Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 14/08/2015 Scan Time: 08:10 ? Logfile: malwar.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.14.05 Rootkit Database: v2015.08.06.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: USER Scan Type: Threat Scan Result: Completed Objects Scanned: 348115 Time Elapsed: 12 min, 16 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.ServiceRNDM.A, C:\Program Files (x86)\Encouraging Half\Encouraging Half.exe, 2136, Delete-on-Reboot, [5667db2d3d4ee94d0848943148b99a66] Modules: 0 (No malicious items detected) Registry Keys: 28 PUP.Optional.ServiceRNDM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Encouraging Half, Quarantined, [5667db2d3d4ee94d0848943148b99a66], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DigiAd.DigiAd, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DigiAd.DigiAd.1, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.DigiAd.A, HKU\S-1-5-21-2053976235-884815390-2803441983-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2ED35963-FCC9-4698-B619-787FE1C75079}, Quarantined, [219c58b06922b680933cdef4be444cb4], PUP.Optional.Mistl.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Mistl, Delete-on-Reboot, [ead39870becdcc6a2ca53adf04ffb749], PUP.Optional.Newsfeed.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Newsfeed, Delete-on-Reboot, [8d3030d8246793a3e047dc3bbc475fa1], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [902dea1e810a82b4815816908381c040], PUP.Optional.Venteero.A, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C, Quarantined, [24999078414acc6a60a7436126def709], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [ad107197c6c53afcc613a5010afa18e8], PUP.Optional.Venteero.A, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C, Quarantined, [edd07c8ce4a7ba7c39ce950f61a3857b], PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [338a57b15734dc5ab2ddfab05fa57789], PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [d1ecf117167569cd018e7f2b40c40000], PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [3c81f216444794a2c5ccc0ea2ada7b85], Registry Values: 10 PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\RECOMMENDED|HomepageLocation, http://www.alarabeyes.com/, Quarantined, [fcc1a068dead69cd42b7d4cf8e767987] PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\RESTOREONSTARTUPURLS|1, http://www.alarabeyes.com/, Quarantined, [4776bc4ce6a5e452ab4ffca7d133bf41] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [902dea1e810a82b4815816908381c040] PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.alarabeyes.com/, Quarantined, [308d996f7615bb7bde1d70337f8536ca] PUP.Optional.Venteero.A, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C|DisplayName, VenteeRo, Quarantined, [24999078414acc6a60a7436126def709] PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\RECOMMENDED|HomepageLocation, http://www.alarabeyes.com/, Quarantined, [f2cb996f117a181e00f9f0b3ca3aac54] PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\RESTOREONSTARTUPURLS|1, http://www.alarabeyes.com/, Quarantined, [65589f6968235adc30ca5e45c73d817f] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [ad107197c6c53afcc613a5010afa18e8] PUP.Optional.Alarabeyes.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.alarabeyes.com/, Quarantined, [b508db2ddfac5fd76893c8db83818977] PUP.Optional.Venteero.A, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ADEF3E17-71F9-4526-B033-B7CB738F050C|DisplayName, VenteeRo, Quarantined, [edd07c8ce4a7ba7c39ce950f61a3857b] Registry Data: 2 PUP.Optional.ArabyOnline.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.arabyonline.com/?src=1000, Good: (www.google.com), Bad: (http://www.arabyonline.com/?src=1000),Replaced,[f6c763a55b30fc3a13a57cd58f76f50b] PUP.Optional.ArabyOnline.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.arabyonline.com/?src=1000, Good: (www.google.com), Bad: (http://www.arabyonline.com/?src=1000),Replaced,[5766f81097f493a3a8117dd4689d58a8] Folders: 7 PUP.Optional.Kirin.A, C:\ProgramData\Kirin, Quarantined, [a5187f894942fd3970e84ccf8e75b64a], PUP.Optional.Flasher.A, C:\Users\USER\AppData\Roaming\Flasher, Quarantined, [823bb850b3d81b1b4ab4f0b38a7ab848], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], Files: 90 PUP.Optional.ServiceRNDM.A, C:\Program Files (x86)\Encouraging Half\Encouraging Half.exe, Delete-on-Reboot, [5667db2d3d4ee94d0848943148b99a66], RiskWare.Tool.CK, C:\ProgramData\AutoKMS\Resources\KMSKG\Keygen.exe, Quarantined, [437af117d2b90135d4dd7ce57f81d12f], PUP.Optional.Multiplug.A, C:\Program Files (x86)\Apps Launcher\Apps Launcher.exe, Quarantined, [d1ec9375711a22142eeba1f7778a6799], PUP.Optional.Multiplug.A, C:\Program Files (x86)\Smart Pause for YouTube\Smart Pause for YouTube.exe, Quarantined, [c3fa65a3bccf8aace7e6d6a4aa578977], PUP.Optional.MultiPlug, C:\Program Files (x86)\LibrarySystem\LibrarySystem.dll, Quarantined, [d2ebe721b4d7c472bfabb01fe61bab55], Worm.Viking, C:\Windows\Temp\_avast_\unp17653426.tmp, Quarantined, [fbc27a8e840779bd657d428e3aca29d7], Trojan.Agent.qrz, C:\Windows\Temp\_avast_\unp17677070.tmp, Quarantined, [566753b54f3cc96d2a711da3a45d956b], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\$RECYCLE.BIN.exe, Quarantined, [764705035e2d56e0974bb51b788c926e], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Tools.exe, Quarantined, [12abfa0eb2d938fef6ec913ff212639d], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ???? ????????.exe, Quarantined, [3c8108006d1eaa8c41a17b55e81c24dc], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ????? ??????? ????????.exe, Quarantined, [e5d838d095f65fd79c4605cb41c36f91], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????.exe, Quarantined, [4b7254b4b7d4bf77826019b7996b07f9], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\???? ?????.exe, Quarantined, [d5e89375800bef47b32f993736ce9868], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ???? ?????? ??????? ???????? ????????.exe, Quarantined, [b607e820e2a93afc10d28c444bb947b9], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ?????.exe, Quarantined, [b508e91fb3d8191d3ca6686805ff60a0], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Indexes.exe, Quarantined, [5d6065a3fc8f0630b32f4e82fa0a0bf5], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Photos of the designs.exe, Quarantined, [74497d8b1b706dc9edf5725eaa5a9c64], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\ .exe, Quarantined, [526b47c188034fe7d40ed1ff6f95f010], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ????.exe, Quarantined, [8e2f868237547fb7eff322aeae56fa06], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\VISITING CARD.exe, Quarantined, [cdf023e546450135736fd7f98a7a5fa1], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Soft.exe, Quarantined, [9a237098d9b27abc01e1ce02b450cb35], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\System Volume Information.exe, Quarantined, [2b9254b494f70f27dc060fc1887c2ad6], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Drivers.exe, Quarantined, [239aa7617813b77f0fd3bf11e4209a66], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Office Collection.exe, Quarantined, [02bb4eba5e2deb4bdb07448c3dc70af6], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Office=2003.exe, Quarantined, [0eaf38d0f4971c1a26bcf4dc10f48f71], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\New folder.exe, Quarantined, [605d18f05d2eb581f2f016ba877df907], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\al-sayda.exe, Quarantined, [437aea1e3b50c86e6c7679576e965da3], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\??? ????.exe, Quarantined, [cbf273955e2dd75f9d45844c47bd18e8], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\?????.exe, Quarantined, [bd0059afff8caa8cfae89f31c341fc04], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????? ?????.exe, Quarantined, [e8d5b256d5b6c96dce14dff10afaf709], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\??????.exe, Quarantined, [2e8f6a9e0487a09692506c649d6715eb], Worm.Viking, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\????.exe, Quarantined, [3c8134d43457162041a1eee252b23cc4], Worm.AutoRun.FLDGen, C:\Users\USER\AppData\Local\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr\tlsr.exe, Quarantined, [c8f51eea13788bab8a308b34c53bb54b], Worm.Viking, C:\Users\USER\Desktop\al-sayda\$RECYCLE.BIN.exe, Quarantined, [902d9a6e2467191d3ea4b41c5ea6936d], Worm.Viking, C:\Users\USER\Desktop\al-sayda\New folder.exe, Quarantined, [caf358b03e4d072f0bd7b91713f1b848], Worm.Viking, C:\Users\USER\Desktop\al-sayda\Photos of the designs.exe, Quarantined, [febfce3aaddeab8b10d29b35a95b0df3], Worm.Viking, C:\Users\USER\Desktop\al-sayda\System Volume Information.exe, Quarantined, [417c58b04c3ff1452fb312be917334cc], Worm.Viking, C:\Users\USER\Desktop\al-sayda\VISITING CARD.exe, Quarantined, [754809ff513aba7caa3827a9dc2835cb], Worm.Viking, C:\Users\USER\Desktop\al-sayda\??? ????.exe, Quarantined, [e1dcf41429621e180fd313bd887c936d], Worm.Viking, C:\Users\USER\Desktop\al-sayda\?????.exe, Quarantined, [aa13f513a0ebeb4b4f9301cfaa5a55ab], Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ???? ????????.exe, Quarantined, [5667ff09f794df57e101e3ed60a434cc], Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ????? ??????? ????????.exe, Quarantined, [b00d5aaebccf36009b477c541ce80ef2], Worm.Viking, C:\Users\USER\Desktop\al-sayda\???? ?????.exe, Quarantined, [8c31b3555f2c9a9c36ac10c0b252629e], Worm.Viking, C:\Users\USER\Desktop\al-sayda\????? ???? ?????? ??????? ???????? ????????.exe, Quarantined, [a716cf396c1f033313cf7f51ab595aa6], Worm.Viking, C:\Users\USER\Desktop\al-sayda\????? ?????.exe, Quarantined, [ad10fa0ee2a93501e101765a5ba97b85], Worm.Viking, C:\Users\USER\Desktop\al-sayda\????.exe, Quarantined, [dbe20cfc800bdc5a24bef3ddfb090af6], Worm.Viking, C:\Users\USER\Desktop\al-sayda\al-sayda.exe, Quarantined, [dae3d7314744f343c220963ab64ef808], Backdoor.Bot, C:\Users\USER\Desktop\al-sayda\al-sayda\om alsada\I am going to write six paragraphs as stated in below with discussion as per what come from Strata 5.rar, Quarantined, [417c3fc967249a9cbab11a252ad727d9], PUP.Optional.Newsfeed.A, C:\Windows\System32\Tasks\Newsfeed, Quarantined, [14a9e325c7c4152134f1fc1b82816f91], PUP.Optional.Kirin.A, C:\ProgramData\Kirin\Kirin.exe, Quarantined, [a5187f894942fd3970e84ccf8e75b64a], PUP.Optional.Flasher.A, C:\Users\USER\AppData\Roaming\Flasher\c32s.exe, Quarantined, [823bb850b3d81b1b4ab4f0b38a7ab848], PUP.Optional.Mistl.A, C:\Windows\System32\Tasks\Mistl, Quarantined, [64598088aae15bdb12f36d37a262ab55], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\08ed620663508e0d92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\7255dd404315d42792d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\1c0966006fc8224892d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2629efe376e3f51e92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2c8582ccba4cc27d92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\2cac10f0f5b5591b92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\3329db3bdc2c735892d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\37775abd6f6704a292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\3b666fd215f9c6e192d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\4775d99c57b1799e92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\531bc903068f7d9492d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\819693f03968562692d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\94ed4de9ca3f824992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\954accd1ef18255b92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\9809bbaa207c3dbd92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\9937b805c8966bb492d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\99905630be9437c292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\ad5e6328e91d5a2592d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\c5dda8811636467792d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d1b823d8a4cc414992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d38e8734560118a992d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d6ae24e4beaa0e7292d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\d7ffeb7de77a112f92d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.MultiPlug.Gen, C:\ProgramData\10112784726666790732\f53ea0395e83aa9092d96f76a0aa5139.ini, Quarantined, [2598d632ef9cb87e041a4767fc08e41c], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome.manifest, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\install.rdf, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\filesrv.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\globals.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\main.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\main.xul, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\mainOriginal.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\prefs.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\tabs_listener.js, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\AdvanT.ico, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa128.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa16.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Avant.A, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com\chrome\content\skin\Mopa48.png, Quarantined, [b706a761ed9e3501a9703fd3a55e956b], PUP.Optional.Alarabeyes, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www.alarabeyes.com/"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"}}), Replaced,[57667494ff8c77bf5c69365611f4f907] Physical Sectors: 0 (No malicious items detected) (end)