Search the Community

Showing results for tags 'adware.elex'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Malware Removal for Windows
    • Malware Removal for Mac
    • Malware Removal for Mobile
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3
    • Malwarebytes for Mac
    • Malwarebytes for Android
    • False Positives
    • Translator Lounge
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
  • General
    • General Chat
    • Forums Announcements & Feedback

Found 11 results

  1. It seems that I can't get rid of Adware.Elex. Malwarebytes finds it, I add it to quarantine, delete it. In a few days pop-ups are back to Chrome, besides installing fake browsers and some additional apps. I've read few similar topics here before and it seems that it is relevant to provide Farbar Recovery System Tool logs. So, attached I provide logs from Farbar Recovery System Tool and logs from last 10 days of MalwareBytes scans. Thanks for your help. Addition.txt FRST.txt MB09052017.txt MB12052017.txt MB14052017.txt MB15052017.txt MB17052017.txt
  2. What is MaohaWiFi? The Malwarebytes research team has determined that MaohaWiFi is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by MaohaWiFi? You may see these entries in your list of installed programs and features: these Scheduled Tasks: and these warnings during install: Also your computer will be slow and showing a host of popups, popunders and advertisements in browser windows. How did MaohaWiFi get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove MaohaWiFi? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MaohaWiFi? You can uninstall any additional uninvited programs from your list of installed programs and features. You can remove the orphaned and unwanted icons from your dersktop and taskbar. This adware creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the MaohaWiFi adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks some of the connections the installer tries to make: Technical details for experts Excerpt of the Malwarebytes log (full log available on request): Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/13/17 Scan Time: 9:47 AM Log File: mbamMaohaWiFi.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2142 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 335996 Threats Detected: 1874 Threats Quarantined: 1874 Time Elapsed: 3 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 12 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\MAOHAWIFISVR.EXE, Quarantined, [2], [356754],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCSERVICE.EXE, Quarantined, [2972], [355934],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCSERVICE.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCCLOUD.EXE, Quarantined, [2972], [355934],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\kytipsh.exe, Quarantined, [1156], [358169],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\UCAGENT.EXE, Quarantined, [1367], [380108],1.0.2142 Module: 36 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\TIPSDLL.DLL, Quarantined, [2], [356754],1.0.2142 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\UPDATER\CHECKUPDATE.DLL, Quarantined, [2], [356754],1.0.2142 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\MAOHAWIFISVR.EXE, Quarantined, [2], [356754],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCPLUGIN.DLL, Quarantined, [2972], [355934],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCSERVICE.EXE, Quarantined, [2972], [355934],1.0.2142 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\MAOHASUBSTAT.DLL, Quarantined, [2], [356754],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\DUILIB32.DLL, Quarantined, [2972], [355934],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\UPDATER.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCSERVICE.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\LIBMP3LAME.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\LIBMP3LAME.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\LIBMP3LAME.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\LIBMP3LAME.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCCLOUD.EXE, Quarantined, [2972], [355934],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\kytipsh.exe, Quarantined, [1156], [358169],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\PEPPERFLASH\PEPFLASHPLAYER.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\CHROME_ELF.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\CHROME_ELF.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\CHROME_ELF.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\CHROME_ELF.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\CHROME_ELF.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\CHROME_ELF.DLL, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\UCAGENT.EXE, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome.dll, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome_child.dll, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome_child.dll, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome_child.dll, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome_child.dll, Quarantined, [1367], [380108],1.0.2142 PUP.Optional.Kuaizip, C:\PROGRAM FILES\¿ìѹ\X64\KZipShell.dll, Quarantined, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\PROGRAM FILES\¿ìѹ\X64\KZipShell.dll, Quarantined, [1156], [346223],1.0.2142 Registry Key: 295 Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaohaWifiSvr, Delete-on-Reboot, [2], [356754],1.0.2142 PUP.Optional.Softcnapp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\znshuruV1, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UCBrowserSvc, Delete-on-Reboot, [1367], [380108],1.0.2142 Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaohaWifiNetPro, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MaohaAP, Delete-on-Reboot, [2], [356754],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{65122CB0-EA0F-47DF-A953-017170ED12F9}, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UCBrowser, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ucdrv, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, Delete-on-Reboot, [1156], [346210],1.0.2142 PUP.Optional.Softcnapp, HKLM\SOFTWARE\CLASSES\CLSID\{c0d5287c-e671-43c4-98b1-3a25addf79fa}, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Softcnapp, HKLM\SOFTWARE\CLASSES\CLSID\{c0d5287c-e671-43c4-98b1-3a25addf79fa}\InprocServer32, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Kuaizip, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KuaiZipDrive, Delete-on-Reboot, [1156], [329545],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.PropertyExt, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.PropertyExt.1, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2DA6D0F1-13A1-4EC7-BD41-49A545AD326F}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}\InprocServer32, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.DragDropMenu, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.DragDropMenu.1, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}\InprocServer32, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.ContextMenuExt, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.ContextMenuExt.1, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}\InprocServer32, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.KzShlobj, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.KzShlobj.1, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}\InprocServer32, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.KYDropHandler, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\QZipShell.KYDropHandler.1, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}\InprocServer32, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\KuaiZip, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.001, Delete-on-Reboot, [1156], [358174],1.0.2142 Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.001, Delete-on-Reboot, [64], [374779],1.0.2142 PUP.Optional.UCBrowser, HKU\S-1-5-18\SOFTWARE\UCBrowser, Delete-on-Reboot, [1367], [403633],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.002, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CBB8C0C-ECA6-4CD4-A5BC-49C981503DF3}, Delete-on-Reboot, [1367], [380117],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{19EF9A47-17D3-4254-81F4-7D3D0C9CDA5C}, Delete-on-Reboot, [1367], [380117],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.003, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7974CF7D-817D-45F6-AD1B-A96F452AB04C}, Delete-on-Reboot, [1156], [329550],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DCF376EE-7511-46CC-958C-518BF377B9A5}, Delete-on-Reboot, [1367], [380117],1.0.2142 PUP.Optional.Kuaizip, HKCU\SOFTWARE\KuaiZip, Delete-on-Reboot, [1156], [348603],1.0.2142 PUP.Optional.Kuaizip, HKCU\SOFTWARE\KuaiZipSFX, Delete-on-Reboot, [1156], [348613],1.0.2142 Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.099, Delete-on-Reboot, [64], [374779],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.01, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.010, Delete-on-Reboot, [1156], [358174],1.0.2142 Adware.Elex, HKCU\SOFTWARE\Maoha, Delete-on-Reboot, [2], [358176],1.0.2142 PUP.Optional.UCBrowser, HKCU\SOFTWARE\UCBrowser, Delete-on-Reboot, [1367], [403633],1.0.2142 PUP.Optional.UCBrowser, HKCU\SOFTWARE\UCBrowserPID, Delete-on-Reboot, [1367], [403634],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.011, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\KuaiZip_Update, Delete-on-Reboot, [1156], [329556],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserSecureUpdater, Delete-on-Reboot, [1367], [380116],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UCBrowser.exe, Delete-on-Reboot, [1367], [396224],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserUpdater, Delete-on-Reboot, [1367], [380116],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserUpdaterCore, Delete-on-Reboot, [1367], [380116],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UCBrowser.exe, Delete-on-Reboot, [1367], [396224],1.0.2142 PUP.Optional.Kuaizip, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KuaizipUpdateChecker, Delete-on-Reboot, [1156], [329539],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.7z, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.arj, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.bz2, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.cab, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.gz, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.gzip, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.jar, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.kz, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.lzh, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.mou, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.rar, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.rpm, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.tar, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.tbz, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.tgz, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.wim, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.z, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip.zip, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.ape, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.bin, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.ccd, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.cue, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.flac, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.iso, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.isz, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.mdf, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.mds, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.nrg, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.vcd, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount.wv, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZipMount_FileAsso.Origin, Delete-on-Reboot, [1156], [358174],1.0.2142 PUP.Optional.Kuaizip, HKCR\\KuaiZip_FileAsso.Origin, Delete-on-Reboot, [1156], [358174],1.0.2142 Registry Value: 109 PUP.Optional.Softcnapp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|SCMutualRunOne, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Softcnapp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{C0D5287C-E671-43C4-98B1-3A25ADDF79FA}, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}, Delete-on-Reboot, [1156], [346223],1.0.2142 Adware.Kuaiba, HKLM\SOFTWARE\CLASSES\.001|, Delete-on-Reboot, [64], [374779],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CBB8C0C-ECA6-4CD4-A5BC-49C981503DF3}|PATH, Delete-on-Reboot, [1367], [380117],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{19EF9A47-17D3-4254-81F4-7D3D0C9CDA5C}|PATH, Delete-on-Reboot, [1367], [380117],1.0.2142 PUP.Optional.Kuaizip, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7974CF7D-817D-45F6-AD1B-A96F452AB04C}|PATH, Delete-on-Reboot, [1156], [329550],1.0.2142 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DCF376EE-7511-46CC-958C-518BF377B9A5}|PATH, Delete-on-Reboot, [1367], [380117],1.0.2142 PUP.Optional.MaohaWiFi, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{16B1B965-74F4-4DD6-8E5B-F72D084B5959}, Delete-on-Reboot, [720], [392933],1.0.2142 PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8ADC7B95-92F5-4A54-B03D-E191E539EA3D}, Delete-on-Reboot, [1367], [392932],1.0.2142 PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{ACA39E96-1325-4155-958C-1E0F49B479D8}, Delete-on-Reboot, [1367], [392932],1.0.2142 Registry Data: 1 PUP.Optional.Hao360.ShrtCln, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [2418], [349832],1.0.2142 Data Stream: 0 (No malicious items detected) Folder: 263 PUP.Optional.Kuaizip, C:\USERS\{username}\APPDATA\ROAMING\KuaiZip, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\en-IN, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\id-ID, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\pt-BR, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\zh-CN, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\es-419, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\VisualElements, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\en-in, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\pt-br, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\zh-cn, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\PepperFlash, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\id, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\ru, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Languages, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\login_view, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\bookmarks, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\extension, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\marketing, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Locales, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Drivers, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Backup, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\desktop, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Update, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\Share, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Bin, Delete-on-Reboot, [1367], [380884],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\welcome\img, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\res\Skin, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Updater, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\welcome, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ext, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Reg, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\res, Delete-on-Reboot, [2], [356754],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\preset, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\zh-CN, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\en-IN, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\id-ID, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\pt-BR, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\0\remote, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\es-419, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\VisualElements, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\0\local, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\pt-br, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\zh-cn, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\en-in, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\PepperFlash, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\jobs, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\id, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\ru, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Languages, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\0, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\marketing, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Locales, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Drivers, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Backup, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Dumps, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Marketing, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Extensions\hfahjeoiihhilkhgpknbhgcgjiejgecf, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\data_reduction_proxy_leveldb, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Pepper Data\Shockwave Flash, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Local Extension Settings, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Application Cache\Cache, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\UCWiFi\Locales, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Application Cache, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\JumpListIconsOld, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Bookmarks Backup, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Thunder\1.0.0.0\download, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Extension State, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Extensions\Temp, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Session Storage, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\JumpListIcons, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\UCWifi\1.0.0.8\UCWiFi, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Local Storage, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Autocomplete, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Pepper Data, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\databases, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\GPUCache, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Thunder\1.0.0.0, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\Cache, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\EVWhitelist, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\PepperFlash, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\ShaderCache, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Thunder, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Doctor, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.MaohaWiFi, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MAOHAWIFI, Delete-on-Reboot, [720], [348585],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\lang, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\lang, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\sfx, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\data, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\skin, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\ali, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\PROGRAM FILES\¿ìѹ, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器, Delete-on-Reboot, [1367], [396223],1.0.2142 File: 1158 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\TIPSDLL.DLL, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\UPDATER\CHECKUPDATE.DLL, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\MAOHAWIFISVR.EXE, Delete-on-Reboot, [2], [356754],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCPLUGIN.DLL, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCSERVICE.EXE, Delete-on-Reboot, [2972], [355934],1.0.2142 Adware.Elex, C:\PROGRAM FILES (X86)\MAOHA\MAOHAAP\MAOHASUBSTAT.DLL, Delete-on-Reboot, [2], [356754],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\DUILIB32.DLL, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\UPDATER.DLL, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCSERVICE.EXE, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\LIBMP3LAME.DLL, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCCLOUD.EXE, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\icon.ico, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\ktpop3.exe, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\kytipsh.exe, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\mininewsxktt.exe, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\mininewsxktt.zip, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\report_config.txt, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\tips2-1.zip, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.Kuaizip, C:\Users\{username}\AppData\Roaming\KuaiZip\tpop3.zip, Delete-on-Reboot, [1156], [358169],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\UCBROWSER.EXE, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Bin\ChannelU.dll, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\en-in\config.dat, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\Chrome-bin\wow_helper.exe, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\7z.dll, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\chrome.7z, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\chrome.packed.7z, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\setup.dll, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\setup.exe, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\setup_ex_.cab, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\stats_uploader.exe, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\UCBrowserSetup.exe, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\Package\wow_installer.switches.txt, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Roaming\UCChannel\aavc.ini, Delete-on-Reboot, [1367], [380884],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\PEPPERFLASH\PEPFLASHPLAYER.DLL, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\CHROME_ELF.DLL, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\APPLICATION\6.1.2107.204\UCAGENT.EXE, Delete-on-Reboot, [1367], [380108],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver\DriverInstall.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver\DriverInstall_X64.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver\DriverTool.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver\MaohaWifiProNat.sys, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver\maohawifipronat64.cat, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver\MaohaWifiProNat64.sys, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver\WifiProNat.inf, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\driver\WifiProNat64.inf, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\drv64\drv64.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ext\1.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ext\3.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ext\4.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ext\5.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ext\6.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Reg\RasMan_WIN7.bat, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Reg\RasMan_WIN7.reg, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Reg\RasMan_XP.bat, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Reg\RasMan_XP.reg, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\res\Skin\Skin.rdb, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\res\MaohaWiFi.ico, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\res\MaohaWiFiDir.ico, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\res\support.dat, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Updater\MaohaWiFiUpg.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\welcome\img\app_logo.png, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\welcome\img\app_tj.png, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\welcome\img\info.png, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\welcome\img\litlogo.png, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\welcome\img\logo.png, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\welcome\index.html, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MaohaWiFi.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\RaAPAPI.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\7z.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\APDefault.ini, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ApSetting.ini, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\dt.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\gzipdll.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\HWID.ini, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ICSDHCP.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ICSDHCP.ini, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MaoHaCD.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MaohaDevMng.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiBase.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\maohawificfg.ini, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MaoHaWiFiNet.sys, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MaoHaWiFiNet64.sys, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiWin7.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiXP.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\MyTheme.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\pcid.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\pcidetect.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\PhonetypeData.dat, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\RaWifi.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\ResLoader.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\SkinBase.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\SmartAction.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\softconfig.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\tips.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Uninst.dar0, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Uninst.dar1, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\uninstall.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\Uninstall.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\WifiDhcpSvr.dll, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\WifiHelp64.exe, Delete-on-Reboot, [2], [356754],1.0.2142 Adware.Elex, C:\Program Files (x86)\Maoha\MaohaAP\YunExplorer.exe, Delete-on-Reboot, [2], [356754],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\en-in\config.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\en-in\share.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Configs\en-in\start.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Backup\UCBrowser.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Drivers\ucdrv-x64.sys, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Drivers\ucdrv-x86.sys, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Drivers\ucdrv-xp.sys, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Drivers\uclauncher-x64.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Drivers\uclauncher-x86.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Drivers\uclauncher-xp.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\en-IN\external_extensions.json, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\id-ID\external_extensions.json, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\manifest.json, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\pt-BR\external_extensions.json, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\zh-CN\external_extensions.json, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Extensions\external_extensions.json, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\setup.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Languages\chs.locale, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Languages\settings.xml, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Locales\en-US.pak, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Locales\zh-CN.pak, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\PepperFlash\manifest.json, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\0\remote\0_beta_chk.xml, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\jobs\count.ini, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\curl-ca-bundle.crt, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\InstalledConfig.xml, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\UpdateOption.xml, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Update\UpdateState.xml, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\VisualElements\Logo.png, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\VisualElements\SmallLogo.png, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\6.1.2107.204.manifest, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\7z.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\browsing_data_remover.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome_100_percent.pak, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome_200_percent.pak, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome_child.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\chrome_watcher.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\config_updater.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\courgette.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\debug.log, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\delegate_execute.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\hrkill.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\icudtl.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\libEGL.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\libexif.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\libGLESv2.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\natives_blob.bin, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\resources.pak, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\snapshot_blob.bin, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\stats_uploader.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\theme_tool.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\ucagent.log, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCProxySDK.dll, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\update.log, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\config_updater.log, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\config.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\config_digest, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\feature.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\share.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\start.dat, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\target_locale, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\task.ini, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\debug.log, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\master_preferences, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\molt_tool.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\SetupMetrics.pma, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\ucsvc.log, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\update_task.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\VERSION, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\wow_helper.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security\ucdrv-x64.sys, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security\uclauncher-x64.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security\uclauncher-x86.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS, Delete-on-Reboot, [1367], [380108],1.0.2142 PUP.Optional.Softcnapp, C:\PROGRAM FILES (X86)\SMARTCLOUDINPUT\1.1.0.0511\SCMUTUAL.EXE, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\Default\data_reduction_proxy_leveldb\000003.log, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.UCBrowser, C:\Users\{username}\AppData\Local\UCBrowser\User Data\lockfile, Delete-on-Reboot, [1367], [380109],1.0.2142 PUP.Optional.MaohaWiFi, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWiFi\MaohaWiFi.lnk, Delete-on-Reboot, [720], [348585],1.0.2142 PUP.Optional.MaohaWiFi, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWiFi\卸载MaohaWiFi.lnk, Delete-on-Reboot, [720], [348585],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器.LNK, Delete-on-Reboot, [1367], [380124],1.0.2142 PUP.Optional.MaohaWiFi, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAOHAWIFI.LNK, Delete-on-Reboot, [720], [348606],1.0.2142 PUP.Optional.MaohaWiFi, C:\USERS\{username}\DESKTOP\MAOHAWIFI.LNK, Delete-on-Reboot, [720], [348594],1.0.2142 Adware.ChinAd, C:\USERS\{username}\DESKTOP\SETUP_348.EXE, Delete-on-Reboot, [1157], [406733],1.0.2142 PUP.Optional.UCBrowser, C:\USERS\PUBLIC\DESKTOP\UC浏览器.LNK, Delete-on-Reboot, [1367], [380123],1.0.2142 PUP.Optional.Softcnapp, C:\WINDOWS\SYSTEM32\ZNYSRF.IME, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Softcnapp, C:\WINDOWS\SYSWOW64\ZNYSRF.IME, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Softcnapp, C:\WINDOWS\SYSTEM32\SCMENU64.DLL, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.UCBrowser, C:\USERS\{username}\APPDATA\LOCAL\TEMP\BROWSER_V6.1.2107.204_R_4739_(BUILD1703071827).EXE, Delete-on-Reboot, [1367], [396531],1.0.2142 PUP.Optional.Kuaizip, C:\USERS\{username}\APPDATA\LOCAL\TEMP\KUAIZIP_SETUP_3386190981_LICH_001.EXE, Delete-on-Reboot, [1156], [353144],1.0.2142 PUP.Optional.Kuaizip, C:\USERS\{username}\APPDATA\LOCAL\TEMP\KZ7ZDATA.7Z, Delete-on-Reboot, [1156], [353144],1.0.2142 PUP.Optional.MaohaWiFi, C:\USERS\{username}\APPDATA\LOCAL\TEMP\MAOHAWIFISETUP_263.EXE, Delete-on-Reboot, [720], [396532],1.0.2142 PUP.Optional.ChinAd, C:\USERS\{username}\APPDATA\LOCAL\TEMP\IQIYISETUP_ZXE@XP032.EXE, Delete-on-Reboot, [114], [252498],1.0.2142 PUP.Optional.Softcnapp, C:\USERS\{username}\APPDATA\LOCAL\TEMP\ZNY_KB008.EXE, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.Softcnapp, C:\USERS\{username}\APPDATA\LOCAL\TEMP\ZNY_ZNYKB008.EXE, Delete-on-Reboot, [2972], [355934],1.0.2142 PUP.Optional.UCBrowser, C:\WINDOWS\TASKS\UCBROWSERUPDATER.JOB, Delete-on-Reboot, [1367], [380114],1.0.2142 PUP.Optional.UCBrowser, C:\WINDOWS\TASKS\UCBROWSERUPDATERCORE.JOB, Delete-on-Reboot, [1367], [380114],1.0.2142 PUP.Optional.Kuaizip, C:\WINDOWS\SYSTEM32\DRIVERS\KuaiZipDrive.sys, Delete-on-Reboot, [1156], [329545],1.0.2142 PUP.Optional.Kuaizip, C:\WINDOWS\SYSTEM32\TASKS\KuaiZip_Update, Delete-on-Reboot, [1156], [329560],1.0.2142 PUP.Optional.Kuaizip, C:\PROGRAM FILES\¿ìѹ\X64\KZipShell.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\ali\jp.png, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\ali\kzshop.ico, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\data\slimdata.dat, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\skin\disopt.skn, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\lang\Chs_Lang.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\7z.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\KuaiZipDrive.sys, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\KZFormat.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\KZModule.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\KZMount2.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\Mount.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\MountCore.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X64\SetupHelper.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\lang\Chs_Lang.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\sfx\kzSetup_chs.sfx, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\7z.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\DiskOpt.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\DuiLib.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\finderlib.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\KuaiZip.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\KZFormat.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\KZModule.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\KZReport.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\KZTui.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\Mount.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\MountCore.dll, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\SetupHelper.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\Uninst.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\Update.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\X86\UpdateChecker.exe, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\7zNew.dat, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\ErrorMsg.xml, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\KzNew.dat, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\readme.txt, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\SLDefault.xml, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\ZipNew.dat, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.Kuaizip, C:\Program Files\¿ìѹ\__-________.URL, Delete-on-Reboot, [1156], [346223],1.0.2142 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:UCDRV-X64.SYS, Delete-on-Reboot, [1367], [380118],1.0.2142 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:X64, Delete-on-Reboot, [1367], [380119],1.0.2142 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserSecureUpdater, Delete-on-Reboot, [1367], [380115],1.0.2142 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserUpdater, Delete-on-Reboot, [1367], [380115],1.0.2142 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserUpdaterCore, Delete-on-Reboot, [1367], [380115],1.0.2142 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:X86, Delete-on-Reboot, [1367], [380120],1.0.2142 PUP.Optional.UCBrowser, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器\卸载UC浏览器.lnk, Delete-on-Reboot, [1367], [396223],1.0.2142 PUP.Optional.UCBrowser, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器\UC浏览器.lnk, Delete-on-Reboot, [1367], [396223],1.0.2142 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. Hi, recently i detected and tried removing adware.elex & adware.ghokswa with malwarebytes, but it keeps coming back. It hijacks my browser and places weird icons on my desktop that leads to other sites (have not clicked on them, properties address, inferred so). And also ever since, google chrome has been shutting down very often, with the error message of "user not found" May i please be guided on how to properly remove it? Attached are the txt files from FRST, as well as a screenshot of malwarebyte's detection. Addition.txt FRST.txt
  4. Persistent Adware.Elex

    Hi all, I've been battling adware for around 2 months now. I've been using Malwarebytes' Premium trial for almost a month now (6 days left on the trial.) I had the free version of malwarebytes before that but something prevented it from starting up (I think it was avast, which was refusing to start its own shields for a while, too.) So for all I know this problem may have started some time last year. Anyhow, over the last few months, I've been trying to fix this with adaware, adwcleaner, Avast Pro, chrome cleanup tool, Hitman Pro, Junkware Removal Tool, Malwarebytes Premium, spyhunter (that was very short lived,) rkill, Roguekiller, secunia, shortcut cleaner, TDSS killer and Zemana...and varying combinations of these scans. To. No. Avail. Malwarebytes picks it up a lot of the time, but then RightCoupon popups show up my browser and occasionally (and inconsistently) I'm seeing Mandarin characters where I should see icons (like search, cart, heart type icons.) So I decided to search this problem again, this time popping up a result from this forum. So this is the last port of call before I reformat and/or call a computer guy to come fix it for me and I'd really rather not do either of those things. So all of this became a rather long winded way of saying I cannot fix this problem myself, I desperately need some help. (Sorry, I didn't intend for it to become so long winded but I figured some history might help with resolving this.) I have attached FRST.txt and Addition.txt as instructed. Thanks for your time. Cheers! FRST.txt Addition.txt
  5. Good morning all, I have somehow been infected with the aforementioned adware. I have tried multiple removal software (Malwarebytes, AVG, and a few others who's name escapes me) Malwarebytes is my primary application and it will find those malware, remove them (verified by a second scan after a reboot) then, a few days later, they will return again. When scanning I occasionally get between 70-2000+ (at worst) detections on my system. Would someone, please, be able to help me? Thank you very much for your time Nasica Addition.txt FRST.txt
  6. It has been like 3 months since i got rid of Adware.Elex, at least I thought. I ran malwarebytes, Zemana, Hitmanpro, adwcleaner, spybot and rkill as I was advised on the internet. After few tests Adware.Elex and trojan have been found on my PC. I removed them by the software mentioned. Now Adware.Elex returned once again. Sudenlly Mozilla installed on my pc and one restart later I am unable to connect to the internet, only when I boot in safe mode. I ran all the software as before and detected the Adware.Elex again plus Adware.Ghoskwa. I tried to get rid of them, but after every restart they come back. Thanks, feEEda
  7. My computer recently got infected by various kinds of malware, so I bought Malwarebytes Premium and I'm very happy about it: it cleaned almost every single malware installed on my PC. Well, I said "almost". No matter what I do, Adware.Elex keeps coming back. I'll quarantine it, restart my PC, and it's back. I also keep getting warnings about an external IP address trying to access my computer. How can I fix this? Please find attached the log files from Farbar Recovery Scan Tool, as requested. Thanks in advance! Addition.txt FRST.txt
  8. What is Kitty? The Malwarebytes research team has determined that Kitty is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Kitty? You may see this entry (Kitty) in your list of services: How did Kitty get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Kitty? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Kitty? No, Malwarebytes removes Kitty completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the Kitty adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: (kitty.exe) C:\Users\{username}\AppData\Local\Kitty\cat.exe R2 Kitty; C:\Users\{username}\AppData\Local\Kitty\cat.exe [357376 2017-04-21] (kitty.exe) [File not signed] C:\Users\{username}\AppData\Local\Kitty Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Kitty Adds the file cat.exe"="4/21/2017 9:15 AM, 357376 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Kitty] "DisplayName"="REG_SZ", "Kitty" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Users\{username}\AppData\Local\Kitty\cat.exe -s" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/21/17 Scan Time: 9:34 AM Logfile: mbamKittyCat.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.96 Update Package Version: 1.0.1773 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 327874 Time Elapsed: 1 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Adware.Elex, C:\USERS\{username}\APPDATA\LOCAL\KITTY\CAT.EXE, Quarantined, [2], [391575],1.0.1773 Module: 1 Adware.Elex, C:\USERS\{username}\APPDATA\LOCAL\KITTY\CAT.EXE, Quarantined, [2], [391575],1.0.1773 Registry Key: 1 Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Kitty, Delete-on-Reboot, [2], [391575],1.0.1773 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 Adware.Elex, C:\USERS\{username}\APPDATA\LOCAL\KITTY, Delete-on-Reboot, [2], [390136],1.0.1773 File: 2 Adware.Elex, C:\USERS\{username}\APPDATA\LOCAL\KITTY\CAT.EXE, Delete-on-Reboot, [2], [391575],1.0.1773 Adware.Elex, C:\USERS\{username}\DESKTOP\KITTY.EXE, Delete-on-Reboot, [2], [391575],1.0.1773 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  9. What is Youndoo? The Malwarebytes research team has determined that Youndoo is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements. This version of the Youndoo search hijacker adds an extra Firefox profile and uses a Scheduled Task to re-infect or update the infection. How do I know if my computer is affected by Youndoo? You may see this entry in your list of installed software: this new startpage in the affected browsers: ] these Scheduled Tasks: and you may see this type of advertisements: How did Youndoo get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Youndoo? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Youndoo? This adware creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. Follow the instructions posted here to remove the fake Firefox profile. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Youndoo hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to some of their domains: Technical details for experts Possible signs in FRST logs: HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellExecuteHooks: - {5AD340E8-F445-11E6-B566-64006A5CFC23} - C:\Program Files (x86)\Thuluch\Reuqutain.dll [146432 2017-02-20] () FF NewTab: hxxp://www.youndoo.com/?z={z1}&from=wak&uid={uid1}&type=hp FF DefaultSearchEngine: youndoo FF SelectedSearchEngine: youndoo FF Homepage: hxxp://www.youndoo.com/?z={z1}&from=wak&uid={uid1}&type=hp FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\mhc384j1.default\searchplugins\jebnkuvk.xml [2017-02-20] CHR HomePage: ChromeDefaultData2 -> hxxp://www.youndoo.com/?z={z1}&from=wak&uid={uid1}&type=hp CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.youndoo.com/?z={z1}&from=wak&uid={uid1}&type=hp" CHR DefaultSearchURL: ChromeDefaultData2 -> hxxp://www.youndoo.com/search/?q={searchTerms}&z={z1}&from=wak&uid={uid1}&type=sp CHR DefaultSearchKeyword: ChromeDefaultData2 -> youndoo C:\Users\{username}\AppData\Local\Gunelejahidom C:\Program Files (x86)\Thuluch C:\WINDOWS\System32\Tasks\Nimasy Engine C:\WINDOWS\System32\Tasks\Gfakdutoing C:\Program Files (x86)\Nimasy Engine youndoo - Uninstall (HKLM-x32\...\{92C91B86-B20E-474B-A1D9-6B7D5AC229C4}) (Version: - ) Task: {17E1E42D-FDE0-4335-977B-6DFA92F053ED} - System32\Tasks\Gfakdutoing => /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u={uid1}&v=2017220 /q Task: {40A77D42-8C8A-4FA2-8C4E-51FBC532FD30} - System32\Tasks\Nimasy Engine => C:\Program Files (x86)\Thuluch\plejither.exe [2017-02-20] (Glarysoft Ltd) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Nimasy Engine Adds the folder C:\Program Files (x86)\Thuluch Adds the file ClearData.exe"="2/20/2017 1:42 PM, 169664 bytes, A Adds the file CrashReport.dll"="2/20/2017 1:42 PM, 121344 bytes, A Adds the file mglobal.dll"="2/20/2017 1:42 PM, 112128 bytes, A Adds the file plejither.exe"="2/20/2017 1:42 PM, 1027000 bytes, A Adds the file Reuqutain.dll"="2/20/2017 1:42 PM, 146432 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Gfakdutoing"="2/20/2017 1:42 PM, 5128 bytes, A Adds the file Nimasy Engine"="2/20/2017 1:42 PM, 6030 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AD340E8-F445-11E6-B566-64006A5CFC23}\InProcServer32] "(Default)"="REG_SZ", "C:\Program Files (x86)\Thuluch\Reuqutain.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] "help"="REG_SZ", "http://www.youndoo.com/?z={z1}&from=wak&uid={uid1}&type=hp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AD340E8-F445-11E6-B566-64006A5CFC23}"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "EnableShellExecuteHooks"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\{84416237-6490-494D-9AD6-4994DD978971}] "chd"="REG_SZ", "C:\Users\{username}\AppData\Local\Gunelejahidom" "ffd"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Profiles\Gherluwardcoozeied.default" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Cherlaghphaige] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Gouwardguzele] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92C91B86-B20E-474B-A1D9-6B7D5AC229C4}] "DisplayName"="REG_SZ", "youndoo - Uninstall" "UninstallString"="REG_SZ", "C:\Program Files (x86)\Thuluch\plejither.exe 29be9ce7-f8b2-42b3-b0a4-32c68378402a "/k={92C91B86-B20E-474B-A1D9-6B7D5AC229C4}"" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\msServer] "(Default)"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\plejither.exe] "(Default)"="REG_SZ", "2017220" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TaskInj] "(Default)"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\xvb`lj] "day"="REG_SZ", "20170220" "upday"="REG_SZ", "20170220" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\youndooSoftware\youndoohp] "oem"="REG_SZ", "wak" "Time"="REG_DWORD", 1487594583 [HKEY_LOCAL_MACHINE\SOFTWARE\xvb`lj] "day"="REG_SZ", "20170220" "upday"="REG_SZ", "20170220" [HKEY_USERS\.DEFAULT\Software\xvb`lj] "day"="REG_SZ", "20170220" "upday"="REG_SZ", "20170220" Malwarebytes log: {computername} www.{computername}.com -Log Details- Scan Date: 2/20/17 Scan Time: 2:10 PM Logfile: mbamYoundoo.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1307 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 420585 Time Elapsed: 8 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 4 Adware.Elex.Generic, HKLM\SOFTWARE\CLASSES\CLSID\{5AD340E8-F445-11E6-B566-64006A5CFC23}, Delete-on-Reboot, [2155], [356410],1.0.1307 Adware.Elex.Generic, HKLM\SOFTWARE\CLASSES\CLSID\{5AD340E8-F445-11E6-B566-64006A5CFC23}\InprocServer32, Delete-on-Reboot, [2155], [356410],1.0.1307 PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{92C91B86-B20E-474B-A1D9-6B7D5AC229C4}, Delete-on-Reboot, [767], [182916],1.0.1307 PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\youndooSoftware, Delete-on-Reboot, [767], [182849],1.0.1307 Registry Value: 4 Adware.Elex.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{5AD340E8-F445-11E6-B566-64006A5CFC23}, Delete-on-Reboot, [2155], [356410],1.0.1307 Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS, Delete-on-Reboot, [357], [-1],0.0.0 Adware.Elex.SHHKRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS, Delete-on-Reboot, [357], [-1],0.0.0 PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{92C91B86-B20E-474B-A1D9-6B7D5AC229C4}|DISPLAYNAME, Delete-on-Reboot, [767], [182916],1.0.1307 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default, Delete-on-Reboot, [2786], [363173],1.0.1307 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles, Delete-on-Reboot, [2786], [363173],1.0.1307 PUP.Optional.FakeFFProfile, C:\USERS\{username}\APPDATA\ROAMING\Mozilla\Firefox\naweriweentcofise, Delete-on-Reboot, [2786], [363173],1.0.1307 File: 22 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default\prefs.js, Delete-on-Reboot, [2786], [363173],1.0.1307 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default\profiles.ini, Delete-on-Reboot, [2786], [363173],1.0.1307 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default\search-metadata.json, Delete-on-Reboot, [2786], [363173],1.0.1307 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default\search.json.mozlz4, Delete-on-Reboot, [2786], [363173],1.0.1307 Adware.Elex.Generic, C:\PROGRAM FILES (X86)\THULUCH\REUQUTAIN.DLL, Delete-on-Reboot, [2155], [356410],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GHERLUWARDCOOZEIED.DEFAULT\PREFS.JS, Replaced, [767], [324487],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GHERLUWARDCOOZEIED.DEFAULT\PREFS.JS, Replaced, [767], [324487],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GHERLUWARDCOOZEIED.DEFAULT\PREFS.JS, Replaced, [767], [324487],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GHERLUWARDCOOZEIED.DEFAULT\PREFS.JS, Replaced, [767], [324487],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GHERLUWARDCOOZEIED.DEFAULT\PREFS.JS, Replaced, [767], [324487],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GHERLUWARDCOOZEIED.DEFAULT\PREFS.JS, Replaced, [767], [324487],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GHERLUWARDCOOZEIED.DEFAULT\PREFS.JS, Replaced, [767], [324487],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [767], [302817],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [767], [302817],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [767], [302817],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [767], [302817],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [767], [302817],1.0.1307 Adware.Elex, C:\USERS\{username}\DESKTOP\WAK_MY.EXE, Delete-on-Reboot, [305], [363419],1.0.1307 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GHERLUWARDCOOZEIED.DEFAULT\SEARCHPLUGINS\JEBNKUVK.XML, Delete-on-Reboot, [767], [324489],1.0.1307 Adware.Elex.SHHKRST, C:\PROGRAM FILES (X86)\THULUCH\CRASHREPORT.DLL, Delete-on-Reboot, [357], [372356],1.0.1307 Adware.Elex.SHHKRST, C:\WINDOWS\SYSTEM32\TASKS\Gfakdutoing, Delete-on-Reboot, [357], [-1],0.0.0 PUP.Optional.Youndoo, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\SEARCHPLUGINS\JEBNKUVK.XML, Delete-on-Reboot, [767], [302734],1.0.1307 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  10. What is Trotux? The Malwarebytes research team has determined that Trotux is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Trotux? You may see this entry in your list of installed programs: this type of Scheduled Tasks (random names): these changed search settings in the affected browsers: and this startpage: You may also notice a fake Firefox profiles as described here: GsearchFinder hijackers add extra Firefox profile How did Trotux get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Trotux? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Trotux? No, Malwarebytes removes Trotux completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the Trotux adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks the origin of the installer: Technical details for experts Possible signs in FRST logs: HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellExecuteHooks: - {58AF6728-ECD0-11E6-BFEA-64006A5CFC23} - C:\Users\{username}\AppData\Roaming\Climofabech\Gipphsaweght.dll [146944 2017-02-10] () FF NewTab: hxxp://www.trotux.com/?z=1f52ad85c729d12e6f3c817gezfb7q5m9obo8bfc4c&from=wsy1&uid=ST500LT012-1DG142_S3PA6P09XXXXS3PA6P09&type=hp FF DefaultSearchEngine: trotux FF SelectedSearchEngine: trotux FF Homepage: hxxp://www.trotux.com/?z=1f52ad85c729d12e6f3c817gezfb7q5m9obo8bfc4c&from=wsy1&uid=ST500LT012-1DG142_S3PA6P09XXXXS3PA6P09&type=hp FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\mhc384j1.default\searchplugins\4qy3hwj4.xml [2017-02-10] CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=1f52ad85c729d12e6f3c817gezfb7q5m9obo8bfc4c&from=wsy1&uid=ST500LT012-1DG142_S3PA6P09XXXXS3PA6P09&type=hp CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=1f52ad85c729d12e6f3c817gezfb7q5m9obo8bfc4c&from=wsy1&uid=ST500LT012-1DG142_S3PA6P09XXXXS3PA6P09&type=hp" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=1f52ad85c729d12e6f3c817gezfb7q5m9obo8bfc4c&from=wsy1&uid=ST500LT012-1DG142_S3PA6P09XXXXS3PA6P09&type=sp CHR DefaultSearchKeyword: ChromeDefaultData -> trotux R2 Stuhoph; C:\Program Files (x86)\Grerhient\cgghtdeberkmnt.dll [149504 2017-02-10] () [File not signed] C:\WINDOWS\System32\Tasks\Drecaward Client C:\WINDOWS\System32\Tasks\Niiseclajuent C:\Users\{username}\AppData\Roaming\Climofabech C:\Users\{username}\AppData\Local\Ckekiry C:\Program Files (x86)\Drecaward Client C:\Program Files (x86)\Grerhient trotux - Uninstall (HKLM-x32\...\{8230A356-F879-4B82-AF04-032A578692C0}) (Version: - ) Task: {1B965CA1-35D0-4C1D-B92A-FE8677ECA306} - System32\Tasks\Drecaward Client => C:\Program Files (x86)\Grerhient\dozuent.exe [2017-02-10] (Glarysoft Ltd) Task: {D766AA6E-86D0-4DF0-BCC5-BCACB56D5FE6} - System32\Tasks\Niiseclajuent => /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST500LT012-1DG142_S3PA6P09XXXXS3PA6P09&v=2017210 /q () C:\Users\{username}\AppData\Roaming\Climofabech\Gipphsaweght.dll () C:\Program Files (x86)\Drecaward Client\local64spl.dll () c:\program files (x86)\grerhient\cgghtdeberkmnt.dll Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Drecaward Client Adds the file local64spl.dll"="2/10/2017 11:34 AM, 309760 bytes, A Adds the file local64spl.dll.ini"="2/10/2017 11:34 AM, 20 bytes, A Adds the folder C:\Program Files (x86)\Grerhient Adds the file cgghtdeberkmnt.dll"="2/10/2017 11:34 AM, 149504 bytes, A Adds the file CrashReport.dll"="2/10/2017 11:34 AM, 121344 bytes, A Adds the file dozuent.exe"="2/10/2017 11:34 AM, 1026216 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Drecaward Client"="2/10/2017 11:34 AM, 6082 bytes, A Adds the file Niiseclajuent"="2/10/2017 11:34 AM, 3780 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\0B3C7EB2C2FC8FF89E16DF9C80C0327A] "(Default)"="REG_SZ"", "{EFD519A3-DC49-498A-8DD4-AD1DA8F97FCD}" "{EFD519A3-DC49-498A-8DD4-AD1DA8F97FCD}"="REG_BINARY, ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58AF6728-ECD0-11E6-BFEA-64006A5CFC23}\InProcServer32] "(Default)"="REG_SZ"", "C:\Users\{username}\AppData\Roaming\Climofabech\Gipphsaweght.dll" "ThreadingModel"="REG_SZ"", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] "help"="REG_SZ"", "http://www.trotux.com/?z=1f52ad85c729d12e6f3c817gezfb7q5m9obo8bfc4c&from=wsy1&uid=ST500LT012-1DG142_S3PA6P09XXXXS3PA6P09&type=hp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{58AF6728-ECD0-11E6-BFEA-64006A5CFC23}"="REG_SZ"", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "EnableShellExecuteHooks"="REG_DWORD"", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Mvasephermuy] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\{84416237-6490-494D-9AD6-4994DD978971}] "chd"="REG_SZ"", "C:\Users\{username}\AppData\Local\Ckekiry" "ffd"="REG_SZ"", "C:\Users\{username}\AppData\Roaming\Profiles\Grerkaghgerdiing.default" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\0B3C7EB2C2FC8FF89E16DF9C80C0327A] "(Default)"="REG_SZ"", "{EFD519A3-DC49-498A-8DD4-AD1DA8F97FCD}" "{EFD519A3-DC49-498A-8DD4-AD1DA8F97FCD}"="REG_BINARY, ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ckafoyanerqeent] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\dozuent.exe] "(Default)"="REG_SZ"", "2017210" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8230A356-F879-4B82-AF04-032A578692C0}] "DisplayName"="REG_SZ"", "trotux - Uninstall" "UninstallString"="REG_SZ"", "C:\Program Files (x86)\Grerhient\dozuent.exe ef869dec-feed-46e1-a4fe-427f47f37b77 "/k={8230A356-F879-4B82-AF04-032A578692C0}"" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost] "Stuhoph"="REG_MULTI_SZ, "Stuhoph" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Suvosh] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\trotuxSoftware\trotuxhp] "oem"="REG_SZ"", "wsy1" "Time"="REG_DWORD"", 1486722892 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\xvtrzx] "day"="REG_SZ"", "20170210" "upday"="REG_SZ"", "20170210" [HKEY_LOCAL_MACHINE\SOFTWARE\xvtrzx] "day"="REG_SZ"", "20170210" "upday"="REG_SZ"", "20170210" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers] "order" = REG_MULTI_SZ, "LanMan Print Services Internet Print Provider 4qy3hwj4 " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\4qy3hwj4] "DisplayName"="REG_SZ"", "zvgbuz" "Name"="REG_SZ"", "C:\Program Files (x86)\Drecaward Client\local64spl.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stuhoph] "Description"="REG_SZ"", "Provides global functions for other parts of Chislereuction." "DisplayName"="REG_SZ"", "Stuhoph" "ErrorControl"="REG_DWORD"", 1 "FailureActions"="REG_BINARY, ...................... "ImagePath"="REG_EXPAND_SZ, "%SystemRoot%\system32\svchost.exe -k Stuhoph" "ObjectName"="REG_SZ"", "LocalSystem" "Start"="REG_DWORD"", 2 "Type"="REG_DWORD"", 272 "WOW64"="REG_DWORD"", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stuhoph\Parameters] "ServiceDll"="REG_EXPAND_SZ, "C:\Program Files (x86)\Grerhient\cgghtdeberkmnt.dll" "ServiceMain"="REG_SZ"", "Clanochphoderk" [HKEY_USERS\.DEFAULT\Software\xvtrzx] "day"="REG_SZ"", "20170210" "upday"="REG_SZ"", "20170210" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/10/17 Scan Time: 12:14 PM Logfile: mbamTrotux.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1225 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 384454 Time Elapsed: 9 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 4 Adware.Elex.SHHKRST, C:\USERS\{username}\APPDATA\ROAMING\CLIMOFABECH\GIPPHSAWEGHT.DLL, Quarantined, [1238], [362727],1.0.1225 Adware.Elex.SHHKRST, C:\USERS\{username}\APPDATA\ROAMING\CLIMOFABECH\GIPPHSAWEGHT.DLL, Quarantined, [1238], [362727],1.0.1225 Adware.Elex.Generic, C:\PROGRAM FILES (X86)\GRERHIENT\CGGHTDEBERKMNT.DLL, Quarantined, [2145], [366971],1.0.1225 Adware.Elex.Generic, C:\Program Files (x86)\Drecaward Client\local64spl.dll, Quarantined, [2145], [358303],1.0.1225 Registry Key: 5 Adware.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{58AF6728-ECD0-11E6-BFEA-64006A5CFC23}, Delete-on-Reboot, [1238], [362727],1.0.1225 Adware.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{58AF6728-ECD0-11E6-BFEA-64006A5CFC23}\InprocServer32, Delete-on-Reboot, [1238], [362727],1.0.1225 PUP.Optional.Trotux, HKLM\SOFTWARE\WOW6432NODE\trotuxSoftware, Delete-on-Reboot, [418], [182848],1.0.1225 Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\4qy3hwj4, Delete-on-Reboot, [2086], [339986],1.0.1225 PUP.Optional.Trotux, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8230A356-F879-4B82-AF04-032A578692C0}, Delete-on-Reboot, [418], [182846],1.0.1225 Registry Value: 5 Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{58AF6728-ECD0-11E6-BFEA-64006A5CFC23}, Delete-on-Reboot, [1238], [362727],1.0.1225 Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS, Delete-on-Reboot, [1238], [-1],0.0.0 Adware.Elex.SHHKRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS, Delete-on-Reboot, [1238], [-1],0.0.0 Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\4qy3hwj4|NAME, Delete-on-Reboot, [2086], [339986],1.0.1225 PUP.Optional.Trotux, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8230A356-F879-4B82-AF04-032A578692C0}|DISPLAYNAME, Delete-on-Reboot, [418], [182846],1.0.1225 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default, Delete-on-Reboot, [2773], [363173],1.0.1225 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles, Delete-on-Reboot, [2773], [363173],1.0.1225 PUP.Optional.FakeFFProfile, C:\USERS\{username}\APPDATA\ROAMING\Mozilla\Firefox\naweriweentcofise, Delete-on-Reboot, [2773], [363173],1.0.1225 Adware.Elex.Generic, C:\PROGRAM FILES (X86)\DRECAWARD CLIENT, Delete-on-Reboot, [2145], [358303],1.0.1225 File: 23 Adware.Elex.SHHKRST, C:\USERS\{username}\APPDATA\ROAMING\CLIMOFABECH\GIPPHSAWEGHT.DLL, Delete-on-Reboot, [1238], [362727],1.0.1225 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default\prefs.js, Delete-on-Reboot, [2773], [363173],1.0.1225 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default\profiles.ini, Delete-on-Reboot, [2773], [363173],1.0.1225 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default\search.json, Delete-on-Reboot, [2773], [363173],1.0.1225 PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mhc384j1.default\search.json.mozlz4, Delete-on-Reboot, [2773], [363173],1.0.1225 Adware.Elex.Generic, C:\PROGRAM FILES (X86)\GRERHIENT\CGGHTDEBERKMNT.DLL, Delete-on-Reboot, [2145], [366971],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GRERKAGHGERDIING.DEFAULT\SEARCHPLUGINS\4QY3HWJ4.XML, Delete-on-Reboot, [418], [324483],1.0.1225 PUP.Optional.Elex, C:\USERS\{username}\DESKTOP\WSY1_AY.EXE, Delete-on-Reboot, [15], [315776],1.0.1225 Adware.Elex.Generic, C:\PROGRAM FILES (X86)\DRECAWARD CLIENT\LOCAL64SPL.DLL.INI, Delete-on-Reboot, [2145], [358303],1.0.1225 Adware.Elex.Generic, C:\Program Files (x86)\Drecaward Client\local64spl.dll, Delete-on-Reboot, [2145], [358303],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GRERKAGHGERDIING.DEFAULT\PREFS.JS, Replaced, [418], [324486],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GRERKAGHGERDIING.DEFAULT\PREFS.JS, Replaced, [418], [324486],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GRERKAGHGERDIING.DEFAULT\PREFS.JS, Replaced, [418], [324486],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GRERKAGHGERDIING.DEFAULT\PREFS.JS, Replaced, [418], [324486],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GRERKAGHGERDIING.DEFAULT\PREFS.JS, Replaced, [418], [324486],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GRERKAGHGERDIING.DEFAULT\PREFS.JS, Replaced, [418], [324486],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\PROFILES\GRERKAGHGERDIING.DEFAULT\PREFS.JS, Replaced, [418], [324486],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [418], [302758],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [418], [302758],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [418], [302758],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [418], [302758],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\PREFS.JS, Replaced, [418], [302758],1.0.1225 PUP.Optional.Trotux, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHC384J1.DEFAULT\SEARCHPLUGINS\4QY3HWJ4.XML, Delete-on-Reboot, [418], [302745],1.0.1225 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  11. What is winsvc.vbs? The Malwarebytes research team has determined that winsvc.vbs is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by winsvc.vbs? You may see this entry in your startup folder: How did winsvc.vbs get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove winsvc.vbs? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of winsvc.vbs? No, Malwarebytes removes winsvc.vbs completely. If you return to a temporary profile after the first reboot, simply reboot once more. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the winsvc.vbs adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks the source of the installer: Technical details for experts Possible signs in FRST logs: (Node.js) C:\Users\{username}\AppData\Roaming\win-svc\bin\winsvc.exe Startup: C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winsvc.vbs [2016-12-21] () C:\Users\{username}\AppData\Roaming\win-svc The most significant alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adds the file winsvc.vbs"="12/21/2016 10:43 AM, 189 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\win-svc Adds the file cmd.bat"="1/25/2017 2:34 PM, 322 bytes, A Adds the file reg.reg"="1/25/2017 2:24 PM, 150 bytes, A Adds the file run.vbs"="12/21/2016 11:01 AM, 87 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\win-svc\bin Adds the folder C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\yeast Adds the file index.js"="12/20/2016 9:02 AM, 1352 bytes, A Adds the file LICENSE"="12/20/2016 9:02 AM, 1115 bytes, A Adds the file package.json"="12/20/2016 9:02 AM, 2538 bytes, A Adds the file README.md"="12/20/2016 9:02 AM, 2992 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GenericCo\GenericKey] "GenericName"="REG_SZ", "GenericVal1" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/9/17 Scan Time: 1:07 PM Logfile: mbamcli.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1217 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 359430 Time Elapsed: 1 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Adware.Elex, C:\USERS\{username}\APPDATA\ROAMING\WIN-SVC\BIN\WINSVC.EXE, Quarantined, [1033], [360756],1.0.1217 Module: 1 Adware.Elex, C:\USERS\{username}\APPDATA\ROAMING\WIN-SVC\BIN\WINSVC.EXE, Quarantined, [1033], [360756],1.0.1217 Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 95 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\fixtures, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release\.deps\Release\obj.target, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release\.deps\Release, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release\obj.target, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\ms, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\transports, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\doc\wg-meetings, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release\.deps, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\example, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\test, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\base64-arraybuffer\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\test\server, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\arraybuffer.slice\test, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\dist, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\test, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\process-nextick-args, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\doc, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\benchmark, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\example, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\base64-arraybuffer, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\example, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-emitter, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\arraybuffer.slice, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\core-util-is\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\test, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\src, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\string_decoder, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\util-deprecate, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-bind, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\test, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\concat-stream, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\better-assert, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\isarray\build, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\bin, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\core-util-is, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\test, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\options\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after\test, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parsejson, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob\test, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\tools, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\json3\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\callsite, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\to-array, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\inherits, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseqs, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\options, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\isarray, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\indexof, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ultron, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\json3, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\wtf-8, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\yeast, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\.bin, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ms, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\USERS\{username}\APPDATA\ROAMING\win-svc, Delete-on-Reboot, [1033], [360756],1.0.1217 File: 440 Adware.Elex, C:\USERS\{username}\APPDATA\ROAMING\WIN-SVC\BIN\WINSVC.EXE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\asyncworker.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\buffers.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\callback.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\converters.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\errors.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\maybe_types.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\methods.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\new.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\node_misc.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\object_wrappers.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\persistent.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\scopes.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\script.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\string_bytes.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\v8_internals.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\doc\v8_misc.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\tools\1to2.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\tools\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\tools\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\CHANGELOG.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\include_dirs.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\LICENSE.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_callbacks.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_callbacks_12_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_callbacks_pre_12_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_converters.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_converters_43_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_converters_pre_43_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_implementation_12_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_implementation_pre_12_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_maybe_43_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_maybe_pre_43_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_new.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_object_wrap.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_persistent_12_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_persistent_pre_12_inl.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_string_bytes.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_typedarray_contents.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\nan_weak.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\nan\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\.bin\uuid, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after\test\after-test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after\LICENCE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\after\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\arraybuffer.slice\test\slice-buffer.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\arraybuffer.slice\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\arraybuffer.slice\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\arraybuffer.slice\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\arraybuffer.slice\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\arraybuffer.slice\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\test\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\backo2\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\base64-arraybuffer\lib\base64-arraybuffer.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\base64-arraybuffer\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\base64-arraybuffer\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\base64-arraybuffer\LICENSE-MIT, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\base64-arraybuffer\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\base64-arraybuffer\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\better-assert\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\better-assert\example.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\better-assert\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\better-assert\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\better-assert\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\better-assert\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\better-assert\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob\test\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob\.zuul.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\blob\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\callsite\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\callsite\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\callsite\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\callsite\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\callsite\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\callsite\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-bind\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-bind\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-bind\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-bind\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-bind\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-bind\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-bind\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-emitter\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-emitter\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-emitter\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-emitter\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-emitter\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\test\inherit.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\component-inherit\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\concat-stream\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\concat-stream\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\concat-stream\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\concat-stream\readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\core-util-is\lib\util.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\core-util-is\float.patch, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\core-util-is\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\core-util-is\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\core-util-is\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\core-util-is\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\.jshintrc, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\bower.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\browser.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\CHANGELOG.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\debug.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\node.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\debug\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\transports\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\transports\polling-jsonp.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\transports\polling-xhr.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\transports\polling.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\transports\websocket.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\socket.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\transport.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\lib\xmlhttprequest.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\engine.io.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-client\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\lib\browser.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\lib\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\lib\keys.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\fixtures\big.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\node_modules\has-binary\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\engine.io-parser\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-binary\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\has-cors\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\indexof\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\indexof\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\indexof\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\indexof\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\indexof\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\indexof\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\inherits\inherits.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\inherits\inherits_browser.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\inherits\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\inherits\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\inherits\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\isarray\build\build.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\isarray\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\isarray\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\isarray\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\isarray\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\json3\lib\json3.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\json3\lib\json3.min.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\json3\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\json3\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\json3\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ms\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ms\LICENSE.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ms\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ms\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\benchmark\bench.gnu, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\benchmark\bench.sh, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\benchmark\benchmark-native.c, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\benchmark\benchmark.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\benchmark\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\bin\uuid, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\test\compare_v1.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\test\test.html, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\test\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\bower.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\LICENSE.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\node-uuid\uuid.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\test\object.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\object-component\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\options\lib\options.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\options\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\options\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\options\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\options\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release\.deps\Release\obj.target\service.node.d, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release\.deps\Release\service.node.d, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release\obj.target\service.node, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Release\service.node, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\binding.Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\config.gypi, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\build\service.target.mk, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\example\periodic-logger.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\src\pthread.cc, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\src\pthread.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\src\service.cc, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\src\service.h, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\binding.gyp, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\os-service\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parsejson\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parsejson\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parsejson\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parsejson\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parsejson\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parsejson\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parsejson\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseqs\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseqs\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseqs\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseqs\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseqs\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseqs\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseqs\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\parseuri\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\process-nextick-args\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\process-nextick-args\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\process-nextick-args\license.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\process-nextick-args\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\process-nextick-args\readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\process-nextick-args\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\doc\wg-meetings\2015-01-30.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\doc\stream.markdown, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\lib\_stream_duplex.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\lib\_stream_passthrough.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\lib\_stream_readable.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\lib\_stream_transform.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\lib\_stream_writable.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\node_modules\isarray\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\.zuul.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\duplex.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\passthrough.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\readable.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\transform.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\readable-stream\writable.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\dist\socket.io.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\dist\socket.io.js.map, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\dist\socket.io.min.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\dist\socket.io.slim.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\dist\socket.io.slim.js.map, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\dist\socket.io.slim.min.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\lib\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\lib\manager.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\lib\on.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\lib\socket.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\lib\url.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-client\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\bower.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\component-emitter\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\.jshintrc, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\bower.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\browser.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\component.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\debug.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\node.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\debug\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\ms\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\ms\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\ms\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\ms\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\ms\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\node_modules\ms\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\binary.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\is-buffer.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\socket.io-parser\Readme.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\string_decoder\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\string_decoder\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\string_decoder\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\string_decoder\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\string_decoder\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\to-array\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\to-array\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\to-array\LICENCE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\to-array\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\to-array\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\example\tarray.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\test\server\undef_globals.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\test\tarray.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\typedarray\readme.markdown, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ultron\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ultron\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ultron\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ultron\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ultron\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ultron\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ultron\test.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\util-deprecate\browser.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\util-deprecate\History.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\util-deprecate\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\util-deprecate\node.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\util-deprecate\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\util-deprecate\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\BufferPool.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\BufferUtil.fallback.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\BufferUtil.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\ErrorCodes.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\Extensions.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\PerMessageDeflate.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\Receiver.hixie.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\Receiver.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\Sender.hixie.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\Sender.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\Validation.fallback.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\Validation.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\WebSocket.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\lib\WebSocketServer.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\.npmignore, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\.travis.yml, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\Makefile, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\ws\SECURITY.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\wtf-8\LICENSE-MIT.txt, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\wtf-8\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\wtf-8\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\wtf-8\wtf-8.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\example\demo.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\lib\XMLHttpRequest.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-constants.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-events.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-exceptions.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-headers.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-redirect-302.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-redirect-303.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-redirect-307.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-request-methods.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\test-request-protocols.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\tests\testdata.txt, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\autotest.watchr, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\xmlhttprequest-ssl\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\yeast\index.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\yeast\LICENSE, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\yeast\package.json, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\node_modules\yeast\README.md, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\app, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\main.js, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\bin\v, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\cmd.bat, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\reg.reg, Delete-on-Reboot, [1033], [360756],1.0.1217 Adware.Elex, C:\Users\{username}\AppData\Roaming\win-svc\run.vbs, Delete-on-Reboot, [1033], [360756],1.0.1217 Trojan.Agent.VBS, C:\USERS\{username}\DESKTOP\INST-CLI-17.EXE, Delete-on-Reboot, [771], [368894],1.0.1217 Trojan.Agent.VBS, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\WINSVC.VBS, Delete-on-Reboot, [771], [362645],1.0.1217 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.