: C:\Windows\Update\psgo\psgo.ps1 --> [Adware.Elex.EncJob]
Infected: C:\Windows\Update\psgo --> [Adware.Elex.EncJob]
Infected: HKLM\SOFTWARE\b`nl{y --> [Adware.Elex]
Infected: HKLM\SOFTWARE\RunBooster --> [Adware.RunBooster]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE|Debugger --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE|Debugger --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{12614D12-0802-4375-BC64-61043F9ED362}|Path --> [Adware.Elex]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{12614D12-0802-4375-BC64-61043F9ED362} --> [Adware.Elex]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B6F78E3-0C17-43D0-83D9-21F0565A53D3}|Path --> [Adware.Elex]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B6F78E3-0C17-43D0-83D9-21F0565A53D3} --> [Adware.Elex]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Milimili --> [Adware.Elex]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows-PG --> [Adware.Elex]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{E3D93A26-0D4B-11E7-A752-64006A5CFC23} --> [Adware.Elex.SHHKRST]
Infected: HKLM\SOFTWARE\WOW6432NODE\b`nl{y --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\Toolhair --> [Adware.Ghokswa]
Infected: HKLM\SOFTWARE\WOW6432NODE\youndooSoftware --> [Adware.Elex.SHHKRST]
Infected: HKLM\SOFTWARE\WOW6432NODE\Zoohair --> [Adware.Ghokswa]
Infected: HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971} --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE|Debugger --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE|Debugger --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AppHelperV5.exe --> [Adware.Elex]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564 --> [Adware.DNSUnlocker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\vnzcyiah|Name --> [Adware.Sasquor.SPL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\VNZCYIAH --> [Adware.Sasquor.SPL]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\3DM --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CSHMDR --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CWASRE --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IISvr --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Kitty --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\Kitty\Kitty.dll --> [Adware.Elex.Generic]
Infected: C:\Users\user\AppData\Local\Kitty\Kitty.dll --> [Adware.Elex.Generic]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Lace514 --> [Rootkit.Komodia.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NPASRE --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OtherSearch --> [Adware.OtherSearch]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SNARER --> [Adware.Elex.Generic]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\terana --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VNASRE --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinSnare --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPDTSrv --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CSHMDR --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CWASRE --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NPASRE --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SNARER --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\terana --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\VNASRE --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WinSnare --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlMon|ImagePath --> [FraudTool.YAC]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAFEKRNLMON --> [FraudTool.YAC]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{6B046867-DC7D-4744-A78E-6DC55CDB963F} --> [Adware.Ghokswa.Generic]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8BB02AB6-50FB-46C8-9465-6EE7D214631C} --> [Adware.Ghokswa]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{F27975F2-526D-4F09-ACAC-0709D545C3A4} --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{7D808060-ECE9-4A74-B469-39A6A95BFE69} --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{90429033-A26B-4FFA-9BD3-BB2E0810E84F}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKU\.DEFAULT\SOFTWARE\b`nl{y --> [Adware.Elex]
Infected: HKU\S-1-5-18\SOFTWARE\b`nl{y --> [Adware.Elex]
Infected: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\Toolhair --> [Adware.Ghokswa]
Infected: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\Zoohair --> [Adware.Ghokswa]
Infected: C:\Reimward --> [Adware.Elex]
Infected: C:\Reimward\Cuwolenuosy.jjj --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\Zoohair --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\BrowserMetrics.pma --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Certificate Revocation Lists --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\First Run --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Local State --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\manifest.fingerprint --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\e0127629e90496564e3d0147984498aa48f8adb16600eb7902a1ef9909906273.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\manifest.fingerprint --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\e0127629e90496564e3d0147984498aa48f8adb16600eb7902a1ef9909906273.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Crashpad --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Login Data-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cookies --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cookies-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Current Session --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Current Tabs --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Favicons --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Favicons-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Network Action Predictor --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Network Action Predictor-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Network Persistent State --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Origin Bound Certs --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Origin Bound Certs-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Preferences --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\previews_opt_out.db --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\previews_opt_out.db-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\README --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Secure Preferences --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Shortcuts --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Shortcuts-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Top Sites --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Top Sites-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\TransportSecurity --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Visited Links --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Web Data --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Web Data-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Google Profile.ico --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\History --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\History Provider Cache --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\History-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Last Session --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Last Tabs --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Login Data --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000012 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000027 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003e --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\data_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\data_1 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\data_2 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\data_3 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000002 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000003 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000005 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000006 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000007 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000008 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000b --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000c --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000d --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000e --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000f --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000010 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000011 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000013 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000014 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000016 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000017 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000018 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000019 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001a --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001b --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001c --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001d --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001e --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001f --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000020 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000022 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000023 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000024 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000025 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000026 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000028 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000029 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00002a --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00002b --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00002c --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00002e --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000031 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000032 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000033 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000034 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000035 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000037 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003a --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003b --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003c --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003d --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000040 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000041 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000042 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000043 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000044 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000046 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000047 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000048 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000049 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00004a --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00004d --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00004e --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00004f --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000050 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000051 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000052 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000053 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000054 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000056 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000058 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000059 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005a --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005b --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005d --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005e --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005f --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000060 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000061 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000062 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000063 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000064 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000065 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000066 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000067 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000068 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\index --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\LOG.old --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\LOG.old --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\LOG.old --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\background.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\devtools.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\devtools.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\sha256.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0\js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0\js\background.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0\js\content.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_background.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_window.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css\craw_window.css --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\craw_window.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\bg --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\bg\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ca --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ca\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\cs --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\cs\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\da --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\da\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\de --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\de\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\el --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\el\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en_GB --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en_GB\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es_419 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es_419\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\et --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\et\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fil --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fil\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hu --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hu\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\id --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\id\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\it --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\it\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ja --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ja\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ko --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ko\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lt --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lt\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lv --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lv\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nb --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nb\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_BR --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_BR\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_PT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_PT\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ro --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ro\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ru --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ru\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sk --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sk\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sv --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sv\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\th --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\th\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\tr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\tr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\uk --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\uk\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\vi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\vi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_CN --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_CN\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_TW --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_TW\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_metadata --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_metadata\verified_contents.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\feedback.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\angular.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\background_script.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_game_sender.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_route_details.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_route_details.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_sender.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\common.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\feedback.css --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\feedback_script.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\material_css_min.css --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\mirroring_cast_streaming.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\mirroring_common.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\mirroring_hangouts.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\mirroring_webrtc.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\cast_app.css --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\cast_app.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\cast_app_redirect.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\chromecast_logo_grey.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\devices.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\index.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\offers.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\setup.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cloud_route_details --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cloud_route_details\view.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cloud_route_details\view.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\iw --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\iw\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\am --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\am\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ar --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ar\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\bg --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\bg\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\bn --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\bn\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ca --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ca\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\cs --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\cs\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\da --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\da\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\de --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\de\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\el --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\el\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\en --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\en\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\es --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\es\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\et --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\et\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fa --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fa\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fil --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fil\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\gu --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\gu\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hu --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hu\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\id --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\id\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\it --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\it\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ja --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ja\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\kn --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\kn\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ko --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ko\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\lt --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\lt\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\lv --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\lv\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ml --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ml\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\mr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\mr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ms --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ms\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\nb --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\nb\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\nl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\nl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt_BR --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt_BR\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt_PT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt_PT\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ro --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ro\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ru --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ru\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sk --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sk\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sv --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sv\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sw --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sw\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ta --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ta\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\te --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\te\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\th --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\th\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\tr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\tr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\uk --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\uk\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\vi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\vi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\zh --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\zh\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\zh_TW --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\zh_TW\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_metadata --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_metadata\computed_hashes.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_metadata\verified_contents.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\angular.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_game_sender.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_sender.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.css --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\material_css_min.css --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_cast_streaming.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_common.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_hangouts.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_webrtc.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.css --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app_redirect.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\devices.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\index.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\offers.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\setup.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.html --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.js --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\iw --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\iw\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\am --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\am\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ar --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ar\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bg --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bg\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bn --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bn\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ca --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ca\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\cs --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\cs\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\da --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\da\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\de --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\de\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\el --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\el\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\en --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\en\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\es --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\es\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\et --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\et\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fa --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fa\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fil --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fil\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\gu --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\gu\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hu --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hu\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\id --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\id\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\it --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\it\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ja --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ja\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\kn --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\kn\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ko --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ko\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lt --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lt\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lv --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lv\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ml --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ml\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\mr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\mr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ms --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ms\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nb --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nb\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_BR --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_BR\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_PT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_PT\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ro --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ro\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ru --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ru\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sk --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sk\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sl --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sl\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sv --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sv\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sw --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sw\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ta --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ta\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\te --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\te\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\th --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\th\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\tr --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\tr\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\uk --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\uk\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\vi --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\vi\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh_TW --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh_TW\messages.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata\computed_hashes.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata\verified_contents.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\Temp --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\data_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\data_1 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\data_2 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\data_3 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000002 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000003 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000004 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000005 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000006 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\index --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data\Shockwave Flash --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\EBTKWSAR --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\LOG.old --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\000 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\000\t --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\data_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\data_1 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\data_2 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\data_3 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\index --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIcons --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIcons\6B57.tmp --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIcons\6B58.tmp --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIconsOld --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIconsOld\F625.tmp --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIconsOld\F626.tmp --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\LOG.old --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\LOG.old --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\000003.log --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\CURRENT --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\LOCK --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\LOG --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\LOG.old --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\MANIFEST-000001 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_ekbmlhopnonkbfompbndcifmljkljhji_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_ekbmlhopnonkbfompbndcifmljkljhji_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_jiclpkloooednkohecgoedlhbiobhgip_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_jiclpkloooednkohecgoedlhbiobhgip_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_nkeimhogjdpnpccoofpliimaahmaaome_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_nkeimhogjdpnpccoofpliimaahmaaome_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_k8t3w3m6.ssl.hwcdn.net_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_k8t3w3m6.ssl.hwcdn.net_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_om.elvenar.com_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_om.elvenar.com_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_promo.olybet.eu_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_promo.olybet.eu_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\http_piz7ohhujogi.com_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\http_piz7ohhujogi.com_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\manifest.fingerprint --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_metadata --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_metadata\verified_contents.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_platform_specific --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_platform_specific\all --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_platform_specific\all\ev_hashes_whitelist.bin --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies\8 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies\8\download_file_types.pb --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies\8\manifest.fingerprint --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies\8\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\OriginTrials --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash\25.0.0.171 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash\25.0.0.171\manifest.fingerprint --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash\25.0.0.171\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash\25.0.0.171\pepflashplayer.dll --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\data_0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\data_1 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\data_2 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\data_3 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\index --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant\3 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant\3\manifest.fingerprint --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant\3\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant\3\ssl_error_assistant.pb --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SwiftShader --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter\19.104.0 --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter\19.104.0\manifest.fingerprint --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter\19.104.0\manifest.json --> [Adware.Ghokswa]
Infected: C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter\19.104.0\software_reporter_tool.exe --> [Adware.Ghokswa]
Infected: C:\Windows\Temp\winsap_update --> [Adware.Elex]
Infected: C:\Windows\Temp\winsap_update\00 --> [Adware.Elex]
Infected: C:\Windows\Temp\winsap_update\1111111 --> [Adware.Elex]
Infected: C:\Windows\Temp\winsap_update\3333333 --> [Adware.Elex]
Infected: C:\Program Files\f09er35s --> [Adware.Elex]
Infected: C:\Program Files\f09er35s\{001989BB-E61E-4FF6-93F3-59951A0CF7C6} --> [Adware.Elex]
Infected: C:\Program Files\f09er35s\{001989BB-E61E-4FF6-93F3-59951A0CF7C6}\9ur4zpzx.h1d --> [Adware.Elex]
Infected: C:\Users\user\AppData\Roaming\WinSnare --> [Adware.Elex]
Infected: C:\Users\user\AppData\Roaming\WinSnare\WinSnare.dll --> [Adware.Elex]
Infected: C:\Users\Public\QiYi --> [Adware.ChinAd]
Infected: C:\Users\Public\QiYi\QiyiHCDN --> [Adware.ChinAd]
Infected: C:\Users\Public\QiYi\QiyiHCDN\Config --> [Adware.ChinAd]
Infected: C:\Users\user\AppData\Roaming\WinSAPSvc --> [Adware.Elex]
Infected: C:\Users\user\AppData\Roaming\WinSAPSvc\WinSAP.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Roaming\WinSAPSvc\WinSAP.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\SNARER --> [Adware.Elex]
Infected: C:\Reaqapytegupy --> [Adware.Elex]
Infected: C:\Reaqapytegupy\Qerzerph.gwc --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\7za.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\7za.exe --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\aswRD.exe --> [Adware.Elex]
Infected: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|background_fault --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\aswRD.exe --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\bf.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\bf.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\bf.old --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\ccv_blob.bin --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\cef.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\cef_100_percent.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\cef_200_percent.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\cef_extensions.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\cfsa_blob.bin --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\cfs_blob.bin --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\chrome_elf.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\d3dcompiler_43.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\d3dcompiler_47.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\debug.log --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\devtools_resources.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\fcv_blob.bin --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\freebl3.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\icudtl.dat --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\icv_blob.bin --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\libcef.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\libEGL.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\libGLESv2.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\mozglue.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\natives_blob.bin --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\nss3.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\nssdbm3.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\QQIme.exe --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\QQImeRegSkin.cfg --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\QQImeRegSkin.exe --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\snapshot_blob.bin --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\softokn3.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\sqlite3.dll --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\t --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\wb_blob.bin --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\hi.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\am.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ar.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\bg.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\bn.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ca.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\cs.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\da.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\de.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\el.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\en-GB.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\en-US.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\es-419.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\es.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\et.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\fa.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\fi.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\fil.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\fr.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\gu.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\he.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\hr.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\hu.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\id.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\it.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ja.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\kn.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ko.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\lt.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\lv.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ml.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\mr.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ms.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\nb.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\nl.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\pl.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\pt-BR.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\pt-PT.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ro.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ru.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\sk.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\sl.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\sr.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\sv.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\sw.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\ta.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\te.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\th.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\tr.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\uk.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\vi.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\zh-CN.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\locales\zh-TW.pak --> [Adware.Elex]
Infected: C:\Users\user\AppData\Local\background_fault\Opera Stable --> [Adware.Elex]
Infected: C:\Pipisy --> [Adware.Elex]
Infected: C:\Pipisy\Aramory.lqe --> [Adware.Elex]
Infected: C:\Reerdition --> [Adware.Elex]
Infected: C:\Reerdition\Qerzerph.gwc --> [Adware.Elex]
Infected: C:\Terward --> [Adware.Elex]
Infected: C:\Terward\Cuwolenuosy.777 --> [Adware.Elex]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer --> [Trojan.DNSChanger.ACMB2]
Scan finished

 



#4 Nocturnal558

Nocturnal558
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 July 2017 - 03:29 PM

Sorry for double-posting, but with all three logs I wasn't able to post, as the message became too long.

 
# AdwCleaner v6.047 - Logfile created 05/07/2017 at 22:12:34
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-05.1 [Server]
# Operating System : Windows 8.1 Pro  (X64)
# Username : user - PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  iSafeKrnlMon
Service Found:  QQPCRTP
Service Found:  QMUdisk
Service Found:  TFsFlt
Service Found:  FirefoxU
Service Found:  WinSAPSvc
Service Found:  WinSnare
Service Found:  Lace514
Service Found:  OtherSearch
Service Found:  tfsflt
Service Found:  qmudisk
Service Found:  qqpcrtp
Service Found:  isafekrnlmon
Service Found:  SNARER
Service Found:  SNARE
Service Found:  Kitty
Service Found:  BIT
Service Found:  VNASRE
Service Found:  IISvr
Service Found:  3DM
Service Found:  NPASRE
Service Found:  CWASRE
Service Found:  CSHMDR
Service Found:  terana
Service Found:  snare
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\1102ed48
Folder Found:  C:\ProgramData\6c750828-02f3-1
Folder Found:  C:\ProgramData\6c750828-0455-1
Folder Found:  C:\ProgramData\6c750828-0555-0
Folder Found:  C:\ProgramData\6c750828-0663-0
Folder Found:  C:\ProgramData\6c750828-0823-1
Folder Found:  C:\ProgramData\6c750828-0851-1
Folder Found:  C:\ProgramData\6c750828-0cf3-1
Folder Found:  C:\ProgramData\6c750828-0f87-1
Folder Found:  C:\ProgramData\6c750828-1393-0
Folder Found:  C:\ProgramData\6c750828-1627-1
Folder Found:  C:\ProgramData\6c750828-16e7-1
Folder Found:  C:\ProgramData\6c750828-1b43-0
Folder Found:  C:\ProgramData\6c750828-1b51-1
Folder Found:  C:\ProgramData\6c750828-1c77-1
Folder Found:  C:\ProgramData\6c750828-1dc3-0
Folder Found:  C:\ProgramData\6c750828-2737-1
Folder Found:  C:\ProgramData\6c750828-27f3-1
Folder Found:  C:\ProgramData\6c750828-2a41-0
Folder Found:  C:\ProgramData\6c750828-2d81-0
Folder Found:  C:\ProgramData\6c750828-2e71-1
Folder Found:  C:\ProgramData\6c750828-2fa7-0
Folder Found:  C:\ProgramData\6c750828-2ff5-0
Folder Found:  C:\ProgramData\6c750828-3263-0
Folder Found:  C:\ProgramData\6c750828-3545-1
Folder Found:  C:\ProgramData\6c750828-3b51-1
Folder Found:  C:\ProgramData\6c750828-3c23-0
Folder Found:  C:\ProgramData\6c750828-3c87-0
Folder Found:  C:\ProgramData\6c750828-3fd7-0
Folder Found:  C:\ProgramData\6c750828-44a7-0
Folder Found:  C:\ProgramData\6c750828-4b41-0
Folder Found:  C:\ProgramData\6c750828-4c45-1
Folder Found:  C:\ProgramData\6c750828-5027-0
Folder Found:  C:\ProgramData\6c750828-50e3-0
Folder Found:  C:\ProgramData\6c750828-52b5-0
Folder Found:  C:\ProgramData\6c750828-53a3-0
Folder Found:  C:\ProgramData\6c750828-54b3-1
Folder Found:  C:\ProgramData\6c750828-55f5-0
Folder Found:  C:\ProgramData\6c750828-5721-0
Folder Found:  C:\ProgramData\6c750828-5a71-0
Folder Found:  C:\ProgramData\6c750828-5a85-0
Folder Found:  C:\ProgramData\6c750828-5be3-1
Folder Found:  C:\ProgramData\6c750828-5f13-1
Folder Found:  C:\ProgramData\6c750828-64d7-0
Folder Found:  C:\ProgramData\6c750828-67f5-1
Folder Found:  C:\ProgramData\6c750828-6803-1
Folder Found:  C:\ProgramData\6c750828-6c17-1
Folder Found:  C:\ProgramData\6c750828-6dc3-1
Folder Found:  C:\ProgramData\6c750828-6fb3-1
Folder Found:  C:\ProgramData\6c750828-7c47-0
Folder Found:  C:\ProgramData\6c750828-7ef1-0
Folder Found:  C:\ProgramData\c5f23b7d-34e1-1
Folder Found:  C:\ProgramData\c5f23b7d-58a1-0
Folder Found:  C:\ProgramData\{03e34999-412c-1}
Folder Found:  C:\ProgramData\{098042ab-512c-1}
Folder Found:  C:\ProgramData\{0dab667c-612c-0}
Folder Found:  C:\ProgramData\{10294b79-012c-0}
Folder Found:  C:\ProgramData\{11021262-512c-0}
Folder Found:  C:\ProgramData\{156a4326-412c-0}
Folder Found:  C:\ProgramData\{18f32a80-612c-0}
Folder Found:  C:\ProgramData\{19f95690-212c-0}
Folder Found:  C:\ProgramData\{30a30dc6-112c-0}
Folder Found:  C:\ProgramData\{31c558c6-512c-0}
Folder Found:  C:\ProgramData\{3d353ec7-212c-0}
Folder Found:  C:\ProgramData\{3e9407de-412c-1}
Folder Found:  C:\ProgramData\{42fc4fb5-712c-1}
Folder Found:  C:\ProgramData\{447e36af-712c-1}
Folder Found:  C:\ProgramData\{4ae53e7e-312c-0}
Folder Found:  C:\ProgramData\{4e995c72-312c-0}
Folder Found:  C:\ProgramData\{63ff1314-412c-1}
Folder Found:  C:\ProgramData\{6b2622ba-612c-0}
Folder Found:  C:\ProgramData\{72354ddc-612c-0}
Folder Found:  C:\ProgramData\{73727cee-012c-0}
Folder Found:  C:\ProgramData\{76da4ced-712c-1}
Folder Found:  C:\users\user\AppData\Local\SNARER
Folder Found:  C:\users\user\AppData\Local\Zoohair
Folder Found:  C:\users\user\AppData\Local\VNASRE
Folder Found:  C:\users\user\AppData\Local\background_fault
Folder Found:  C:\users\user\AppData\Local\NPASRE
Folder Found:  C:\users\user\AppData\Local\CWASRE
Folder Found:  C:\users\user\AppData\Local\CSHMDR
Folder Found:  C:\users\user\AppData\Local\terana
Folder Found:  C:\users\user\AppData\Local\snare
Folder Found:  C:\users\user\AppData\Roaming\WinSAPSvc
Folder Found:  C:\users\user\AppData\Roaming\WinSnare
Folder Found:  C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found:  C:\Program Files\ReviverSoft
Folder Found:  C:\Program Files\f09er35s
Folder Found:  C:\Program Files\Common Files\Noobzo
Folder Found:  C:\MediaDrug
Folder Found:  C:\Insist
Folder Found:  C:\Pipisy
Folder Found:  C:\Reimward
Folder Found:  C:\Terward
Folder Found:  C:\Reerdition
Folder Found:  C:\Reaqapytegupy
Folder Found:  C:\ProgramData\SearchModule
Folder Found:  C:\ProgramData\Tencent
Folder Found:  C:\ProgramData\Application Data\SearchModule
Folder Found:  C:\ProgramData\Application Data\Tencent
Folder Found:  C:\Program Files (x86)\Common Files\Tencent
Folder Found:  C:\Program Files (x86)\Firefox
Folder Found:  C:\Users\user\AppData\Roaming\WinSnare
Folder Found:  C:\Users\user\AppData\Roaming\Firefox
Folder Found:  C:\Users\user\AppData\Local\Firefox
Folder Found:  C:\UPDATE\PSGO
Folder Found:  C:\Users\user\AppData\Local\SNARE
Folder Found:  C:\Users\user\AppData\Local\Kitty
Folder Found:  C:\Windows\Update\psgo
Folder Found:  C:\ProgramData\BIT
Folder Found:  C:\Reerdition
Folder Found:  C:\Users\user\AppData\Local\background_fault
Folder Found:  C:\Insist
Folder Found:  C:\Reaqapytegupy
Folder Found:  C:\Reimward
Folder Found:  C:\Pipisy
 
 
***** [ Files ] *****
 
File Found:  C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
File Found:  C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk
File Found:  C:\Windows\SysNative\log\iSafeKrnlCall.log
File Found:  C:\Windows\SysNative\bi3.exe
File Found:  C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
File Found:  C:\Windows\SysNative\drivers\iSafeNetFilter.sys
File Found:  C:\Windows\SysNative\drivers\TFsFltX64.sys
File Found:  C:\Windows\SysNative\drivers\LACE_WPF_X64.SYS
File Found:  C:\Windows\SysNative\drivers\Lace_wpf_x64.sys
File Found:  C:\END
File Found:  C:\ProgramData\smp2.exe
File Found:  C:\ProgramData\smp2.exe
File Found:  C:\ProgramData\Application Data\smp2.exe
File Found:  C:\Users\Public\Documents\temp.dat
File Found:  C:\Users\Public\Documents\report.dat
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
Shortcut infected:  C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7dbeab86, )
Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7dbeab86, )
Shortcut infected:  C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www%2dsearching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7dbeab86, )
Shortcut infected:  C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m
Shortcut infected:  C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk ( hxxp://www%2dsearching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7db
Shortcut infected:  C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7d
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  Anonotainwnight
Task Found:  rthX4JfhbA
Task Found:  {08090E47-0D7A-7D08-0511-0A0B0A791178}
Task Found:  IBUpd2
Task Found:  SMW_P
Task Found:  PPI Update
Task Found:  Milimili
Task Found:  Windows-PG
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\terana
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\terana
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
Key Found:  HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Key Found:  HKLM\SOFTWARE\Classes\qmbfile
Key Found:  HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
Key Found:  HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
Key Found:  HKLM\SOFTWARE\Classes\qmgcfiles
Key Found:  HKLM\SOFTWARE\Classes\qpakfile
Key Found:  HKLM\SOFTWARE\Classes\QQPCMgr.qbox
Key Found:  [x64] HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Key Found:  [x64] HKLM\SOFTWARE\Classes\qmbfile
Key Found:  [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
Key Found:  [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\qmgcfiles
Key Found:  [x64] HKLM\SOFTWARE\Classes\qpakfile
Key Found:  [x64] HKLM\SOFTWARE\Classes\QQPCMgr.qbox
Key Found:  HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
Key Found:  HKU\.DEFAULT\Software\b`nl{y
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\System Healer
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\deskapp
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Zoohair
Key Found:  HKU\S-1-5-18\Software\b`nl{y
Key Found:  HKCU\Software\System Healer
Key Found:  HKCU\Software\deskapp
Key Found:  HKCU\Software\Zoohair
Key Found:  HKLM\SOFTWARE\BrowserAir
Key Found:  HKLM\SOFTWARE\youndooSoftware
Key Found:  HKLM\SOFTWARE\OtherSearch
Key Found:  HKLM\SOFTWARE\ScreenShot
Key Found:  HKLM\SOFTWARE\b`nl{y
Key Found:  HKLM\SOFTWARE\msServer
Key Found:  HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Key Found:  HKLM\SOFTWARE\ourluckysitesSoftware
Key Found:  HKLM\SOFTWARE\Zoohair
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
Key Found:  [x64] HKCU\Software\System Healer
Key Found:  [x64] HKCU\Software\deskapp
Key Found:  [x64] HKCU\Software\Zoohair
Key Found:  [x64] HKLM\SOFTWARE\b`nl{y
Key Found:  [x64] HKLM\SOFTWARE\RunBooster
Key Found:  [x64] HKLM\SOFTWARE\InterSect Alliance
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcob
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2ed
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fg
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M10
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM0
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM0
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M10
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM024XHN-M
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000L
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000L
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM024XHN
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
Data Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files\internet explorer\iexplore.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1495637182&z=39b1e718ac96a17688f
Data Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1493280535&z=986f5c
Data Found:  [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1493280535&z=986f
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90429033-A26B-4FFA-9BD3-BB2E0810E84F} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90429033-A26B-4FFA-9BD3-BB2E0810E84F} [NameServer] - 82.163.143.176 82.163.142.178
Value Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
Value Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
Key Found:  HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found:  HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Key Found:  HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
Key Found:  HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
Key Found:  HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan
Key Found:  HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
Key Found:  HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Key Found:  HKLM\SOFTWARE\Classes\.qbox
Key Found:  HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
Key Found:  HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
Key Found:  HKEY_CLASSES_ROOT\.qmgc
Key Found:  HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Key Found:  HKCU\SOFTWARE\Classes\ChromeHTML
Key Found:  HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [3DM]
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Key Found:  HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found:  HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [23358 Bytes] - [05/07/2017 22:12:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23432 Bytes] ##########
 

 

Mbar found more than a thousand threats, adwcleaner found some 300... Looking forward for the next step! :-)

 
# AdwCleaner v6.047 - Logfile created 05/07/2017 at 22:12:34
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-05.1 [Server]
# Operating System : Windows 8.1 Pro  (X64)
# Username : user - PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  iSafeKrnlMon
Service Found:  QQPCRTP
Service Found:  QMUdisk
Service Found:  TFsFlt
Service Found:  FirefoxU
Service Found:  WinSAPSvc
Service Found:  WinSnare
Service Found:  Lace514
Service Found:  OtherSearch
Service Found:  tfsflt
Service Found:  qmudisk
Service Found:  qqpcrtp
Service Found:  isafekrnlmon
Service Found:  SNARER
Service Found:  SNARE
Service Found:  Kitty
Service Found:  BIT
Service Found:  VNASRE
Service Found:  IISvr
Service Found:  3DM
Service Found:  NPASRE
Service Found:  CWASRE
Service Found:  CSHMDR
Service Found:  terana
Service Found:  snare
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\1102ed48
Folder Found:  C:\ProgramData\6c750828-02f3-1
Folder Found:  C:\ProgramData\6c750828-0455-1
Folder Found:  C:\ProgramData\6c750828-0555-0
Folder Found:  C:\ProgramData\6c750828-0663-0
Folder Found:  C:\ProgramData\6c750828-0823-1
Folder Found:  C:\ProgramData\6c750828-0851-1
Folder Found:  C:\ProgramData\6c750828-0cf3-1
Folder Found:  C:\ProgramData\6c750828-0f87-1
Folder Found:  C:\ProgramData\6c750828-1393-0
Folder Found:  C:\ProgramData\6c750828-1627-1
Folder Found:  C:\ProgramData\6c750828-16e7-1
Folder Found:  C:\ProgramData\6c750828-1b43-0
Folder Found:  C:\ProgramData\6c750828-1b51-1
Folder Found:  C:\ProgramData\6c750828-1c77-1
Folder Found:  C:\ProgramData\6c750828-1dc3-0
Folder Found:  C:\ProgramData\6c750828-2737-1
Folder Found:  C:\ProgramData\6c750828-27f3-1
Folder Found:  C:\ProgramData\6c750828-2a41-0
Folder Found:  C:\ProgramData\6c750828-2d81-0
Folder Found:  C:\ProgramData\6c750828-2e71-1
Folder Found:  C:\ProgramData\6c750828-2fa7-0
Folder Found:  C:\ProgramData\6c750828-2ff5-0
Folder Found:  C:\ProgramData\6c750828-3263-0
Folder Found:  C:\ProgramData\6c750828-3545-1
Folder Found:  C:\ProgramData\6c750828-3b51-1
Folder Found:  C:\ProgramData\6c750828-3c23-0
Folder Found:  C:\ProgramData\6c750828-3c87-0
Folder Found:  C:\ProgramData\6c750828-3fd7-0
Folder Found:  C:\ProgramData\6c750828-44a7-0
Folder Found:  C:\ProgramData\6c750828-4b41-0
Folder Found:  C:\ProgramData\6c750828-4c45-1
Folder Found:  C:\ProgramData\6c750828-5027-0
Folder Found:  C:\ProgramData\6c750828-50e3-0
Folder Found:  C:\ProgramData\6c750828-52b5-0
Folder Found:  C:\ProgramData\6c750828-53a3-0
Folder Found:  C:\ProgramData\6c750828-54b3-1
Folder Found:  C:\ProgramData\6c750828-55f5-0
Folder Found:  C:\ProgramData\6c750828-5721-0
Folder Found:  C:\ProgramData\6c750828-5a71-0
Folder Found:  C:\ProgramData\6c750828-5a85-0
Folder Found:  C:\ProgramData\6c750828-5be3-1
Folder Found:  C:\ProgramData\6c750828-5f13-1
Folder Found:  C:\ProgramData\6c750828-64d7-0
Folder Found:  C:\ProgramData\6c750828-67f5-1
Folder Found:  C:\ProgramData\6c750828-6803-1
Folder Found:  C:\ProgramData\6c750828-6c17-1
Folder Found:  C:\ProgramData\6c750828-6dc3-1
Folder Found:  C:\ProgramData\6c750828-6fb3-1
Folder Found:  C:\ProgramData\6c750828-7c47-0
Folder Found:  C:\ProgramData\6c750828-7ef1-0
Folder Found:  C:\ProgramData\c5f23b7d-34e1-1
Folder Found:  C:\ProgramData\c5f23b7d-58a1-0
Folder Found:  C:\ProgramData\{03e34999-412c-1}
Folder Found:  C:\ProgramData\{098042ab-512c-1}
Folder Found:  C:\ProgramData\{0dab667c-612c-0}
Folder Found:  C:\ProgramData\{10294b79-012c-0}
Folder Found:  C:\ProgramData\{11021262-512c-0}
Folder Found:  C:\ProgramData\{156a4326-412c-0}
Folder Found:  C:\ProgramData\{18f32a80-612c-0}
Folder Found:  C:\ProgramData\{19f95690-212c-0}
Folder Found:  C:\ProgramData\{30a30dc6-112c-0}
Folder Found:  C:\ProgramData\{31c558c6-512c-0}
Folder Found:  C:\ProgramData\{3d353ec7-212c-0}
Folder Found:  C:\ProgramData\{3e9407de-412c-1}
Folder Found:  C:\ProgramData\{42fc4fb5-712c-1}
Folder Found:  C:\ProgramData\{447e36af-712c-1}
Folder Found:  C:\ProgramData\{4ae53e7e-312c-0}
Folder Found:  C:\ProgramData\{4e995c72-312c-0}
Folder Found:  C:\ProgramData\{63ff1314-412c-1}
Folder Found:  C:\ProgramData\{6b2622ba-612c-0}
Folder Found:  C:\ProgramData\{72354ddc-612c-0}
Folder Found:  C:\ProgramData\{73727cee-012c-0}
Folder Found:  C:\ProgramData\{76da4ced-712c-1}
Folder Found:  C:\users\user\AppData\Local\SNARER
Folder Found:  C:\users\user\AppData\Local\Zoohair
Folder Found:  C:\users\user\AppData\Local\VNASRE
Folder Found:  C:\users\user\AppData\Local\background_fault
Folder Found:  C:\users\user\AppData\Local\NPASRE
Folder Found:  C:\users\user\AppData\Local\CWASRE
Folder Found:  C:\users\user\AppData\Local\CSHMDR
Folder Found:  C:\users\user\AppData\Local\terana
Folder Found:  C:\users\user\AppData\Local\snare
Folder Found:  C:\users\user\AppData\Roaming\WinSAPSvc
Folder Found:  C:\users\user\AppData\Roaming\WinSnare
Folder Found:  C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found:  C:\Program Files\ReviverSoft
Folder Found:  C:\Program Files\f09er35s
Folder Found:  C:\Program Files\Common Files\Noobzo
Folder Found:  C:\MediaDrug
Folder Found:  C:\Insist
Folder Found:  C:\Pipisy
Folder Found:  C:\Reimward
Folder Found:  C:\Terward
Folder Found:  C:\Reerdition
Folder Found:  C:\Reaqapytegupy
Folder Found:  C:\ProgramData\SearchModule
Folder Found:  C:\ProgramData\Tencent
Folder Found:  C:\ProgramData\Application Data\SearchModule
Folder Found:  C:\ProgramData\Application Data\Tencent
Folder Found:  C:\Program Files (x86)\Common Files\Tencent
Folder Found:  C:\Program Files (x86)\Firefox
Folder Found:  C:\Users\user\AppData\Roaming\WinSnare
Folder Found:  C:\Users\user\AppData\Roaming\Firefox
Folder Found:  C:\Users\user\AppData\Local\Firefox
Folder Found:  C:\UPDATE\PSGO
Folder Found:  C:\Users\user\AppData\Local\SNARE
Folder Found:  C:\Users\user\AppData\Local\Kitty
Folder Found:  C:\Windows\Update\psgo
Folder Found:  C:\ProgramData\BIT
Folder Found:  C:\Reerdition
Folder Found:  C:\Users\user\AppData\Local\background_fault
Folder Found:  C:\Insist
Folder Found:  C:\Reaqapytegupy
Folder Found:  C:\Reimward
Folder Found:  C:\Pipisy
 
 
***** [ Files ] *****
 
File Found:  C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
File Found:  C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk
File Found:  C:\Windows\SysNative\log\iSafeKrnlCall.log
File Found:  C:\Windows\SysNative\bi3.exe
File Found:  C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
File Found:  C:\Windows\SysNative\drivers\iSafeNetFilter.sys
File Found:  C:\Windows\SysNative\drivers\TFsFltX64.sys
File Found:  C:\Windows\SysNative\drivers\LACE_WPF_X64.SYS
File Found:  C:\Windows\SysNative\drivers\Lace_wpf_x64.sys
File Found:  C:\END
File Found:  C:\ProgramData\smp2.exe
File Found:  C:\ProgramData\smp2.exe
File Found:  C:\ProgramData\Application Data\smp2.exe
File Found:  C:\Users\Public\Documents\temp.dat
File Found:  C:\Users\Public\Documents\report.dat
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
Shortcut infected:  C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7dbeab86, )
Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7dbeab86, )
Shortcut infected:  C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www%2dsearching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7dbeab86, )
Shortcut infected:  C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m
Shortcut infected:  C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk ( hxxp://www%2dsearching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7db
Shortcut infected:  C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epf&s=h3mzamobl20544bu,7e7f0273-4e67-4369-bac3-472e7d
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  Anonotainwnight
Task Found:  rthX4JfhbA
Task Found:  {08090E47-0D7A-7D08-0511-0A0B0A791178}
Task Found:  IBUpd2
Task Found:  SMW_P
Task Found:  PPI Update
Task Found:  Milimili
Task Found:  Windows-PG
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\terana
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\terana
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
Key Found:  HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Key Found:  HKLM\SOFTWARE\Classes\qmbfile
Key Found:  HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
Key Found:  HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
Key Found:  HKLM\SOFTWARE\Classes\qmgcfiles
Key Found:  HKLM\SOFTWARE\Classes\qpakfile
Key Found:  HKLM\SOFTWARE\Classes\QQPCMgr.qbox
Key Found:  [x64] HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Key Found:  [x64] HKLM\SOFTWARE\Classes\qmbfile
Key Found:  [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
Key Found:  [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\qmgcfiles
Key Found:  [x64] HKLM\SOFTWARE\Classes\qpakfile
Key Found:  [x64] HKLM\SOFTWARE\Classes\QQPCMgr.qbox
Key Found:  HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
Key Found:  HKU\.DEFAULT\Software\b`nl{y
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\System Healer
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\deskapp
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Zoohair
Key Found:  HKU\S-1-5-18\Software\b`nl{y
Key Found:  HKCU\Software\System Healer
Key Found:  HKCU\Software\deskapp
Key Found:  HKCU\Software\Zoohair
Key Found:  HKLM\SOFTWARE\BrowserAir
Key Found:  HKLM\SOFTWARE\youndooSoftware
Key Found:  HKLM\SOFTWARE\OtherSearch
Key Found:  HKLM\SOFTWARE\ScreenShot
Key Found:  HKLM\SOFTWARE\b`nl{y
Key Found:  HKLM\SOFTWARE\msServer
Key Found:  HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Key Found:  HKLM\SOFTWARE\ourluckysitesSoftware
Key Found:  HKLM\SOFTWARE\Zoohair
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
Key Found:  [x64] HKCU\Software\System Healer
Key Found:  [x64] HKCU\Software\deskapp
Key Found:  [x64] HKCU\Software\Zoohair
Key Found:  [x64] HKLM\SOFTWARE\b`nl{y
Key Found:  [x64] HKLM\SOFTWARE\RunBooster
Key Found:  [x64] HKLM\SOFTWARE\InterSect Alliance
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcob
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2ed
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fg
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M10
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM0
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM0
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M10
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB_S
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM024XHN-M
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000L
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000L
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492067028&z=4bee24d279eec12fc3d7d6fgdz5tcobe8q0m2edo7q&from=che0812&uid=ST1000LM024XHN-M101MBB
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1491379489&z=fdce59993982075d2bf45edgfzbt4gec4m2t1z0b3c&from=che0812&uid=ST1000LM024XHN
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
Data Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files\internet explorer\iexplore.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1495637182&z=39b1e718ac96a17688f
Data Found:  HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1493280535&z=986f5c
Data Found:  [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1493280535&z=986f
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90429033-A26B-4FFA-9BD3-BB2E0810E84F} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF} [NameServer] - 82.163.143.176 82.163.142.178
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{90429033-A26B-4FFA-9BD3-BB2E0810E84F} [NameServer] - 82.163.143.176 82.163.142.178
Value Found:  HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
Value Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
Value Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
Key Found:  HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found:  HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Key Found:  HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
Key Found:  HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
Key Found:  HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan
Key Found:  HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
Key Found:  HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Key Found:  HKLM\SOFTWARE\Classes\.qbox
Key Found:  HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
Key Found:  HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
Key Found:  HKEY_CLASSES_ROOT\.qmgc
Key Found:  HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Key Found:  HKCU\SOFTWARE\Classes\ChromeHTML
Key Found:  HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [3DM]
Key Found:  HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Key Found:  HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found:  HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [23358 Bytes] - [05/07/2017 22:12:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23432 Bytes] ##########
 

 

Mbar found more than a thousand threats, adwcleaner found some 300... Looking forward for the next step! :-)



#5 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:36 AM

Posted 05 July 2017 - 04:32 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


:step5: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the boxes next to Addition.txt and Shortcut.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt, Shortcut.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.
-------

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Nocturnal558

Nocturnal558
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2017 - 03:24 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.07.06.06
  rootkit: v2017.05.27.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18666
user :: PC [administrator]
 
7/6/2017 8:40:49 PM
mbar-log-2017-07-06 (20-40-49).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 294438
Time elapsed: 39 minute(s), 3 second(s)
 
Memory Processes Detected: 2
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe (Adware.Elex) -> 3908 -> Delete on reboot. [9678abb85f4aa98dba2625661be5b24e]
C:\Users\user\AppData\Local\background_fault\aswRD.exe (Adware.Elex) -> 6492 -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
 
Memory Modules Detected: 6
C:\ProgramData\BIT\BIT.dll (Adware.Elex) -> Delete on reboot. [1fefadb65059360084e5ff21728e916f]
C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll (Adware.Elex) -> Delete on reboot. [0608f370e5c4ec4a38a038b0b44d46ba]
C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll (Adware.Elex) -> Delete on reboot. [c7476af917922016347a3bd5837f7c84]
C:\Users\user\AppData\Local\Kitty\Kitty.dll (Adware.Elex.Generic) -> Delete on reboot. [d33b7be8bcedf73f244d79b2936d37c9]
C:\Users\user\AppData\Roaming\WinSAPSvc\WinSAP.dll (Adware.Elex) -> Delete on reboot. [3fcf164d87222511bfabfb72cb36e61a]
C:\Users\user\AppData\Local\background_fault\bf.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
 
Registry Keys Detected: 43
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FirefoxU (Adware.Elex) -> Delete on reboot. [9678abb85f4aa98dba2625661be5b24e]
HKLM\SOFTWARE\b`nl{y (Adware.Elex) -> Delete on reboot. [2be395ce763344f225c128b3ed142cd4]
HKLM\SOFTWARE\RunBooster (Adware.RunBooster) -> Delete on reboot. [63abd390d2d7fc3a433c3b8c3ec29070]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [838bd0935d4c94a20f35c54251b0b14f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [32dca6bd3c6d4fe7d210709332cfe11f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{12614D12-0802-4375-BC64-61043F9ED362} (Adware.Elex) -> Delete on reboot. [44ca6df66841f3438a1b494839c8e917]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B6F78E3-0C17-43D0-83D9-21F0565A53D3} (Adware.Elex) -> Delete on reboot. [27e7b1b207a256e0010edcc409f7bb45]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Milimili (Adware.Elex) -> Delete on reboot. [4ec0ca999f0a8caa8451643b20e057a9]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows-PG (Adware.Elex) -> Delete on reboot. [d6380e55f9b09c9a2510761ae120946c]
HKLM\SOFTWARE\WOW6432NODE\b`nl{y (Adware.Elex) -> Delete on reboot. [3cd26bf80e9b2115578f8c4fae53fe02]
HKLM\SOFTWARE\WOW6432NODE\Toolhair (Adware.Ghokswa) -> Delete on reboot. [3fcf1d46743558deb46f47aeb54cd42c]
HKLM\SOFTWARE\WOW6432NODE\youndooSoftware (Adware.Elex.SHHKRST) -> Delete on reboot. [5cb23b286445db5ba2da7b003fc2f50b]
HKLM\SOFTWARE\WOW6432NODE\Zoohair (Adware.Ghokswa) -> Delete on reboot. [aa64095a327766d0069618607889d22e]
HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971} (Adware.Elex) -> Delete on reboot. [19f52f341d8c73c35e3abaa53fc242be]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [3fcfb2b1eebb4aecca7a21e643be02fe]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [7d91392afcadb87ed50d29da7f82a35d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564 (Adware.DNSUnlocker) -> Delete on reboot. [0c02560dd6d33bfb2329e228fa08e917]
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\VNZCYIAH (Adware.Sasquor.SPL) -> Delete on reboot. [759987dca009b77fb8c2094ee0206d93]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\3DM (Adware.Elex) -> Delete on reboot. [ae60451e7732fa3cf13f53a6c93840c0]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CSHMDR (Adware.Elex) -> Delete on reboot. [22ec263d2881d56155d6b25e51b1f709]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CWASRE (Adware.Elex) -> Delete on reboot. [de30b4af3e6bd85ed6044bace918c040]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IISvr (Adware.Elex) -> Delete on reboot. [848a3b283772023471610fcb867bcd33]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Kitty (Adware.Elex.Generic) -> Delete on reboot. [d33b7be8bcedf73f244d79b2936d37c9]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Lace514 (Rootkit.Komodia.PUA) -> Delete on reboot. [0608acb77a2f53e313985d60f907ec14]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NPASRE (Adware.Elex) -> Delete on reboot. [b658b8ab6f3acd69b3075692cd34bf41]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OtherSearch (Adware.OtherSearch) -> Delete on reboot. [23eb6cf713969b9b4e6134882dd31be5]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SNARER (Adware.Elex.Generic) -> Delete on reboot. [30dea2c138712a0c0e32ffb202ffd927]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\terana (Adware.Elex) -> Delete on reboot. [e727c99a8326c0764c1492482dd41ae6]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VNASRE (Adware.Elex) -> Delete on reboot. [8b83d09380292214aef823b757aac13f]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinSnare (Adware.Elex) -> Delete on reboot. [40cee281d7d2a393ad119328669a4eb2]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPDTSrv (Adware.Elex) -> Delete on reboot. [d73702618029c76fbe111bc09c65e41c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CSHMDR (Adware.Elex) -> Delete on reboot. [d63876edcadf30065e517b947b87b848]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CWASRE (Adware.Elex) -> Delete on reboot. [23ebf66d07a2c0762eab53a459a8f40c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NPASRE (Adware.Elex) -> Delete on reboot. [45c9164d6c3d22149956f1f657aa2ed2]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SNARER (Adware.Elex) -> Delete on reboot. [35d91b489514df5719291fba5ca526da]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\terana (Adware.Elex) -> Delete on reboot. [c44a6af906a33afc56f1efeb48b929d7]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\VNASRE (Adware.Elex) -> Delete on reboot. [af5f96cd0a9f3cfa5128bc1e42bfe41c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WinSnare (Adware.Elex) -> Delete on reboot. [2fdf3b283376eb4bcbcb5efc1ce503fd]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAFEKRNLMON (FraudTool.YAC) -> Delete on reboot. [58b60b589b0ee74f3b6ddb99669c7c84]
HKU\.DEFAULT\SOFTWARE\b`nl{y (Adware.Elex) -> Delete on reboot. [20ee461ddbce43f37e609f3c4eb3d927]
HKU\S-1-5-18\SOFTWARE\b`nl{y (Adware.Elex) -> Delete on reboot. [2ae42f340d9ca09620c837a45fa24eb2]
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\Toolhair (Adware.Ghokswa) -> Delete on reboot. [719d5310d6d351e55cb4579d45bcbe42]
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\Zoohair (Adware.Ghokswa) -> Delete on reboot. [f31bbba82a7f2e0882857eb70ef33cc4]
 
Registry Values Detected: 18
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE|Debugger (RiskWare.IFEOHijack) -> Data: 324095823984.exe -> Delete on reboot. [838bd0935d4c94a20f35c54251b0b14f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE|Debugger (RiskWare.IFEOHijack) -> Data: 8736459873644.exe -> Delete on reboot. [32dca6bd3c6d4fe7d210709332cfe11f]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{12614D12-0802-4375-BC64-61043F9ED362}|Path (Adware.Elex) -> Data: \Windows-PG -> Delete on reboot. [44ca6df66841f3438a1b494839c8e917]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B6F78E3-0C17-43D0-83D9-21F0565A53D3}|Path (Adware.Elex) -> Data: \Milimili -> Delete on reboot. [27e7b1b207a256e0010edcc409f7bb45]
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{E3D93A26-0D4B-11E7-A752-64006A5CFC23} (Adware.Elex.SHHKRST) -> Data:  -> Delete on reboot. [36d8f46f9d0ccf671cd2e700946de61a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE|Debugger (RiskWare.IFEOHijack) -> Data: 324095823984.exe -> Delete on reboot. [3fcfb2b1eebb4aecca7a21e643be02fe]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATERSERVICE.EXE|Debugger (RiskWare.IFEOHijack) -> Data: 8736459873644.exe -> Delete on reboot. [7d91392afcadb87ed50d29da7f82a35d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AppHelperV5.exe (Adware.Elex) -> Data: C:\Users\user\AppData\Local\Temp\AppHelperV5.exe -> Delete on reboot. [828ca6bda0095bdb656ca5dc43bece32]
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\vnzcyiah|Name (Adware.Sasquor.SPL) -> Data: C:\Program Files (x86)\Pmetainqecdom Log\local64spl.dll -> Delete on reboot. [759987dca009b77fb8c2094ee0206d93]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iSafeKrnlMon|ImagePath (FraudTool.YAC) -> Data: \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys -> Delete on reboot. [58b60b589b0ee74f3b6ddb99669c7c84]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{6B046867-DC7D-4744-A78E-6DC55CDB963F} (Adware.Ghokswa.Generic) -> Data: v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Zoohair\Application\chrome.exe|Name=Chrome browser| -> Delete on reboot. [917d85dedacf132353f9d12a24dd6799]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8BB02AB6-50FB-46C8-9465-6EE7D214631C} (Adware.Ghokswa) -> Data: v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| -> Delete on reboot. [709e352ed2d770c63b0247fb837d8c74]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{F27975F2-526D-4F09-ACAC-0709D545C3A4} (Adware.Elex) -> Data: v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\MIO\loader\st1000lm024xhn-m101mbb_s2smj9bdb08618.dat|Name=QQLive下载器st1000lm024xhn-m101mbb_s2smj9bdb08618.dat| -> Delete on reboot. [b15db1b2e5c4270f634f8b84ba4816ea]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{7D808060-ECE9-4A74-B469-39A6A95BFE69} (Adware.Elex) -> Data: v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\MIO\loader\st1000lm024xhn-m101mbb_s2smj9bdb08618.dat|Name=QQLive下载器st1000lm024xhn-m101mbb_s2smj9bdb08618.dat| -> Delete on reboot. [9c7297cc06a35adc941ed43b6a9803fd]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [3bd3b3b070392c0a72cb73bca45fd52b]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [c14dc2a13178191dc97458d7ee1531cf]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{90429033-A26B-4FFA-9BD3-BB2E0810E84F}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [32dc0c57238662d4e8557db2976c867a]
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|background_fault (Adware.Elex) -> Data: "C:\Users\user\AppData\Local\background_fault\aswRD.exe" "C:\Users\user\AppData\Local\background_fault\bf.dll",background_fault_collector -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
 
Registry Data Items Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer (Trojan.DNSChanger.ACMB2) -> Bad: (82.163.143.176 82.163.142.178) Good: (8.8.8.8) -> Replace on reboot. [dc325c074267e5511532d884b64de31d]
 
Folders Detected: 256
C:\Windows\Temp\hp23E8.tmp (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp4E30.tmp (Adware.Elex) -> Delete on reboot. [64aab4afa6033afc98074bae8a7610f0]
C:\Windows\Temp\hp5065.tmp (Adware.Elex) -> Delete on reboot. [a8660f54585142f45a45a45580805fa1]
C:\Windows\Temp\hp539B.tmp (Adware.Elex) -> Delete on reboot. [e12d97ccd0d91620019ea158a15f30d0]
C:\Windows\Temp\hp7DE6.tmp (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp90F9.tmp (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hpDA23.tmp (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Users\user\AppData\Local\CSHMDR (Adware.Elex.Generic) -> Delete on reboot. [fc120e55515860d6fe9af9d1aa5720e0]
C:\Users\user\AppData\Local\CWASRE (Adware.Elex.Generic) -> Delete on reboot. [fe100b58edbc9c9a87115d6d778a15eb]
C:\Users\user\AppData\Local\NPASRE (Adware.Elex.Generic) -> Delete on reboot. [927c83e01198b3830f89705ac63b15eb]
C:\Users\user\AppData\Local\VNASRE (Adware.Elex.Generic) -> Delete on reboot. [937bde85ddcc0c2a0a8e3f8bc04110f0]
C:\Users\user\AppData\Local\terana (Adware.Elex.Generic) -> Delete on reboot. [97770e554f5a1620ea657f5b43be857b]
C:\Windows\psgo (Adware.Elex.EncJob) -> Delete on reboot. [16f800634861cd690efd45baf50c12ee]
C:\Update\psgo (Adware.Elex.EncJob) -> Delete on reboot. [58b6590ab4f563d31defa758966b946c]
C:\Windows\Update\psgo (Adware.Elex.EncJob) -> Delete on reboot. [0806acb7b8f1b383fcaa3fc04eb36799]
C:\Reimward (Adware.Elex) -> Delete on reboot. [37d731329a0f45f16535ac71887808f8]
C:\Users\user\AppData\Local\Zoohair (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Crashpad (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0\js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\bg (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ca (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\cs (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\da (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\de (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\el (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en_GB (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es_419 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\et (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fil (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hu (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\id (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\it (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ja (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ko (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lt (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lv (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nb (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_BR (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_PT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ro (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ru (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sk (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sv (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\th (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\tr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\uk (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\vi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_CN (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_TW (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_metadata (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cloud_route_details (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\iw (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\am (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ar (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\bg (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\bn (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ca (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\cs (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\da (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\de (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\el (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\en (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\es (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\et (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fa (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fil (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\gu (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hu (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\id (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\it (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ja (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\kn (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ko (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\lt (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\lv (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ml (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\mr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ms (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\nb (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\nl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt_BR (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt_PT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ro (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ru (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sk (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sv (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sw (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ta (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\te (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\th (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\tr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\uk (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\vi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\zh (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\zh_TW (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_metadata (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\iw (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\am (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ar (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bg (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bn (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ca (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\cs (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\da (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\de (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\el (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\en (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\es (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\et (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fa (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fil (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\gu (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hu (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\id (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\it (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ja (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\kn (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ko (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lt (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lv (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ml (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\mr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ms (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nb (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_BR (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_PT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ro (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ru (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sk (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sl (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sv (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sw (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ta (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\te (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\th (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\tr (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\uk (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\vi (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh_TW (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\Temp (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data\Shockwave Flash (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\EBTKWSAR (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\000 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\000\t (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIcons (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIconsOld (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_metadata (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_platform_specific (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_platform_specific\all (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies\8 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\OriginTrials (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash\25.0.0.171 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant\3 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SwiftShader (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter\19.104.0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Windows\Temp\winsap_update (Adware.Elex) -> Delete on reboot. [60ae2142c9e0bf7715b9261728d8c937]
C:\Program Files\f09er35s (Adware.Elex) -> Delete on reboot. [ca449ac9f6b338fe705e7d1a0cf46a96]
C:\Program Files\f09er35s\{001989BB-E61E-4FF6-93F3-59951A0CF7C6} (Adware.Elex) -> Delete on reboot. [ca449ac9f6b338fe705e7d1a0cf46a96]
C:\Users\user\AppData\Roaming\WinSnare (Adware.Elex) -> Delete on reboot. [cb43a4bf3a6fc472d8c0209a877906fa]
C:\Users\Public\QiYi (Adware.ChinAd) -> Delete on reboot. [2fdfcc97e9c0a690c5171a2def1217e9]
C:\Users\Public\QiYi\QiyiHCDN (Adware.ChinAd) -> Delete on reboot. [2fdfcc97e9c0a690c5171a2def1217e9]
C:\Users\Public\QiYi\QiyiHCDN\Config (Adware.ChinAd) -> Delete on reboot. [2fdfcc97e9c0a690c5171a2def1217e9]
C:\Users\user\AppData\Roaming\WinSAPSvc (Adware.Elex) -> Delete on reboot. [3fcf164d87222511bfabfb72cb36e61a]
C:\Users\user\AppData\Local\SNARER (Adware.Elex) -> Delete on reboot. [53bb32319118e452e48f03cec63b7987]
C:\Reaqapytegupy (Adware.Elex) -> Delete on reboot. [46c892d1ddcc85b18addb42031d0e917]
C:\Users\user\AppData\Local\background_fault (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\Opera Stable (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Pipisy (Adware.Elex) -> Delete on reboot. [32dc352e3772c86e2c36b72d30d1ba46]
C:\Reerdition (Adware.Elex) -> Delete on reboot. [fd11f86bd5d4e84ec9e31ace6d94956b]
C:\Terward (Adware.Elex) -> Delete on reboot. [749a3f24684138fef832d028c041827e]
 
Files Detected: 706
C:\WINDOWS\SYSTEM32\drivers\iSafeKrnlBoot.sys (FraudTool.YAC) -> Delete on reboot. [fab2eba07369bf3c6db33469b5b36fcb]
C:\WINDOWS\SYSTEM32\drivers\iSafeNetFilter.sys (FraudTool.YAC) -> Delete on reboot. [9fb02fba90f6af59537a30c3db9777c8]
C:\WINDOWS\SYSTEM32\drivers\Lace_wpf_x64.sys (Rootkit.Komodia.PUA) -> Delete on reboot. [1d2c8bcbae32570d37597894943ce3af]
C:\ProgramData\BIT\BIT.dll (Adware.Elex) -> Delete on reboot. [1fefadb65059360084e5ff21728e916f]
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe (Adware.Elex) -> Delete on reboot. [9678abb85f4aa98dba2625661be5b24e]
C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll (Adware.Elex) -> Delete on reboot. [0608f370e5c4ec4a38a038b0b44d46ba]
C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll (Adware.Elex) -> Delete on reboot. [c7476af917922016347a3bd5837f7c84]
C:\Users\user\AppData\Local\SNARER\Snarer.dll (Adware.Elex) -> Delete on reboot. [41cd79ea9118ed49f9a68c3a827f8c74]
C:\Windows\Temp\d7dCF8B.tmp (Adware.Elex) -> Delete on reboot. [b955b3b0bced5bdbee08ae7a4eb3b947]
C:\Windows\Temp\se8CB6A.tmp (Adware.Elex) -> Delete on reboot. [d43a74efc8e14beb1ed876b2a65b6c94]
C:\Windows\Temp\hp23E8.tmp\kitty1.dll (Adware.Elex) -> Delete on reboot. [b35ba9baeebb78bee0a647a1738ef709]
C:\Windows\Temp\hp23E8.tmp\XOBc.dll (Adware.Elex) -> Delete on reboot. [25e9243fedbcce68e32aba5161a1e020]
C:\Windows\Temp\hp23E8.tmp\XOBd.dll (Adware.Elex) -> Delete on reboot. [4cc2aeb5307956e0e92460abe121768a]
C:\Windows\Temp\hp23E8.tmp\XOBr.dll (Adware.Elex) -> Delete on reboot. [6aa42a39feab152105087596966cdc24]
C:\Windows\Temp\hp4E30.tmp\yacqq.exe (Adware.Elex) -> Delete on reboot. [6ea03c27d8d182b49f1a0f8f52ae2ad6]
C:\Windows\Temp\hp539B.tmp\kitty.exe (Adware.Elex) -> Delete on reboot. [48c6f17236733006cd8c699a01ff659b]
C:\Windows\Temp\hp539B.tmp\yacqq.exe (Adware.Elex) -> Delete on reboot. [ab63362d0a9fd4627e3b8b137888d030]
C:\Windows\Temp\hp5FDC.tmp\WinSAP.dll (Adware.Elex) -> Delete on reboot. [d737283bd4d50b2b2ef6b01554adb54b]
C:\Windows\Temp\hp6164.tmp\WinSAP.dll (Adware.Elex) -> Delete on reboot. [65a962015b4e4de922021fa6f01159a7]
C:\Windows\Temp\hp7DE6.tmp\kitty1.dll (Adware.Elex) -> Delete on reboot. [7f8f2a39adfc60d6a26f11f20af87c84]
C:\Windows\Temp\hp7DE6.tmp\XOBc.dll (Adware.Elex) -> Delete on reboot. [1bf397cc218873c346c736d5e71ba25e]
C:\Windows\Temp\hp7DE6.tmp\XOBd.dll (Adware.Elex) -> Delete on reboot. [917d20435950d85ea568d3383fc34ab6]
C:\Windows\Temp\hp7DE6.tmp\XOBr.dll (Adware.Elex) -> Delete on reboot. [5cb290d33a6ffb3b1bf2b05b90725ea2]
C:\Windows\Temp\hp90F9.tmp\kitty1.dll (Adware.Elex) -> Delete on reboot. [09050162a60354e28501c91f946dd729]
C:\Windows\Temp\hp90F9.tmp\XOBc.dll (Adware.Elex) -> Delete on reboot. [010dfa699d0cca6c818c29e259a9728e]
C:\Windows\Temp\hp90F9.tmp\XOBd.dll (Adware.Elex) -> Delete on reboot. [27e77ae9c2e7ff3759b416f56f9302fe]
C:\Windows\Temp\hp90F9.tmp\XOBr.dll (Adware.Elex) -> Delete on reboot. [799589dae5c446f063aa5bb037cb7e82]
C:\Windows\Temp\hpDA23.tmp\Berserker.dll (Adware.Elex) -> Delete on reboot. [17f7ff64cedb42f46945f37d10f132ce]
C:\Windows\Temp\hpDA23.tmp\kitty.exe (Adware.Elex) -> Delete on reboot. [5cb24a1915948aac362348bb7a8626da]
C:\Windows\Temp\hpDA23.tmp\yacqq.exe (Adware.Elex) -> Delete on reboot. [f11db2b16a3f2c0ac1f81b83db25fb05]
C:\Windows\System32\Tasks\Milimili (Adware.Elex) -> Delete on reboot. [7599055e9b0e3bfb2864b2f0fa06c43c]
C:\Windows\Temp\hp23E8.tmp\Snarer.msi (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\BigFarm.ico (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\big_bang_empire.ico (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\CasasBahia.ico (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\CJ (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\fxjp (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\mio.ini (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\PontoFrio.ico (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\SJ (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\UAC.dll (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp23E8.tmp\yacqq.dll (Adware.Elex) -> Delete on reboot. [25e93231e8c173c387181fda9f61d828]
C:\Windows\Temp\hp4E30.tmp\Snarer.msi (Adware.Elex) -> Delete on reboot. [64aab4afa6033afc98074bae8a7610f0]
C:\Windows\Temp\hp4E30.tmp\mio.ini (Adware.Elex) -> Delete on reboot. [64aab4afa6033afc98074bae8a7610f0]
C:\Windows\Temp\hp5065.tmp\Snarer.msi (Adware.Elex) -> Delete on reboot. [a8660f54585142f45a45a45580805fa1]
C:\Windows\Temp\hp5065.tmp\CJ (Adware.Elex) -> Delete on reboot. [a8660f54585142f45a45a45580805fa1]
C:\Windows\Temp\hp5065.tmp\CPK.exe (Adware.Elex) -> Delete on reboot. [a8660f54585142f45a45a45580805fa1]
C:\Windows\Temp\hp5065.tmp\kitty.dll (Adware.Elex) -> Delete on reboot. [a8660f54585142f45a45a45580805fa1]
C:\Windows\Temp\hp5065.tmp\mio.ini (Adware.Elex) -> Delete on reboot. [a8660f54585142f45a45a45580805fa1]
C:\Windows\Temp\hp5065.tmp\SJ (Adware.Elex) -> Delete on reboot. [a8660f54585142f45a45a45580805fa1]
C:\Windows\Temp\hp5065.tmp\yacqq.dll (Adware.Elex) -> Delete on reboot. [a8660f54585142f45a45a45580805fa1]
C:\Windows\Temp\hp539B.tmp\Snarer.msi (Adware.Elex) -> Delete on reboot. [e12d97ccd0d91620019ea158a15f30d0]
C:\Windows\Temp\hp539B.tmp\mio.ini (Adware.Elex) -> Delete on reboot. [e12d97ccd0d91620019ea158a15f30d0]
C:\Windows\Temp\hp7DE6.tmp\Snarer.msi (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\00 (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\11 (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\1111 (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\Americanas.ico (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\BigFarm.ico (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\big_bang_empire.ico (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\CasasBahia.ico (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\CJ (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\fxjp (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\mio.ini (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\SJ (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\UAC.dll (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp7DE6.tmp\yacqq.dll (Adware.Elex) -> Delete on reboot. [3dd1da899e0b70c6cdd26d8c5ea28f71]
C:\Windows\Temp\hp90F9.tmp\Snarer.msi (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\BigFarm.ico (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\big_bang_empire.ico (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\CasasBahia.ico (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\CJ (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\mio.ini (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\PontoFrio.ico (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\SJ (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\UAC.dll (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hp90F9.tmp\yacqq.dll (Adware.Elex) -> Delete on reboot. [6f9feb78e3c6aa8c3b64d425f30d0af6]
C:\Windows\Temp\hpDA23.tmp\Snarer.msi (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\bk.dat (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\cab.ini (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\CCinit.exe (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\DoDKP.dat (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\DoDKP64.dat (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\DV.dat (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\hhhhh.exe (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\License (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\mio.ini (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\QQBrowser.exe (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\QQBrowserFrame.dll (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\simple.dat (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\SSS.dll (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\TTT.dat (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\ttttt.exe (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\UAC.dll (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\Temp\hpDA23.tmp\Update.dll (Adware.Elex) -> Delete on reboot. [e628c59ee9c09c9acbd4fbfe966a758b]
C:\Windows\System32\Tasks\Windows-PG (Adware.Elex) -> Delete on reboot. [a7679dc6793091a50917f59bf809936d]
C:\Users\user\AppData\Local\CSHMDR\Snare.dll (Adware.Elex.Generic) -> Delete on reboot. [fc120e55515860d6fe9af9d1aa5720e0]
C:\Users\user\AppData\Local\CWASRE\Snare.dll (Adware.Elex.Generic) -> Delete on reboot. [fe100b58edbc9c9a87115d6d778a15eb]
C:\Users\user\AppData\Local\NPASRE\Snare.dll (Adware.Elex.Generic) -> Delete on reboot. [927c83e01198b3830f89705ac63b15eb]
C:\Users\user\AppData\Local\VNASRE\Snare.dll (Adware.Elex.Generic) -> Delete on reboot. [937bde85ddcc0c2a0a8e3f8bc04110f0]
C:\Users\user\AppData\Local\terana\terana.dll (Adware.Elex.Generic) -> Delete on reboot. [97770e554f5a1620ea657f5b43be857b]
C:\Windows\psgo\psgo.ps1 (Adware.Elex.EncJob) -> Delete on reboot. [16f800634861cd690efd45baf50c12ee]
C:\Update\psgo\psgo.ps1 (Adware.Elex.EncJob) -> Delete on reboot. [58b6590ab4f563d31defa758966b946c]
C:\Windows\Update\psgo\psgo.ps1 (Adware.Elex.EncJob) -> Delete on reboot. [0806acb7b8f1b383fcaa3fc04eb36799]
C:\Users\user\AppData\Local\Kitty\Kitty.dll (Adware.Elex.Generic) -> Delete on reboot. [d33b7be8bcedf73f244d79b2936d37c9]
C:\Reimward\Cuwolenuosy.jjj (Adware.Elex) -> Delete on reboot. [37d731329a0f45f16535ac71887808f8]
C:\Users\user\AppData\Local\Zoohair\User Data\BrowserMetrics.pma (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Certificate Revocation Lists (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\First Run (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Local State (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\manifest.fingerprint (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\e0127629e90496564e3d0147984498aa48f8adb16600eb7902a1ef9909906273.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\384\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\manifest.fingerprint (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\e0127629e90496564e3d0147984498aa48f8adb16600eb7902a1ef9909906273.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\CertificateTransparency\387\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Login Data-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cookies (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cookies-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Current Session (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Current Tabs (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Favicons (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Favicons-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Network Action Predictor (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Network Action Predictor-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Network Persistent State (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Origin Bound Certs (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Origin Bound Certs-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Preferences (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\previews_opt_out.db (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\previews_opt_out.db-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\README (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Secure Preferences (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Shortcuts (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Shortcuts-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Top Sites (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Top Sites-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\TransportSecurity (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Visited Links (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Web Data (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Web Data-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Google Profile.ico (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\History (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\History Provider Cache (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\History-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Last Session (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Last Tabs (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Login Data (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000012 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000027 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003e (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\data_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\data_1 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\data_2 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\data_3 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000002 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000003 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000005 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000006 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000007 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000008 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000b (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000c (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000d (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000e (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00000f (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000010 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000011 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000013 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000014 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000016 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000017 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000018 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000019 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001a (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001b (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001c (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001d (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001e (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00001f (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000020 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000022 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000023 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000024 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000025 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000026 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000028 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000029 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00002a (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00002b (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00002c (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00002e (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000031 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000032 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000033 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000034 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000035 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000037 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003a (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003b (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003c (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00003d (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000040 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000041 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000042 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000043 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000044 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000046 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000047 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000048 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000049 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00004a (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00004d (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00004e (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00004f (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000050 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000051 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000052 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000053 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000054 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000056 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000058 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000059 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005a (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005b (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005d (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005e (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_00005f (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000060 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000061 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000062 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000063 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000064 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000065 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000066 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000067 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\f_000068 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Cache\index (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\LOG.old (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\LOG.old (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension Rules\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\LOG.old (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extension State\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\background.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\devtools.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\devtools.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji\1.0.16_0\sha256.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0\js\background.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\jiclpkloooednkohecgoedlhbiobhgip\1.1.16_0\js\content.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_background.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_window.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css\craw_window.css (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html\craw_window.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\bg\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ca\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\cs\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\da\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\de\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\el\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en_GB\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es_419\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\et\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fil\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hu\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\id\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\it\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ja\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ko\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lt\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lv\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nb\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_BR\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_PT\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ro\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ru\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sk\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sv\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\th\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\tr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\uk\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\vi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_CN\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_TW\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_metadata\verified_contents.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\feedback.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\angular.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\background_script.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_game_sender.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_route_details.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_route_details.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_sender.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\common.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\feedback.css (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\feedback_script.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\material_css_min.css (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\mirroring_cast_streaming.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\mirroring_common.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\mirroring_hangouts.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\mirroring_webrtc.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\cast_app.css (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\cast_app.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\cast_app_redirect.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\chromecast_logo_grey.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\devices.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\index.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\offers.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cast_setup\setup.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cloud_route_details\view.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\cloud_route_details\view.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\iw\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\am\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ar\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\bg\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\bn\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ca\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\cs\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\da\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\de\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\el\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\en\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\es\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\et\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fa\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fil\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\fr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\gu\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\hu\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\id\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\it\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ja\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\kn\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ko\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\lt\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\lv\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ml\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\mr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ms\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\nb\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\nl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt_BR\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\pt_PT\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ro\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ru\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sk\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sv\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\sw\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\ta\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\te\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\th\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\tr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\uk\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\vi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\zh\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_locales\zh_TW\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_metadata\computed_hashes.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.3_0\_metadata\verified_contents.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\angular.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_game_sender.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_sender.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback.css (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\material_css_min.css (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_cast_streaming.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_common.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_hangouts.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_webrtc.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.css (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app_redirect.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\devices.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\index.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\offers.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\setup.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.html (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.js (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\iw\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\am\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ar\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bg\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\bn\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ca\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\cs\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\da\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\de\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\el\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\en\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\es\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\et\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fa\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fil\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\fr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\gu\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\hu\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\id\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\it\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ja\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\kn\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ko\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lt\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\lv\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ml\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\mr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ms\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nb\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\nl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_BR\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\pt_PT\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ro\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ru\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sk\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sl\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sv\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\sw\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\ta\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\te\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\th\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\tr\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\uk\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\vi\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_locales\zh_TW\messages.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata\computed_hashes.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\_metadata\verified_contents.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\data_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\data_1 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\data_2 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\data_3 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000002 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000003 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000004 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000005 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\f_000006 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Media Cache\index (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\LOG.old (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Session Storage\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\File System\Origins\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\data_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\data_1 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\data_2 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\data_3 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\GPUCache\index (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIcons\6B57.tmp (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIcons\6B58.tmp (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIconsOld\F625.tmp (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\JumpListIconsOld\F626.tmp (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\LOG.old (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\ekbmlhopnonkbfompbndcifmljkljhji\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\LOG.old (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\jiclpkloooednkohecgoedlhbiobhgip\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\000003.log (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\CURRENT (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\LOCK (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\LOG (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\LOG.old (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Extension Settings\nkeimhogjdpnpccoofpliimaahmaaome\MANIFEST-000001 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_ekbmlhopnonkbfompbndcifmljkljhji_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_ekbmlhopnonkbfompbndcifmljkljhji_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_jiclpkloooednkohecgoedlhbiobhgip_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_jiclpkloooednkohecgoedlhbiobhgip_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_nkeimhogjdpnpccoofpliimaahmaaome_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_nkeimhogjdpnpccoofpliimaahmaaome_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_k8t3w3m6.ssl.hwcdn.net_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_k8t3w3m6.ssl.hwcdn.net_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_om.elvenar.com_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_om.elvenar.com_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_promo.olybet.eu_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_promo.olybet.eu_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\http_piz7ohhujogi.com_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\http_piz7ohhujogi.com_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\manifest.fingerprint (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_metadata\verified_contents.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\EVWhitelist\7\_platform_specific\all\ev_hashes_whitelist.bin (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies\8\download_file_types.pb (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies\8\manifest.fingerprint (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\FileTypePolicies\8\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash\25.0.0.171\manifest.fingerprint (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash\25.0.0.171\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\PepperFlash\25.0.0.171\pepflashplayer.dll (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\data_0 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\data_1 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\data_2 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\data_3 (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\ShaderCache\GPUCache\index (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant\3\manifest.fingerprint (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant\3\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SSLErrorAssistant\3\ssl_error_assistant.pb (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter\19.104.0\manifest.fingerprint (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter\19.104.0\manifest.json (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Users\user\AppData\Local\Zoohair\User Data\SwReporter\19.104.0\software_reporter_tool.exe (Adware.Ghokswa) -> Delete on reboot. [48c6aab9119855e19c8664d313eded13]
C:\Windows\Temp\winsap_update\00 (Adware.Elex) -> Delete on reboot. [60ae2142c9e0bf7715b9261728d8c937]
C:\Windows\Temp\winsap_update\1111111 (Adware.Elex) -> Delete on reboot. [60ae2142c9e0bf7715b9261728d8c937]
C:\Windows\Temp\winsap_update\3333333 (Adware.Elex) -> Delete on reboot. [60ae2142c9e0bf7715b9261728d8c937]
C:\Program Files\f09er35s\{001989BB-E61E-4FF6-93F3-59951A0CF7C6}\9ur4zpzx.h1d (Adware.Elex) -> Delete on reboot. [ca449ac9f6b338fe705e7d1a0cf46a96]
C:\Users\user\AppData\Roaming\WinSnare\WinSnare.dll (Adware.Elex) -> Delete on reboot. [cb43a4bf3a6fc472d8c0209a877906fa]
C:\Users\user\AppData\Roaming\WinSAPSvc\WinSAP.dll (Adware.Elex) -> Delete on reboot. [3fcf164d87222511bfabfb72cb36e61a]
C:\Reaqapytegupy\Qerzerph.gwc (Adware.Elex) -> Delete on reboot. [46c892d1ddcc85b18addb42031d0e917]
C:\Users\user\AppData\Local\background_fault\7za.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\7za.exe (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\aswRD.exe (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\bf.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\bf.old (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\ccv_blob.bin (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\cef.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\cef_100_percent.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\cef_200_percent.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\cef_extensions.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\cfsa_blob.bin (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\cfs_blob.bin (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\chrome_elf.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\d3dcompiler_43.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\d3dcompiler_47.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\debug.log (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\devtools_resources.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\fcv_blob.bin (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\freebl3.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\icudtl.dat (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\icv_blob.bin (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\libcef.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\libEGL.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\libGLESv2.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\mozglue.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\natives_blob.bin (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\nss3.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\nssdbm3.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\QQIme.exe (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\QQImeRegSkin.cfg (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\QQImeRegSkin.exe (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\snapshot_blob.bin (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\softokn3.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\sqlite3.dll (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\t (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\wb_blob.bin (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\hi.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\am.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ar.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\bg.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\bn.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ca.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\cs.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\da.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\de.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\el.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\en-GB.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\en-US.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\es-419.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\es.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\et.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\fa.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\fi.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\fil.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\fr.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\gu.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\he.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\hr.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\hu.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\id.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\it.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ja.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\kn.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ko.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\lt.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\lv.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ml.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\mr.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ms.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\nb.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\nl.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\pl.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\pt-BR.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\pt-PT.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ro.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ru.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\sk.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\sl.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\sr.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\sv.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\sw.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\ta.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\te.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\th.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\tr.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\uk.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\vi.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\zh-CN.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Users\user\AppData\Local\background_fault\locales\zh-TW.pak (Adware.Elex) -> Delete on reboot. [c04e3a29cadfef47ee4f45995ea33dc3]
C:\Reerdition\Qerzerph.gwc (Adware.Elex) -> Delete on reboot. [fd11f86bd5d4e84ec9e31ace6d94956b]
C:\Terward\Cuwolenuosy.777 (Adware.Elex) -> Delete on reboot. [749a3f24684138fef832d028c041827e]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


#7 Nocturnal558

Nocturnal558
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2017 - 03:27 PM

# AdwCleaner v6.047 - Logfile created 06/07/2017 at 21:56:20
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-06.1 [Server]
# Operating System : Windows 8.1 Pro  (X64)
# Username : user - PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: QQPCRTP
[-] Service deleted: QMUdisk
[-] Service deleted: TFsFlt
[-] Service deleted: WinSAPSvc
[-] Service deleted: SNARE
[-] Service deleted: BIT
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\1102ed48
[-] Folder deleted: C:\ProgramData\6c750828-02f3-1
[-] Folder deleted: C:\ProgramData\6c750828-0455-1
[-] Folder deleted: C:\ProgramData\6c750828-0555-0
[-] Folder deleted: C:\ProgramData\6c750828-0663-0
[-] Folder deleted: C:\ProgramData\6c750828-0823-1
[-] Folder deleted: C:\ProgramData\6c750828-0851-1
[-] Folder deleted: C:\ProgramData\6c750828-0cf3-1
[-] Folder deleted: C:\ProgramData\6c750828-0f87-1
[-] Folder deleted: C:\ProgramData\6c750828-1393-0
[-] Folder deleted: C:\ProgramData\6c750828-1627-1
[-] Folder deleted: C:\ProgramData\6c750828-16e7-1
[-] Folder deleted: C:\ProgramData\6c750828-1b43-0
[-] Folder deleted: C:\ProgramData\6c750828-1b51-1
[-] Folder deleted: C:\ProgramData\6c750828-1c77-1
[-] Folder deleted: C:\ProgramData\6c750828-1dc3-0
[-] Folder deleted: C:\ProgramData\6c750828-2737-1
[-] Folder deleted: C:\ProgramData\6c750828-27f3-1
[-] Folder deleted: C:\ProgramData\6c750828-2a41-0
[-] Folder deleted: C:\ProgramData\6c750828-2d81-0
[-] Folder deleted: C:\ProgramData\6c750828-2e71-1
[-] Folder deleted: C:\ProgramData\6c750828-2fa7-0
[-] Folder deleted: C:\ProgramData\6c750828-2ff5-0
[-] Folder deleted: C:\ProgramData\6c750828-3263-0
[-] Folder deleted: C:\ProgramData\6c750828-3545-1
[-] Folder deleted: C:\ProgramData\6c750828-3b51-1
[-] Folder deleted: C:\ProgramData\6c750828-3c23-0
[-] Folder deleted: C:\ProgramData\6c750828-3c87-0
[-] Folder deleted: C:\ProgramData\6c750828-3fd7-0
[-] Folder deleted: C:\ProgramData\6c750828-44a7-0
[-] Folder deleted: C:\ProgramData\6c750828-4b41-0
[-] Folder deleted: C:\ProgramData\6c750828-4c45-1
[-] Folder deleted: C:\ProgramData\6c750828-5027-0
[-] Folder deleted: C:\ProgramData\6c750828-50e3-0
[-] Folder deleted: C:\ProgramData\6c750828-52b5-0
[-] Folder deleted: C:\ProgramData\6c750828-53a3-0
[-] Folder deleted: C:\ProgramData\6c750828-54b3-1
[-] Folder deleted: C:\ProgramData\6c750828-55f5-0
[-] Folder deleted: C:\ProgramData\6c750828-5721-0
[-] Folder deleted: C:\ProgramData\6c750828-5a71-0
[-] Folder deleted: C:\ProgramData\6c750828-5a85-0
[-] Folder deleted: C:\ProgramData\6c750828-5be3-1
[-] Folder deleted: C:\ProgramData\6c750828-5f13-1
[-] Folder deleted: C:\ProgramData\6c750828-64d7-0
[-] Folder deleted: C:\ProgramData\6c750828-67f5-1
[-] Folder deleted: C:\ProgramData\6c750828-6803-1
[-] Folder deleted: C:\ProgramData\6c750828-6c17-1
[-] Folder deleted: C:\ProgramData\6c750828-6dc3-1
[-] Folder deleted: C:\ProgramData\6c750828-6fb3-1
[-] Folder deleted: C:\ProgramData\6c750828-7c47-0
[-] Folder deleted: C:\ProgramData\6c750828-7ef1-0
[-] Folder deleted: C:\ProgramData\c5f23b7d-34e1-1
[-] Folder deleted: C:\ProgramData\c5f23b7d-58a1-0
[-] Folder deleted: C:\ProgramData\{03e34999-412c-1}
[-] Folder deleted: C:\ProgramData\{098042ab-512c-1}
[-] Folder deleted: C:\ProgramData\{0dab667c-612c-0}
[-] Folder deleted: C:\ProgramData\{10294b79-012c-0}
[-] Folder deleted: C:\ProgramData\{11021262-512c-0}
[-] Folder deleted: C:\ProgramData\{156a4326-412c-0}
[-] Folder deleted: C:\ProgramData\{18f32a80-612c-0}
[-] Folder deleted: C:\ProgramData\{19f95690-212c-0}
[-] Folder deleted: C:\ProgramData\{30a30dc6-112c-0}
[-] Folder deleted: C:\ProgramData\{31c558c6-512c-0}
[-] Folder deleted: C:\ProgramData\{3d353ec7-212c-0}
[-] Folder deleted: C:\ProgramData\{3e9407de-412c-1}
[-] Folder deleted: C:\ProgramData\{42fc4fb5-712c-1}
[-] Folder deleted: C:\ProgramData\{447e36af-712c-1}
[-] Folder deleted: C:\ProgramData\{4ae53e7e-312c-0}
[-] Folder deleted: C:\ProgramData\{4e995c72-312c-0}
[-] Folder deleted: C:\ProgramData\{63ff1314-412c-1}
[-] Folder deleted: C:\ProgramData\{6b2622ba-612c-0}
[-] Folder deleted: C:\ProgramData\{72354ddc-612c-0}
[-] Folder deleted: C:\ProgramData\{73727cee-012c-0}
[-] Folder deleted: C:\ProgramData\{76da4ced-712c-1}
[-] Folder deleted: C:\users\user\AppData\Local\snare
[-] Folder deleted: C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder deleted: C:\Program Files\ReviverSoft
[-] Folder deleted: C:\Program Files\Common Files\Noobzo
[-] Folder deleted: C:\MediaDrug
[-] Folder deleted: C:\Insist
[-] Folder deleted: C:\ProgramData\SearchModule
[-] Folder deleted: C:\ProgramData\Tencent
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SearchModule
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Tencent
[-] Folder deleted: C:\Program Files (x86)\Common Files\Tencent
[-] Folder deleted: C:\Program Files (x86)\Firefox
[-] Folder deleted: C:\Users\user\AppData\Roaming\Firefox
[-] Folder deleted: C:\Users\user\AppData\Local\Firefox
[#] Folder deleted on reboot: C:\Users\user\AppData\Local\SNARE
[-] Folder deleted: C:\Users\user\AppData\Local\Kitty
[-] Folder deleted: C:\ProgramData\BIT
[#] Folder deleted on reboot: C:\Insist
 
 
***** [ Files ] *****
 
[-] File deleted: C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[#] File deleted: C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk
[-] File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\Windows\SysNative\bi3.exe
[-] File deleted: C:\Windows\SysNative\drivers\TFsFltX64.sys
[-] File deleted: C:\END
[-] File deleted: C:\ProgramData\smp2.exe
[#] File deleted: C:\ProgramData\smp2.exe
[#] File deleted: C:\ProgramData\Application Data\smp2.exe
[-] File deleted: C:\Users\Public\Documents\temp.dat
[-] File deleted: C:\Users\Public\Documents\report.dat
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[!] Shortcut not deleted: C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: rthX4JfhbA
[-] Task deleted: {08090E47-0D7A-7D08-0511-0A0B0A791178}
[-] Task deleted: IBUpd2
[-] Task deleted: SMW_P
[-] Task deleted: PPI Update
 
 
***** [ Registry ] *****
 
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\tfsflt
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\qmudisk
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\qqpcrtp
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\snare
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[-] Key deleted: HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
[-] Key deleted: HKLM\SOFTWARE\Classes\qmbfile
[-] Key deleted: HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key deleted: HKLM\SOFTWARE\Classes\qpakfile
[-] Key deleted: HKLM\SOFTWARE\Classes\QQPCMgr.qbox
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qmbfile
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qmgcfiles
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qpakfile
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQPCMgr.qbox
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
[-] Key deleted: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\System Healer
[-] Key deleted: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\deskapp
[#] Key deleted on reboot: HKCU\Software\System Healer
[#] Key deleted on reboot: HKCU\Software\deskapp
[-] Key deleted: HKLM\SOFTWARE\BrowserAir
[-] Key deleted: HKLM\SOFTWARE\OtherSearch
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\msServer
[-] Key deleted: HKLM\SOFTWARE\ourluckysitesSoftware
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
[#] Key deleted on reboot: [x64] HKCU\Software\System Healer
[#] Key deleted on reboot: [x64] HKCU\Software\deskapp
[-] Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data restored: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] Key deleted: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data restored: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E90B129-551A-4759-8B65-7365119A6968}
[-] Data restored: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data restored: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data restored: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key deleted: HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key deleted: HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
[-] Key deleted: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key deleted: HKLM\SOFTWARE\Classes\.qbox
[-] Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
[-] Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key deleted: HKEY_CLASSES_ROOT\.qmgc
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Key deleted: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [3DM]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [16781 Bytes] - [06/07/2017 21:56:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [23672 Bytes] - [05/07/2017 22:12:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [18688 Bytes] - [06/07/2017 21:54:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [17003 Bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 Pro x64 
Ran by user (Administrator) on Thu 07/06/2017 at 22:15:04.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/06/2017 at 22:16:20.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
Ran by user (administrator) on PC (06-07-2017 22:19:45)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes) C:\Users\user\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
(Farbar) C:\Users\user\Desktop\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-07-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-07-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-11] (Facebook Inc.)
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\MountPoints2: {019e0aa2-a3a6-11e4-8268-0cd292a8bb54} - "E:\AutoRun.exe" 
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\MountPoints2: {019e0c28-a3a6-11e4-8268-0cd292a8bb54} - "E:\AutoRun.exe" 
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\MountPoints2: {2ccbe282-83bd-11e6-8290-201a068c0ad8} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\MountPoints2: {e18bc5b6-03d3-11e4-824f-0cd292a8bb54} - "F:\SETUP.EXE" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0FEC3DF3-4C59-48B2-B182-C291EC67DE23}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{5A8A2990-5AB8-41A1-A4AD-AD7EA78714EF}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{892EF2FF-F6B5-456E-AD51-FCF7CD1845FB}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{90429033-A26B-4FFA-9BD3-BB2E0810E84F}: [DhcpNameServer] 82.163.143.176
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\TSWebMon64.dat => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-864103077-3134318834-1874846933-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR HKU\S-1-5-21-864103077-3134318834-1874846933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Session Restore: -> is enabled.
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-25] (ELAN Microelectronics Corp.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-19] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-19] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-05] (Disc Soft Ltd)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-07-05] (Malwarebytes)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R2 wfpgameprotect; C:\Users\user\AppData\Local\Temp\7500.tmp.sys [30576 2017-07-06] (北京万辰博海文化传播有限公司. ) [File not signed] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-06 22:19 - 2017-07-06 22:19 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2017-07-06 22:16 - 2017-07-06 22:16 - 00000669 _____ C:\Users\user\Desktop\JRT.txt
2017-07-06 22:14 - 2017-07-06 22:14 - 01663672 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
2017-07-05 22:00 - 2017-07-06 21:56 - 00000000 ____D C:\AdwCleaner
2017-07-05 20:05 - 2017-07-05 21:58 - 04110280 _____ C:\Users\user\Desktop\AdwCleaner.exe
2017-07-05 08:57 - 2017-07-06 21:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-05 08:57 - 2017-07-06 20:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-05 08:57 - 2017-07-05 08:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-05 08:56 - 2017-07-06 21:28 - 00000000 ____D C:\Users\user\Desktop\mbar
2017-07-05 08:56 - 2017-07-05 08:56 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-05 08:54 - 2017-07-05 08:54 - 16563352 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.09.3.1001.exe
2017-07-05 08:52 - 2017-07-05 08:52 - 00000751 _____ C:\Users\user\Desktop\SALog.txt
2017-07-05 08:51 - 2017-07-05 08:51 - 00899584 _____ C:\Users\user\Desktop\RGSA.exe
2017-07-04 21:02 - 2017-07-04 21:02 - 00033982 _____ C:\Users\user\Desktop\Addition.txt
2017-07-04 21:01 - 2017-07-06 22:19 - 02436608 _____ (Farbar) C:\Users\user\Desktop\FRST64 (1).exe
2017-07-04 21:01 - 2017-07-06 22:19 - 00016162 _____ C:\Users\user\Desktop\FRST.txt
2017-07-04 20:27 - 2017-07-06 22:19 - 00000000 ____D C:\FRST
2017-07-04 18:18 - 2017-06-02 14:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-04 18:18 - 2017-06-02 14:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-04 18:18 - 2017-06-02 14:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-04 18:18 - 2017-06-02 14:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-07-04 18:18 - 2017-06-02 14:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-04 18:18 - 2017-06-02 13:30 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-04 18:18 - 2017-06-02 13:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-04 18:18 - 2017-06-02 12:58 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-04 18:18 - 2017-06-02 12:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-04 18:18 - 2017-06-02 12:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-04 18:18 - 2017-06-02 12:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-04 18:18 - 2017-06-02 12:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-04 18:18 - 2017-06-02 11:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-04 18:18 - 2017-06-02 11:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-04 18:18 - 2017-05-15 21:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-07-04 18:18 - 2017-05-14 22:44 - 04170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-04 18:18 - 2017-05-14 22:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-07-04 18:18 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-04 18:18 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-04 18:18 - 2017-05-14 22:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-07-04 18:18 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-04 18:18 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-04 18:18 - 2017-05-14 21:32 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-04 18:18 - 2017-05-14 21:31 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-04 18:18 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-04 18:18 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-04 18:18 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-04 18:18 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-04 18:18 - 2017-05-14 21:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-07-04 18:18 - 2017-05-14 21:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-07-04 18:18 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-04 18:18 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-04 18:18 - 2017-05-14 20:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-04 18:18 - 2017-05-14 20:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-04 18:18 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-04 18:18 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-04 18:18 - 2017-05-14 20:38 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-04 18:18 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-04 18:18 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-04 18:18 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-04 18:18 - 2017-05-14 20:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-04 18:18 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-04 18:18 - 2017-05-14 20:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-04 18:18 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-04 18:18 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-04 18:18 - 2017-05-14 20:06 - 07441240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-04 18:18 - 2017-05-14 20:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-07-04 18:18 - 2017-05-14 20:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-07-04 18:18 - 2017-05-12 19:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-07-04 18:18 - 2017-05-12 18:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-07-04 18:18 - 2017-05-12 18:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-07-04 18:18 - 2017-05-12 17:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-07-04 18:18 - 2017-05-12 17:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-07-04 18:18 - 2017-05-12 17:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-07-04 18:18 - 2017-05-12 17:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-07-04 18:18 - 2017-05-12 06:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-07-04 18:18 - 2017-05-12 04:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-07-04 18:18 - 2017-05-12 04:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-07-04 18:18 - 2017-05-12 04:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-04 18:18 - 2017-05-12 04:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-04 18:18 - 2017-05-12 04:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-04 18:18 - 2017-05-12 04:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-07-04 18:18 - 2017-05-12 04:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-04 18:18 - 2017-05-12 04:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-04 18:18 - 2017-05-12 04:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-04 18:18 - 2017-05-12 01:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-07-04 18:18 - 2017-05-12 01:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-07-04 18:18 - 2017-05-10 20:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-07-04 18:18 - 2017-05-06 18:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-07-04 18:18 - 2017-05-06 18:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-07-04 18:18 - 2017-04-09 22:40 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
2017-07-04 18:18 - 2017-04-09 22:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2017-07-04 18:18 - 2017-04-09 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbusr.sys
2017-07-04 18:18 - 2017-04-09 21:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspiper.dll
2017-07-04 18:18 - 2017-04-06 19:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-04 18:18 - 2017-04-06 19:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-07-04 18:18 - 2017-04-06 18:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-04 18:18 - 2017-04-06 18:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-04 18:18 - 2017-04-06 18:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-04 18:18 - 2017-04-06 18:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-07-04 18:18 - 2017-04-06 18:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-04 18:18 - 2017-04-06 17:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-07-04 18:18 - 2017-04-02 16:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-07-04 18:18 - 2017-04-02 15:40 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-06 22:17 - 2014-08-27 22:24 - 00000000 __RDO C:\Users\user\OneDrive
2017-07-06 22:17 - 2014-07-05 01:11 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-864103077-3134318834-1874846933-1001
2017-07-06 21:59 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-06 21:55 - 2017-05-04 12:28 - 00000862 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-06 21:55 - 2017-05-04 12:28 - 00000832 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-06 21:55 - 2017-03-24 15:07 - 00000000 ____D C:\Windows\system32\log
2017-07-06 21:55 - 2014-08-08 07:15 - 00000999 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-06 21:53 - 2014-07-05 01:08 - 00820548 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-06 21:53 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-07-06 21:46 - 2013-08-22 16:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-06 21:44 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-06 21:40 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-07-06 21:36 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-06 21:27 - 2017-04-17 11:45 - 00000000 ____D C:\Windows\Update
2017-07-06 21:27 - 2017-03-30 09:44 - 00000000 ____D C:\Update
2017-07-05 22:28 - 2014-08-11 09:23 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-864103077-3134318834-1874846933-1001UA.job
2017-07-05 10:28 - 2014-08-11 09:23 - 00000908 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-864103077-3134318834-1874846933-1001Core.job
2017-07-04 20:23 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-04 19:58 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-07-04 19:57 - 2014-07-05 01:05 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2017-07-04 19:07 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-04 19:06 - 2014-08-01 18:57 - 00000000 ____D C:\Windows\system32\MRT
2017-07-04 19:05 - 2014-08-01 18:57 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-04 18:20 - 2017-06-04 11:58 - 00000000 ____D C:\ProgramData\{9D83F7F0-2A28-405B-FBE9-522B373950C9}
2017-07-04 17:52 - 2017-05-09 17:47 - 00000000 ____D C:\Program Files (x86)\Fijushreibuent
2017-07-04 17:24 - 2015-08-24 10:04 - 00000000 ____D C:\Users\user\Desktop\The great escape
2017-06-18 12:49 - 2016-11-13 13:12 - 00000000 ____D C:\Users\user\Desktop\POZE
2017-06-18 12:29 - 2016-08-06 17:44 - 00000000 ____D C:\Users\user\Desktop\IR
2017-06-18 12:27 - 2017-01-25 11:54 - 00000000 ____D C:\Users\user\Desktop\UN Online Volunteering
2017-06-18 12:25 - 2016-11-21 19:43 - 00000000 ____D C:\Users\user\Desktop\Nowegian Norsk
 
==================== Files in the root of some directories =======
 
2014-12-20 16:54 - 2014-12-20 16:54 - 0000000 _____ () C:\Users\user\AppData\Roaming\Microsoft\A2C3.tmp
2014-07-05 01:17 - 2014-07-05 01:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-04 18:55
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by user (06-07-2017 22:20:36)
Running from C:\Users\user\Desktop
Windows 8.1 Pro (Update) (X64) (2014-07-04 23:05:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-864103077-3134318834-1874846933-500 - Administrator - Disabled)
Guest (S-1-5-21-864103077-3134318834-1874846933-501 - Limited - Enabled)
user (S-1-5-21-864103077-3134318834-1874846933-1001 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{205E0849-EBC1-59B1-E47F-BF00D985FE7D}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3114 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.6.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nero 8 Lite 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software)
PowerXpressHybrid (HKLM-x32\...\{51FDC2DE-0917-46B7-EAEC-5377504701DE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (HKLM-x32\...\{0CBC1600-74DC-961B-E97E-4CC7E452CD1A}) (Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.34 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.34.103 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\QMGCShellExt64.dll -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-04-18] (Intel Corporation)
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] ()
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07391CDC-F3C7-4CE7-96B3-A129D4C85CCD} - \KMS Server OnLogon Activate -> No File <==== ATTENTION
Task: {1E020F34-FC73-4610-A411-99E094692B69} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-864103077-3134318834-1874846933-1001UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-11] (Facebook Inc.)
Task: {2173EB61-501F-458D-A7F3-0BF286455C0F} - System32\Tasks\Pmetainqecdom Log => C:\Program Files (x86)\Fijushreibuent\xprapgh.exe
Task: {341C2019-758F-4EA1-8527-E6F9B1A9A038} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-864103077-3134318834-1874846933-1001Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-11] (Facebook Inc.)
Task: {3500A1D5-C882-43F2-87A1-5A472EC6B6AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3CC7478A-2DCC-4942-B7BE-6B585B96FD48} - System32\Tasks\{254F14A9-676E-DA05-2908-756CA781035C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\1102ed48\6a3e82be.dll" <==== ATTENTION
Task: {611EBE83-84EF-4ABF-8A50-C12C06BE5299} - System32\Tasks\Opera scheduled Autoupdate 1470496361 => C:\Program Files (x86)\Opera\launcher.exe [2017-05-31] (Opera Software)
Task: {9E7922EC-D4A2-43A7-8C9E-F2A4E42C4D2F} - \KMS Server Daily Activate -> No File <==== ATTENTION
Task: {C60BFB94-F718-4533-A1DB-C39E63DDD366} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DDFD1154-44CB-46BF-8BA9-FA15960740B2} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-09-01] (Dolby Laboratories Inc.)
Task: {E78ECF93-E721-4C68-9C13-A7DA3484ABC2} - \Anonotainwnight -> No File <==== ATTENTION
Task: {EA018BA4-FD87-482B-9EF6-BC321DC519B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {FC4DB51E-88A0-434C-BF42-7B4980AC1093} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {FD4D4532-D61D-4895-9F2A-D547746B7342} - System32\Tasks\Start Registry Reviver for pc@user(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-864103077-3134318834-1874846933-1001Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-864103077-3134318834-1874846933-1001UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-05 01:43 - 2008-06-20 09:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-05 01:12 - 2012-07-18 15:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-06-04 12:01 - 2017-06-04 12:01 - 66272856 _____ () C:\Program Files (x86)\Opera\45.0.2552.888\opera_browser.dll
2017-06-04 12:01 - 2017-06-04 12:00 - 02926680 _____ () C:\Program Files (x86)\Opera\45.0.2552.888\libglesv2.dll
2017-06-04 12:01 - 2017-06-04 12:00 - 00088152 _____ () C:\Program Files (x86)\Opera\45.0.2552.888\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Desktop\POZE\18009014_1329682637109340_304997875_n.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run32: => "AppHelperV5.exe"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-864103077-3134318834-1874846933-1001\...\StartupApproved\Run: => "ZYGNHFIOQX.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2E9DFC74-F2D9-443C-8096-FFBF029667C2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4D43765F-ED36-4476-9D1E-F33F0E23B775}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B391C72C-2080-4AD8-A384-8BBC4C3B1A75}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{11A4FC28-9DFB-410B-94B5-41C041697DC8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6856A22F-D2C2-49BA-AA85-BA414AB8AC12}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F9755B5A-D811-437B-BF17-667AF6C62C95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6AD48E14-18AA-428B-85F5-EF1420626D2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EFB57E4A-D0B7-4155-A368-E3D155089770}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9C9BAE39-C6D5-47B3-9A7C-442B8D452042}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4C44814-CCA3-4A22-907E-1D679B92E41E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{99412ABC-67FE-4CDB-9AFB-5245B4A257D3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C33717A3-E20F-4096-ACD1-AB5D41F742BD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{35145F41-3C5F-4CE8-9CFD-B34C00E8BAA5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E7499AA7-DDFC-4A1E-8FE0-4FA9DE53FF79}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{25A1F9F7-8662-495D-97A3-F777D1FE21F0}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8C006858-691A-4604-9A89-D10BBCA040C8}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00F72FCB-02DA-4570-81DF-50E2DFB86ABA}] => (Allow) C:\Users\user\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{C5D6D168-0E0F-4C8B-9368-8DE25D4DC844}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{17D1CB77-89B9-4DE0-8E4A-8FE860FBB2FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{788BA6BC-EE78-4D24-AC9B-81885D1F297E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A0C475D3-EEF5-42FB-8774-B2D930A21A79}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{ECBCA389-AF08-49AF-AB77-443FCF67F0C5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{B53E56F1-7BD1-417B-9F20-61393F5629D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D465F4EA-72E6-425F-971D-6A5AB9EDEF16}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B7E04214-C686-4C83-AD6B-A2DB5827CBEE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0409C502-F533-44B3-8E19-05B024563EAE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1EBF7122-EB29-4FC3-99E7-3C81DD8F12B8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{831B7702-B217-42BA-A271-B64425736389}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{D95605E1-D30D-4426-8D81-E72B54D1DFD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{91234EBB-7E54-4B8B-8668-2A26F5692272}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{AFE8D06D-89D1-4DEB-8905-4905CD2880E5}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
FirewallRules: [{5542E2CE-6B82-4FD0-8653-6388B536BC73}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
 
==================== Restore Points =========================
 
28-05-2017 08:19:09 Windows Update
04-07-2017 18:56:18 Windows Update
06-07-2017 21:23:49 Malwarebytes Anti-Rootkit Restore Point
06-07-2017 22:15:07 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2017 10:14:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/06/2017 10:14:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WWAHost.exe, version: 6.3.9600.17415, time stamp: 0x545036ce
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794
Exception code: 0x00000004
Fault offset: 0x00000000000095fc
Faulting process id: 0xff8
Faulting application start time: 0x01d2f694771efe73
Faulting application path: C:\Windows\System32\WWAHost.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: b508f85e-6287-11e7-82a6-201a068c0ad8
Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: Windows.Store
 
Error: (07/06/2017 10:14:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe3
 
Error: (07/06/2017 10:14:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe3
 
Error: (07/06/2017 10:14:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe3
 
Error: (07/06/2017 10:14:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe3
 
Error: (07/06/2017 10:14:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe3
 
Error: (07/06/2017 10:14:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe3
 
Error: (07/06/2017 10:14:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe3
 
Error: (07/06/2017 10:14:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe3
 
 
System errors:
=============
Error: (07/06/2017 10:03:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/06/2017 10:02:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/06/2017 10:00:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The TeamViewer 9 service hung on starting.
 
Error: (07/06/2017 09:56:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (07/06/2017 09:56:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (07/06/2017 09:56:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (07/06/2017 09:55:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (07/06/2017 09:54:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/06/2017 09:54:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/06/2017 09:54:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-04 19:06:43.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-30 21:56:53.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-04-30 10:56:31.026
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-04-30 10:56:31.011
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-04-30 10:56:30.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-04-30 10:45:11.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-04-30 10:43:27.007
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-04-30 10:43:26.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-04-30 10:43:26.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-04-29 23:18:06.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 3996.85 MB
Available physical RAM: 1929.65 MB
Total Virtual: 5660.85 MB
Available Virtual: 3431.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.17 GB) (Free:772.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Users shortcut scan result (x64) Version: 05-07-2017
Ran by user (06-07-2017 22:20:57)
Running from C:\Users\user\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (No File)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero CoverDesigner.lnk -> C:\Program Files (x86)\Nero\Nero CoverDesigner\CoverDes.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero WaveEditor.lnk -> C:\Program Files (x86)\Nero\Nero WaveEditor\waveedit.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Extra\Nero BurnRights.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero BurnRights\NeroBurnRights.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Extra\Nero DiscSpeed.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero DiscSpeed\DiscSpeed.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Extra\Nero DriveSpeed.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero DriveSpeed\DriveSpeed.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Extra\Nero InfoTool.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero InfoTool\InfoTool.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext (x64).lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -> C:\Program Files\Java\jre1.8.0_31\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -> C:\Program Files\Java\jre1.8.0_31\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Graphics and Media Control Panel.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Demo.lnk -> C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4d.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Profile.lnk -> C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4e.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk -> C:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x64.exe (Duplex Secure Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Catalyst Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\user\Documents ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\user\Pictures ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Users\Public\Desktop\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\user\Links\Desktop.lnk -> C:\Users\user\Desktop ()
Shortcut: C:\Users\user\Links\Downloads.lnk -> C:\Users\user\Downloads ()
Shortcut: C:\Users\user\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\user\Desktop\This PC - Shortcut.lnk -> System Folder
Shortcut: C:\Users\user\Desktop\The great escape\poze\Pictures for Ada\priv\Documents - Shortcut.lnk -> C:\Users\user\Documents ()
Shortcut: C:\Users\user\Desktop\POZE\Ada\lES ORIGINS DE LA LANGUE ARABE.docx.lnk -> C:\Users\user\Desktop\lES ORIGINS DE LA LANGUE ARABE.docx (No File)
Shortcut: C:\Users\user\Desktop\POZE\Ada\Notes for the dissertation.docx.lnk -> C:\Users\user\Desktop\NAWAL SADAAWY\Notes for the dissertation.docx (No File)
Shortcut: C:\Users\user\Desktop\FRENCH\lES ORIGINS DE LA LANGUE ARABE.docx.lnk -> C:\Users\user\Desktop\lES ORIGINS DE LA LANGUE ARABE.docx (No File)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Volume Mixer.lnk -> C:\Windows\System32\SndVol.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switchable Graphics.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Dashboard SingleAspectPage LeafName=Leaf_PowerXpress
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk -> C:\Windows\Installer\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}\wmdc.exe (Microsoft Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Setup\Nero ControlCenter.lnk -> C:\Program Files (x86)\Common Files\Nero\Nero Web\SetupX.exe (Nero AG) -> MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter64.dll",DirectVobSub
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () -> /resetsettings
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Advanced Statistics.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel® Corporation) -> /sf Advanced Statistics
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Event Viewer.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel® Corporation) -> /sf Wireless Event Viewer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Manual Diagnostics.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel® Corporation) -> /sf Wireless Diagnostics
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\Users\user\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
 
==================== End of Shortcut.txt =============================
 
The computer was never very fast, but it seems much more responsive now; the FRST scan was much quicker than last time.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:36 AM

Posted 06 July 2017 - 04:01 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\TSWebMon64.dat => No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 wfpgameprotect; C:\Users\user\AppData\Local\Temp\7500.tmp.sys [30576 2017-07-06] (北京万辰博海文化传播有限公司. ) [File not signed] <==== ATTENTION
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\QMGCShellExt64.dll -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
Task: {07391CDC-F3C7-4CE7-96B3-A129D4C85CCD} - \KMS Server OnLogon Activate -> No File <==== ATTENTION
Task: {3CC7478A-2DCC-4942-B7BE-6B585B96FD48} - System32\Tasks\{254F14A9-676E-DA05-2908-756CA781035C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\1102ed48\6a3e82be.dll" <==== ATTENTION
Task: {9E7922EC-D4A2-43A7-8C9E-F2A4E42C4D2F} - \KMS Server Daily Activate -> No File <==== ATTENTION
Task: {E78ECF93-E721-4C68-9C13-A7DA3484ABC2} - \Anonotainwnight -> No File <==== ATTENTION
FirewallRules: [{831B7702-B217-42BA-A271-B64425736389}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Nocturnal558

Nocturnal558
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 07 July 2017 - 02:36 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by user (07-07-2017 21:28:07) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: ????????? -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\TSWebMon64.dat => No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 wfpgameprotect; C:\Users\user\AppData\Local\Temp\7500.tmp.sys [30576 2017-07-06] (??????????????. ) [File not signed] <==== ATTENTION
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\12.1.18202.223\QMGCShellExt64.dll -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} =>  -> No File
Task: {07391CDC-F3C7-4CE7-96B3-A129D4C85CCD} - \KMS Server OnLogon Activate -> No File <==== ATTENTION
Task: {3CC7478A-2DCC-4942-B7BE-6B585B96FD48} - System32\Tasks\{254F14A9-676E-DA05-2908-756CA781035C} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\1102ed48\6a3e82be.dll" <==== ATTENTION
Task: {9E7922EC-D4A2-43A7-8C9E-F2A4E42C4D2F} - \KMS Server Daily Activate -> No File <==== ATTENTION
Task: {E78ECF93-E721-4C68-9C13-A7DA3484ABC2} - \Anonotainwnight -> No File <==== ATTENTION
FirewallRules: [{831B7702-B217-42BA-A271-B64425736389}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} => key removed successfully
HKLM\Software\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 => key removed successfully
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => key removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => key removed successfully
gupdatem => service removed successfully
wfpgameprotect => Unable to stop service.
HKLM\System\CurrentControlSet\Services\wfpgameprotect => key removed successfully
wfpgameprotect => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon => key removed successfully
HKLM\Software\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX => key removed successfully
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07391CDC-F3C7-4CE7-96B3-A129D4C85CCD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07391CDC-F3C7-4CE7-96B3-A129D4C85CCD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS Server OnLogon Activate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CC7478A-2DCC-4942-B7BE-6B585B96FD48} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CC7478A-2DCC-4942-B7BE-6B585B96FD48} => key removed successfully
C:\Windows\System32\Tasks\{254F14A9-676E-DA05-2908-756CA781035C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{254F14A9-676E-DA05-2908-756CA781035C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E7922EC-D4A2-43A7-8C9E-F2A4E42C4D2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E7922EC-D4A2-43A7-8C9E-F2A4E42C4D2F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS Server Daily Activate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E78ECF93-E721-4C68-9C13-A7DA3484ABC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E78ECF93-E721-4C68-9C13-A7DA3484ABC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anonotainwnight => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{831B7702-B217-42BA-A271-B64425736389} => value removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 21:29:22 ====
 
The computer seems fine now, much better than before! Is there anything else I need to do?


#10 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:36 AM

Posted 07 July 2017 - 03:27 PM

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


Can you tell me how your computer is running now and if there are any remaining malware related problems.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Nocturnal558

Nocturnal558
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 08 July 2017 - 02:19 AM

C:\$Recycle.Bin\S-1-5-21-864103077-3134318834-1874846933-1001\$RUTYV7C.exe Win32/TrojanDownloader.Agent.DJM trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\muqcuxfsparhzvzetnylfgqpaezyxvqe.back a variant of Win32/SpeedBit.BP potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\orhceioeovnxlgrjfadynpiapoqinmoa.back LNK/Agent.DR trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\tfjyvccyfggokwfarjntkpqpptwwnofe.back a variant of Win32/SpeedBit.BR potentially unwanted application cleaned by deleting
C:\AdwCleaner\quarantine\files\bkrizdrrodybeiqhelwcopbvmhqvwymx\Firefox\Profiles\gt8txkdg.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi JS/Adware.Agent.O application deleted
C:\AdwCleaner\quarantine\files\bnnckpouecvvjtcvkizotvezakbggtgm\Snare.dll a variant of Win64/Snarasite.G trojan cleaned by deleting
C:\AdwCleaner\quarantine\files\swwlmxhymytvzrpeuprzhluovdspnjev\rzf.8v0 a variant of Win32/Adware.ELEX.NL application cleaned by deleting
C:\AdwCleaner\quarantine\files\ztruufljpqqmkhxazyotvzlavdhrwyaw\6a3e82be.dll a variant of Win32/Kryptik.FRFK trojan cleaned by deleting
C:\Program Files\vnzcyiah\{5C003568-52CE-47F8-B9C0-2C802167335E}\fktu6dum.uom a variant of Win32/Adware.ELEX.LK application cleaned by deleting
C:\Program Files\vnzcyiah\{AB4E93C3-A73A-415F-8338-C6DE1748E0E5}\fktu6dum.uom Win32/Adware.ELEX.LR application cleaned by deleting
C:\Program Files\vnzcyiah\{CA649974-EA1B-4FF2-BC0D-27FE48E5CF1D}\fktu6dum.uom a variant of Win32/Adware.ELEX.KG application cleaned by deleting
C:\Program Files\vnzcyiah\{FD299AAA-2DC0-43B4-817A-D1DBC2688E2E}\fktu6dum.uom Win32/Adware.ELEX.NL application cleaned by deleting
C:\Program Files (x86)\Microsoft Toolkit Final\AdAgent-build1201.exe a variant of Win32/Wdfload.P trojan cleaned by deleting
C:\Program Files (x86)\Microsoft Toolkit Final\MicrosoftToolkitInstall.bat Win32/TrojanDropper.Addrop.AS trojan cleaned by deleting
C:\Program Files (x86)\Microsoft Toolkit Final\windows_reg_ac.exe Win32/InstallCore.Gen.A potentially unwanted application cleaned by deleting
C:\Program Files (x86)\MIO\MIO.exe Win32/Tencent.I potentially unwanted application cleaned by deleting
C:\Windows\Installer\9dfc830.msi a variant of Win32/Adware.ELEX.KG application deleted
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Update0515_new[1].exe a variant of Win32/Adware.ELEX.OK application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_052444_new[1].exe a variant of Win32/Adware.ELEX.RR application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_20170413zip_res2_new[1].exe a variant of Win32/Adware.ELEX.NG application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_20170425_newmm[1].exe a variant of Win32/Adware.ELEX.NG application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_20170427_newmm[1].exe a variant of Win32/Adware.ELEX.NG application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_mmmm5252_new[1].exe a variant of Win32/Adware.ELEX.NG application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_zip_20170405_new[1].exe a variant of Win32/Adware.ELEX.JC application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_zip_20170420000new[1].exe a variant of Win32/Adware.ELEX.JC application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_zip_res20170405_new[1].exe a variant of Win32/Adware.ELEX.JC application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_zip_res201704199_new[1].exe Win32/Adware.ELEX.JC application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_zip_res201704266777_new[1].exe a variant of Win32/Adware.ELEX.NG application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updater_zip_res2_04177new[1].exe a variant of Win32/Adware.ELEX.NG application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Updateu_0504up[1].exe Win32/Adware.ELEX.NG application cleaned by deleting
C:\Windows\Temp\1zs34A4.tmp Win32/Adware.ELEX.LK application cleaned by deleting
C:\Windows\Temp\1zs68A2.tmp Win32/Adware.ELEX.LK application cleaned by deleting
C:\Windows\Temp\D_Box.dll Win32/Adware.ELEX.OQ application cleaned by deleting
C:\Windows\Temp\gsv22C3.tmp a variant of Win32/Adware.ELEX.LK application cleaned by deleting
C:\Windows\Temp\gsv241E.tmp a variant of Win32/Adware.ELEX.LK application cleaned by deleting
C:\Windows\Temp\gsvDCE9.tmp a variant of Win32/Adware.ELEX.LK application cleaned by deleting
C:\Windows\Temp\szmF7CE.tmp a variant of Win32/Adware.ELEX.LW application cleaned by deleting
C:\Windows\Temp\w9y1BF7.tmp a variant of Win32/Adware.ELEX.LK application cleaned by deleting
C:\Windows\Temp\hp5FDC.tmp\CPK.exe a variant of Win32/Adware.ELEX.MA application cleaned by deleting
C:\Windows\Temp\hp6164.tmp\CPK.exe a variant of Win32/Adware.ELEX.MA application cleaned by deleting
 
So far I haven't encountered any more malware problems, and the computer is running as good as new! 


#12 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:36 AM

Posted 08 July 2017 - 03:04 AM

***


It Appears That Your Pc Is Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===================================

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Make sure you keep your Windows OS current.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step2: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step3: Use only one anti-virus software and keep it up-to-date.

:step4: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step5: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step6: Use Strong passwords!

:step7: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Nocturnal558

Nocturnal558
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 08 July 2017 - 03:22 AM

Thank you so much! The computer is running smoothly. You really helped a lot! Thank you!



#14 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:36 AM

Posted 08 July 2017 - 04:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users