Jump to content

Search the Community

Showing results for tags 'pup.optional.startpage'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 5 results

  1. What is Startpage Tasks? The Malwarebytes research team has determined that Startpage Tasks is adware. These adware applications display advertisements not originating from the sites you are browsing. This particular one creates Scheduled Tasks that open a browser window to an ad-rotator site at set intervals. The site that will be opened is added as an argument to the Scheduled Task. Note that the name of the Scheduled Task contains the letters in the argument. How do I remove Startpage Tasks? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Startpage Tasks? No, Malwarebytes removes Startpage Tasks completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes blocks their domains: Technical details for experts Possible signs in FRST logs: C:\Windows\System32\Tasks\bltopncomhohoj C:\Windows\System32\Tasks\dzopercomjhar Task: {279F95D4-D989-4C6D-931B-A883966304EA} - System32\Tasks\bltopncomhohoj => Chrome.exe bltopn.com/hohoj Task: {C920FE83-1B95-4C76-9AC5-E0B7F51ACB47} - System32\Tasks\dzopercomjhar => Firefox.exe dzoper.com/jhar Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/9/18 Scan Time: 8:31 AM Log File: 17bab22e-f50f-11e7-85bd-080027750297.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3654 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 246460 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 6 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 6 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BLTOPNCOMHOHOJ, Quarantined, [39], [474793],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{279F95D4-D989-4C6D-931B-A883966304EA}, Quarantined, [39], [474793],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{279F95D4-D989-4C6D-931B-A883966304EA}, Quarantined, [39], [474793],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DZOPERCOMJHAR, Quarantined, [39], [475864],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C920FE83-1B95-4C76-9AC5-E0B7F51ACB47}, Quarantined, [39], [475864],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{C920FE83-1B95-4C76-9AC5-E0B7F51ACB47}, Quarantined, [39], [475864],1.0.3654 Registry Value: 2 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{279F95D4-D989-4C6D-931B-A883966304EA}|PATH, Quarantined, [39], [474794],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C920FE83-1B95-4C76-9AC5-E0B7F51ACB47}|PATH, Quarantined, [39], [475863],1.0.3654 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\BLTOPNCOMHOHOJ, Quarantined, [39], [474793],1.0.3654 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\DZOPERCOMJHAR, Quarantined, [39], [475864],1.0.3654 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is 115118.net ? The Malwarebytes research team has determined that 115118.net is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is affected by 115118.net ? You may see this new homepage: which will redirect you to a Baidu startsite. You may see these search providers: and these links in your favorites: How did 115118.net get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove 115118.net ? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of 115118.net ? No, Malwarebytes removes 115118.net completely. You should have a look at our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the 115118.net hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: HKLM-x32\...\Run: [????{] => C:\Program Files (x86)\home\gho.exe [347728 2014-07-17] () HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.115118.net/?772js407 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.115118.net/?772js407 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.115118.net/?772js407 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.115118.net/?772js407 SearchScopes: HKCU -> DefaultScope {EB7D113C-C3B0-B5E3-3626-035F87FFDF45} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> Baidu URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> Google URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> {3887B59A-D1F6-4135-8247-48E1EC2C2EDD} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&ie=utf-8 SearchScopes: HKCU -> {EB7D113C-C3B0-B5E3-3626-035F87FFDF45} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> {F5EA8C0E-C6B5-4D60-8AFD-243026ABC33F} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 C:\Program Files (x86)\home Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\home Adds the file gho.exe"="7/17/2014 4:44 PM, 347728 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Adds the file ????.url"="3/29/2013 2:22 PM, 319 bytes, RA In the existing folder C:\Users\{username}\Favorites Adds the file 115118.net??????.url"="7/12/2017 9:22 AM, 54 bytes, A Adds the file 26176???.url"="7/12/2017 9:22 AM, 52 bytes, A Adds the file 330la?????.url"="7/12/2017 9:22 AM, 52 bytes, A Adds the file 52xp win7????.url"="7/12/2017 9:22 AM, 52 bytes, A Adds the file uc880???? ????.url"="7/12/2017 9:22 AM, 51 bytes, A Adds the file U?????.url"="7/12/2017 9:22 AM, 54 bytes, A Adds the file win860???? ???.url"="7/12/2017 9:22 AM, 53 bytes, A Adds the file win8??????.url"="7/12/2017 9:22 AM, 54 bytes, A Adds the file xtxz????????.url"="7/12/2017 9:22 AM, 52 bytes, A Adds the file ????-????.url"="7/12/2017 9:22 AM, 59 bytes, A Adds the file ???-?!???.url"="7/12/2017 9:22 AM, 62 bytes, A Adds the file ????-????.url"="7/12/2017 9:22 AM, 59 bytes, A Adds the file ????????.url"="7/12/2017 9:22 AM, 53 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\AnimExtensions] "."="REG_SZ", "dxmasf.dll,150" ".asf"="REG_SZ", "dxmasf.dll,150" ".asp"="REG_SZ", "dxmasf.dll,150" ".asx"="REG_SZ", "dxmasf.dll,150" ".nsc"="REG_SZ", "dxmasf.dll,150" ".wax"="REG_SZ", "dxmasf.dll,150" ".wm"="REG_SZ", "dxmasf.dll,150" ".wma"="REG_SZ", "dxmasf.dll,150" ".wmv"="REG_SZ", "dxmasf.dll,150" ".wmx"="REG_SZ", "dxmasf.dll,150" ".wvx"="REG_SZ", "dxmasf.dll,150" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\Extensions] ".ASF"= REG_SZ, "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".ASP"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".ASX"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".BECK"="REG_SZ", "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".IVF"="REG_SZ", "{C69E8F40-D5C8-11D0-A520-145405C10000}" ".NSC"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".WAX"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".WM"= REG_SZ, "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".WMA"= REG_SZ, "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".WMV"= REG_SZ, "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".WMX"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".WVX"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".xldap"="REG_SZ", "{A4E38A50-618A-4b20-ABC6-551B5C661E9F}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\ddeexec\Applicationr] "(Default)"="REG_SZ", "TencentTraveler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut] "(Default)"="REG_SZ", "Internet ????" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN] "Default_Page_URL" = REG_SZ, "http://www.115118.net/?772js407" "Start Page" = REG_SZ, "http://www.115118.net/?772js407" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "??????"="REG_SZ", "C:\Program Files (x86)\home\gho.exe" [HKEY_CURRENT_USER\Software\Classes\http] "(Default)"="REG_SZ", "URL:???????" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command] "(Default)"="REG_SZ", ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.115118.net/?772js407" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping] "{e2e2dd38-d088-4134-82b7-f2ba38496583}"="REG_DWORD", 8195 "{FA88FA88-1365-6229-3571-D50031769334}"="REG_DWORD", 8192 "{FA88FA88-6304-B590-7304-565980331160}"="REG_DWORD", 8193 "{FA88FA88-6781-6733-7451-932240182899}"="REG_DWORD", 8194 "NextId"="REG_DWORD", 8196 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="REG_SZ", "http://www.115118.net/?772js407" "Start Page" = REG_SZ, "http://www.115118.net/?772js407" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{EB7D113C-C3B0-B5E3-3626-035F87FFDF45}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] "FaviconURLFallback" = REG_SZ, "http://www.baidu.com/favicon.ico" "SuggestionsURLFallback" = REG_SZ, "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" "URL" = REG_SZ, "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3887B59A-D1F6-4135-8247-48E1EC2C2EDD}] "DisplayName"="REG_SZ", "BaiduSearch" "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB7D113C-C3B0-B5E3-3626-035F87FFDF45}] "DisplayName"="REG_SZ", "????" "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F5EA8C0E-C6B5-4D60-8AFD-243026ABC33F}] "Codepage"="REG_DWORD", 65001 "DisplayName"="REG_SZ", "??" "FaviconURL"="REG_SZ", "" "PreviewURL"="REG_SZ", "" "ShowSearchSuggestions"="REG_DWORD", 1 "SortIndex"="REG_DWORD", 1 "SuggestionsURL"="REG_SZ", "" "SuggestionsURL_JSON"="REG_SZ", "" "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Baidu] "Codepage"="REG_DWORD", 65001 "DisplayName"="REG_SZ", "????" "SortIndex"="REG_DWORD", -3 "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Google] "Codepage"="REG_DWORD", 936 "DisplayName"="REG_SZ", "????" "SortIndex"="REG_DWORD", -2 "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel] "HOMEPAGE"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main] "Start Page"="REG_SZ", "http://www.115118.net/?772js407" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/12/17 Scan Time: 2:17 PM Log File: mbam115118net.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2349 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337883 Threats Detected: 38 Threats Quarantined: 38 Time Elapsed: 2 min, 10 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 9 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\Baidu, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\Google, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3887B59A-D1F6-4135-8247-48E1EC2C2EDD}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EB7D113C-C3B0-B5E3-3626-035F87FFDF45}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F5EA8C0E-C6B5-4D60-8AFD-243026ABC33F}, Delete-on-Reboot, [115], [258339],1.0.2349 Registry Value: 9 PUP.Optional.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|??????, Delete-on-Reboot, [60], [415594],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\Baidu|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\Google|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|SUGGESTIONSURLFALLBACK, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3887B59A-D1F6-4135-8247-48E1EC2C2EDD}|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EB7D113C-C3B0-B5E3-3626-035F87FFDF45}|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F5EA8C0E-C6B5-4D60-8AFD-243026ABC33F}|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.StartPage, HKCU\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Delete-on-Reboot, [60], [415595],1.0.2349 Registry Data: 4 Hijack.StartPage.Gen, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [16643], [292512],1.0.2349 Hijack.StartPage.Gen, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, Replace-on-Reboot, [16643], [292512],1.0.2349 Hijack.StartPage.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, Replace-on-Reboot, [16643], [292511],1.0.2349 Hijack.StartPage.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [16643], [292511],1.0.2349 Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.StartPage, C:\PROGRAM FILES (X86)\HOME, Delete-on-Reboot, [60], [415594],1.0.2349 File: 15 PUP.Optional.StartPage.Generic, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\????.URL, Delete-on-Reboot, [625], [415584],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\330LA?????.URL, Delete-on-Reboot, [625], [415587],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\XTXZ????????.URL, Delete-on-Reboot, [625], [415592],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\UC880???? ????.URL, Delete-on-Reboot, [625], [415589],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\???-?!???.URL, Delete-on-Reboot, [625], [415589],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\U?????.URL, Delete-on-Reboot, [625], [415590],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\????-????.URL, Delete-on-Reboot, [625], [415589],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\52XP WIN7????.URL, Delete-on-Reboot, [625], [415586],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\????-????.URL, Delete-on-Reboot, [625], [415589],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\115118.NET??????.URL, Delete-on-Reboot, [625], [415585],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\WIN860???? ???.URL, Delete-on-Reboot, [625], [415591],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\????????.URL, Delete-on-Reboot, [625], [415593],1.0.2349 PUP.Optional.StartPage, C:\PROGRAM FILES (X86)\HOME\GHO.EXE, Delete-on-Reboot, [60], [415594],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\26176???.URL, Delete-on-Reboot, [625], [415588],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\WIN8??????.URL, Delete-on-Reboot, [625], [415591],1.0.2349 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is FileTour bundler? The Malwarebytes research team has determined that FileTour bundler is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one changes your startpage, your seach provider and it also displays advertisements. How do I know if my computer is affected by FileTour bundler? You may see these warnings during install: these browser add-ons: these Scheduled Tasks: and you will see these icons in your startmenu, your taskbar, and on your desktop: and these changed settings: How did FileTour bundler get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove FileTour bundler? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of FileTour bundler? No, Malwarebytes removes FileTour bundler completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. You can remove the orphaned shortcuts from your desktop and taskbar. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the FileTour bundler hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: Internet Explorer Version 11 (Default browser: "C:\Users\{username}\AppData\Local\Amigo\Application\amigo.exe" -- "%1") (Mail.Ru) C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe (Mail.Ru) C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe (Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe HKCU\...\Run: [amigo] => C:\Users\{username}\AppData\Local\Amigo\Application\amigo.exe [930280 2017-04-14] (Mail.Ru) HKCU\...\Run: [MailRuUpdater] => C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe [4127960 2017-05-02] (Mail.Ru) SearchScopes: HKCU -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BC6C7DDCB-CC6B-4EE8-8E8A-E167FC9126F6%7D&gp=811041 SearchScopes: HKCU -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BC6C7DDCB-CC6B-4EE8-8E8A-E167FC9126F6%7D&gp=811041 BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-05-16] (Mail.Ru) FF DefaultSearchEngine: Поиск@Mail.Ru FF SelectedSearchEngine: Поиск@Mail.Ru FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000 FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B2E33D386-CDC8-43DB-9E30-5D1031D66797%7D&gp=811037 FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-04-24] [not signed] FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\{username}\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\searchplugins\mailru.xml [2017-05-16] FF Extension: Визуальные закладки @Mail.Ru - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-05-16] FF Extension: Домашняя страница Mail.Ru - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\Extensions\homepage@mail.ru [2017-05-16] FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-05-16] [not signed] CHR HomePage: Default -> mail.ru CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811040" CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BFB77DBBC-BA9F-4637-BCBB-EF4B7DC102E1%7D&gp=811041 CHR DefaultSearchKeyword: Default -> mail.ru CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms} CHR Extension: (Mail.Ru) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-05-16] CHR Extension: (Tampermonkey) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-16] CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\epgjfmblhacacphaljkdcjllkomdcjpc [2017-05-16] CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-05-16] CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [epgjfmblhacacphaljkdcjllkomdcjpc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx OPR Extension: (Tampermonkey) - C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-16] R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2017-05-02] (Mail.Ru) R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4127960 2017-05-02] (Mail.Ru) C:\Windows\System32\Tasks\MailRuUpdater C:\Users\{username}\AppData\LocalLow\Unity C:\Users\{username}\AppData\Local\Unity C:\Program Files (x86)\Mail.Ru C:\Users\{username}\AppData\Local\Amigo C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk C:\Users\{username}\Desktop\Одноклассники.lnk C:\Users\{username}\Desktop\ВКонтакте.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk C:\Users\{username}\Desktop\Amigo.lnk C:\Users\{username}\AppData\Local\Mail.Ru C:\Windows\System32\Tasks\myblognewsorggasdsm C:\Users\{username}\Desktop\Искать в Интернете.url C:\ProgramData\Mail.Ru Amigo (HKCU\...\Amigo) (Version: 56.0.2924.180 - Mail.Ru) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS) Служба автоматического обновления программ (HKCU\...\MailRuUpdater) (Version: - Mail.Ru) Task: {9ED6C944-AF3E-49BC-B4AD-A0F000F1B665} - System32\Tasks\MailRuUpdater => C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe [2017-05-02] (Mail.Ru) Task: {B87AB81E-E396-4085-9579-71574BD845EF} - System32\Tasks\myblognewsorggasdsm => Firefox.exe myblognews.org/gasdsm ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035" ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035" FirewallRules: [{18D232AA-DB92-4287-B179-241A8283A45B}] => (Allow) C:\Users\{username}\AppData\Local\Amigo\Application\amigo.exe Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/16/17 Scan Time: 8:50 AM Logfile: mbamFileTour.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1950 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 331325 Time Elapsed: 3 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 3 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe, Quarantined, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe, Quarantined, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe, Quarantined, [989], [382901],1.0.1950 Module: 3 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe, Quarantined, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe, Quarantined, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe, Quarantined, [989], [382901],1.0.1950 Registry Key: 31 PUP.Optional.MailRu, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater.Mail.Ru, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mrupdsrv, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO.1, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MailRuUpdater, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.Amigo, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amigo, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\Mail.Ru, Delete-on-Reboot, [989], [386185],1.0.1950 PUP.Optional.Amigo, HKCU_Classes\AmigoHTML.W2HDI6XWEU6JI5QBIEKK3NDI2A, Delete-on-Reboot, [5010], [397071],1.0.1950 PUP.Optional.Amigo, HKCU\SOFTWARE\AMIGO, Delete-on-Reboot, [5010], [386187],1.0.1950 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\myblognewsorggasdsm, Delete-on-Reboot, [58], [377576],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Delete-on-Reboot, [989], [382913],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\Mail.Ru, Delete-on-Reboot, [989], [387290],1.0.1950 PUP.Optional.Amigo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\amigo.exe, Delete-on-Reboot, [5010], [386186],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Mail.Ru, Delete-on-Reboot, [989], [389765],1.0.1950 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B87AB81E-E396-4085-9579-71574BD845EF}, Delete-on-Reboot, [58], [377575],1.0.1950 Registry Value: 7 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MailRuUpdater, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.Amigo, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|amigo, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, HKCU\SOFTWARE\AMIGO|NAME, Delete-on-Reboot, [5010], [386187],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, Delete-on-Reboot, [989], [382913],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, Delete-on-Reboot, [989], [382913],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, Delete-on-Reboot, [989], [382913],1.0.1950 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B87AB81E-E396-4085-9579-71574BD845EF}|PATH, Delete-on-Reboot, [58], [377575],1.0.1950 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 62 PUP.Optional.MailRu, C:\PROGRAMDATA\Mail.Ru, Delete-on-Reboot, [989], [384139],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\Update Service, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\MailRuUpdater, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\PROGRAM FILES (X86)\Mail.Ru, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\GoChromiumNativeHost, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik\ptls, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\LOCAL\Mail.Ru, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\META-INF, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\content, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\skin, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\homepage@mail.ru, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\lib, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\{A38384B3-2D1D-4F36-BC22-0F7AE402BCD7}, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\_platform_specific\win_x86, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\_platform_specific, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\VisualElements, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\PepperFlash, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Extensions, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Installer, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Crashpad\reports, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\SetupMetrics, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\amigo_safe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Crashpad, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\APPDATA\LOCAL\AMIGO, Delete-on-Reboot, [5010], [386181],1.0.1950 File: 300 PUP.Optional.MailRu, C:\ProgramData\Mail.Ru\Id, Delete-on-Reboot, [989], [384139],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\GoChromiumNativeHost\manifest.json, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\GoChromiumNativeHost\native_host_app.exe, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik\MailRu.ico, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\GoMailRu.ico, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\mrkeeper.exe, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\content\fx-metrics.js, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\content\loader.js, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\META-INF\manifest.mf, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\META-INF\mozilla.rsa, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\META-INF\mozilla.sf, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\skin\mail48.png, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\bootstrap.js, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\chrome.manifest, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\install.rdf, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.html, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\modules.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\customScrollbar.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\dialog.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\general.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\grid.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\informers.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\menu.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\news.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\searchbar.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\slide.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\splash.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\suggests.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\tabs.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\themes.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog\close.v2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-1.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-3.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic\informers__traffic-jam.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\01.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\02.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\03.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\04.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\05.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\06.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\07.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\08.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\09.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\10.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\11.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-1.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-3.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-4.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete-hover.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit-hover.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-1.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-10.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-11.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-13.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-3.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-4.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-5.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-6.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-7.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-8.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-9.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\leather.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood_2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_cookies.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_fabric.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_flax.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_mosaic.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_wall.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-1.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-10.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-11.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-13.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-3.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-4.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-5.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-6.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-7.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-8.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-9.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\cookies.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\fabric.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\flax.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\leather.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\mosaic.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-left.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-right.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-ok.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-wrong.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wall.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood_2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\calendar.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\games.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\news.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\torg.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\travel.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\01.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\02.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\03.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\04.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\05.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\06.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\07.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\08.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\09.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\10.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\11.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loading.gif, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\128x128.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\16x16.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\48x48.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\add_button.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\ajax_loader_mc.gif, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\clock.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\close.v2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\cross.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\favicon.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\leftright.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loader.gif, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo_bg.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\multiauth.gif, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\no_photo.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\p-main_sub__gradient.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\pane-arrow.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\reg1.bg.v2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar__button.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\search_bg.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\sgmus.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slider-arrow.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\file-system.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\jquery-core.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\sqliteStorage.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\visibleTab.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config\config.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery-ui.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\knockout-2.2.1.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\suggests.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\drag_drop.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\edit-dialog.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\layout.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\remove-dialog.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\updates.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\currency.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\geo-monitoring.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\mail-counter.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\news.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\odnoklassniki-counter.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\searchbar.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\themes.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\traffic.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\weather.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\informer.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\pane.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\slider.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\tab-strip.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox\facade.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils\utils.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\google-analytics.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\main.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\manifest.json, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\visual-bookmarks.html, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\fx-metrics.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\loader.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\main.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\newtabhomepage.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\overlay.xul, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\Utils.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU\vbmail.dtd, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU\vbmail.properties, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\overlay.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\vb-logo.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\lib\version.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\manifest.mf, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\mozilla.rsa, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\mozilla.sf, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome.manifest, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\install.rdf, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAIL.RU.LNK, Delete-on-Reboot, [989], [384473],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [989], [382917],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [989], [382918],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\AMIGO.LNK, Delete-on-Reboot, [5010], [386182],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AMIGO.LNK, Delete-on-Reboot, [5010], [386183],1.0.1950 Adware.FileTour, C:\USERS\{username}\DESKTOP\INSTALL.EXE, Delete-on-Reboot, [240], [398852],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\DESKTOP\AMIGO.LNK, Delete-on-Reboot, [5010], [386184],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\APPDATA\LOCAL\AMIGO\APPLICATION\MAIL.ICO, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Extensions\external_extensions.json, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Installer\chrome.7z, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Installer\setup.exe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\hi.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\am.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ar.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\bg.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\bn.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ca.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\cs.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\da.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\de.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\el.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\en-GB.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\en-US.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\es-419.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\es.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\et.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\fa.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\fi.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\fil.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\fr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\gu.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\he.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\hr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\hu.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\id.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\it.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ja.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\kn.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ko.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\lt.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\lv.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ml.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\mr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ms.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\nb.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\nl.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\pl.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\pt-BR.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\pt-PT.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ro.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ru.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sk.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sl.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sv.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sw.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ta.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\te.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\th.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\tr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\uk.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\vi.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\zh-CN.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\zh-TW.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\PepperFlash\manifest.json, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\PepperFlash\pepflashplayer.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\VisualElements\logo.png, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\VisualElements\smalllogo.png, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\_platform_specific\win_x86\widevinecdm.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\manifest.json, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\56.0.2924.180.manifest, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\amigo_resources.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_100_percent.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_200_percent.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_child.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_elf.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_watcher.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\d3dcompiler_47.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\icudtl.dat, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\libegl.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\libglesv2.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\nacl64.exe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\nacl_irt_x86_32.nexe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\nacl_irt_x86_64.nexe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\natives_blob.bin, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\resources.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\snapshot_blob.bin, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\SetupMetrics\20170516083700.pma, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\amigo.exe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\amigo.VisualElementsManifest.xml, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\mg.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\mm.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\music.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\ok.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\vk.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Crashpad\metadata, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Crashpad\settings.dat, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\data_0, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\data_1, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\data_2, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\data_3, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\index, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\CrashpadMetrics.pma, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Local State, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\myblognewsorggasdsm, Delete-on-Reboot, [58], [380721],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\SEARCHPLUGINS\MAILRU.XML, Delete-on-Reboot, [989], [384856],1.0.1950 PUP.Optional.MailRu.Generic, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\MAIL.RU.LNK, Delete-on-Reboot, [9048], [385023],1.0.1950 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is Fast approach TT? The Malwarebytes research team has determined that Fast approach TT is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Fast approach TT? You may see this entry in your list of installed programs and features: and these warnings during install: You may see this entry in your list of installed programs: and this task in your Task Scheduler: This is the associated Chrome extension: and the details about its permissions: How did Fast approach TT get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Fast approach TT? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Fast approach TT? This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the Fast approach TT entry. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the Fast approach TT adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: () C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe HKCU\...\Run: [adpighggolpekomhljmodbklekkbebac] => C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe [27648 2015-12-21] () C:\Windows\System32\Tasks\adpighggolpekomhljmodbklekkbebac C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac adpighggolpekomhljmodbklekkbebac (HKCU\...\adpighggolpekomhljmodbklekkbebac) (Version: - ) Task: {A2EF9CEE-6DD7-4A3F-BD2D-78C9199F86A9} - System32\Tasks\adpighggolpekomhljmodbklekkbebac => C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe [2015-12-21] () The most significant alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac Adds the file adpighggolpekomhljmodbklekkbebac.crx"="4/6/2017 11:14 PM, 28192 bytes, A Adds the file brplugin.bin"="4/6/2017 11:14 PM, 432128 bytes, A Adds the file brplugin.py"="4/6/2017 11:14 PM, 17199 bytes, A Adds the file hash.txt"="4/6/2017 11:14 PM, 344 bytes, A Adds the file id.txt"="4/6/2017 11:14 PM, 32 bytes, A Adds the file launchall.py"="4/6/2017 11:14 PM, 17521 bytes, A Adds the file ml.py"="4/6/2017 11:14 PM, 27553 bytes, A Adds the file subid.txt"="5/4/2017 12:13 PM, 0 bytes, A Adds the file uninstall.exe"="5/4/2017 12:13 PM, 63493 bytes, A Adds the file uuid.txt"="5/4/2017 12:13 PM, 36 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python Adds the file msvcr100.dll"="2/19/2011 8:40 AM, 773968 bytes, A Adds the file python.exe"="12/21/2015 3:28 AM, 27136 bytes, A Adds the file python34.dll"="12/21/2015 3:28 AM, 2744320 bytes, A Adds the file pythonw.exe"="12/21/2015 3:28 AM, 27648 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs Adds the file _ctypes.pyd"="12/21/2015 3:28 AM, 85504 bytes, A Adds the file _socket.pyd"="12/21/2015 3:28 AM, 47104 bytes, A Adds the file _ssl.pyd"="12/21/2015 3:29 AM, 1331200 bytes, A Adds the file select.pyd"="12/21/2015 3:28 AM, 9728 bytes, A Adds the file unicodedata.pyd"="12/21/2015 3:28 AM, 758784 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections Adds the file __init__.py"="12/7/2015 12:25 AM, 44543 bytes, A Adds the file __main__.py"="8/1/2012 7:05 PM, 1313 bytes, A Adds the file abc.py"="10/21/2013 3:16 AM, 70 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__ Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 45688 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes Adds the file __init__.py"="9/22/2014 5:03 AM, 17561 bytes, A Adds the file _endian.py"="3/26/2012 6:48 AM, 2013 bytes, A Adds the file util.py"="5/1/2014 10:21 PM, 9257 bytes, A Adds the file wintypes.py"="3/26/2012 6:48 AM, 5830 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\__pycache__ Adds the file __init__.cpython-34.pyc"="11/25/2016 8:15 PM, 17756 bytes, A Adds the file _endian.cpython-34.pyc"="11/25/2016 8:15 PM, 2077 bytes, A Adds the file util.cpython-34.pyc"="5/4/2017 12:13 PM, 7121 bytes, A Adds the file wintypes.cpython-34.pyc"="11/25/2016 8:15 PM, 5780 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib Adds the file __init__.py"="3/26/2012 6:48 AM, 163 bytes, A Adds the file dyld.py"="3/26/2012 6:48 AM, 5065 bytes, A Adds the file dylib.py"="3/26/2012 6:48 AM, 1891 bytes, A Adds the file fetch_macholib"="5/7/2011 10:03 PM, 86 bytes, A Adds the file fetch_macholib.bat"="12/7/2015 12:25 AM, 75 bytes, A Adds the file framework.py"="3/26/2012 6:48 AM, 2266 bytes, A Adds the file README.ctypes"="5/7/2011 10:03 PM, 302 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime Adds the file __init__.py"="5/7/2011 10:04 PM, 0 bytes, A Adds the file application.py"="5/7/2011 10:04 PM, 1292 bytes, A Adds the file audio.py"="3/26/2012 6:48 AM, 2747 bytes, A Adds the file base.py"="5/7/2011 10:04 PM, 820 bytes, A Adds the file image.py"="5/7/2011 10:04 PM, 1810 bytes, A Adds the file message.py"="5/7/2011 10:04 PM, 1320 bytes, A Adds the file multipart.py"="5/7/2011 10:04 PM, 1620 bytes, A Adds the file nonmultipart.py"="2/8/2015 6:39 PM, 713 bytes, A Adds the file text.py"="5/1/2014 10:21 PM, 1408 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings\__pycache__ Adds the file __init__.cpython-34.pyc"="11/25/2016 8:14 PM, 3912 bytes, A Adds the file aliases.cpython-34.pyc"="11/25/2016 8:14 PM, 7861 bytes, A Adds the file cp1251.cpython-34.pyc"="11/25/2016 8:14 PM, 2609 bytes, A Adds the file cp1252.cpython-34.pyc"="5/4/2017 12:13 PM, 2618 bytes, A Adds the file cp866.cpython-34.pyc"="11/25/2016 8:14 PM, 8038 bytes, A Adds the file idna.cpython-34.pyc"="5/4/2017 12:13 PM, 6579 bytes, A Adds the file latin_1.cpython-34.pyc"="11/25/2016 8:14 PM, 2060 bytes, A Adds the file mbcs.cpython-34.pyc"="11/25/2016 8:14 PM, 1829 bytes, A Adds the file utf_16.cpython-34.pyc"="5/4/2017 12:13 PM, 5292 bytes, A Adds the file utf_8.cpython-34.pyc"="11/25/2016 8:14 PM, 1748 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http Adds the file __init__.py"="3/26/2012 6:48 AM, 39 bytes, A Adds the file client.py"="12/7/2015 12:25 AM, 49238 bytes, A Adds the file cookiejar.py"="12/7/2015 12:25 AM, 78423 bytes, A Adds the file cookies.py"="12/7/2015 12:25 AM, 21667 bytes, A Adds the file server.py"="12/7/2015 12:25 AM, 47626 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http\__pycache__ Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 178 bytes, A Adds the file client.cpython-34.pyc"="5/4/2017 12:13 PM, 33281 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json Adds the file __init__.py"="12/7/2015 12:25 AM, 13576 bytes, A Adds the file decoder.py"="1/2/2014 7:44 PM, 13125 bytes, A Adds the file encoder.py"="9/9/2013 3:35 AM, 16221 bytes, A Adds the file scanner.py"="8/4/2013 6:54 AM, 2489 bytes, A Adds the file tool.py"="6/23/2014 6:50 AM, 993 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes Adds the file __init__.py"="9/21/2016 4:14 AM, 895 bytes, A Adds the file dnskeybase.py"="9/21/2016 4:14 AM, 4387 bytes, A Adds the file dsbase.py"="9/21/2016 4:14 AM, 3081 bytes, A Adds the file euibase.py"="9/21/2016 4:14 AM, 2746 bytes, A Adds the file mxbase.py"="9/21/2016 4:14 AM, 3660 bytes, A Adds the file nsbase.py"="9/21/2016 4:14 AM, 2851 bytes, A Adds the file txtbase.py"="9/21/2016 4:14 AM, 3040 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN Adds the file __init__.py"="9/21/2016 4:14 AM, 965 bytes, A Adds the file A.py"="9/21/2016 4:14 AM, 1854 bytes, A Adds the file AAAA.py"="9/21/2016 4:14 AM, 1939 bytes, A Adds the file APL.py"="9/21/2016 4:14 AM, 5250 bytes, A Adds the file DHCID.py"="9/21/2016 4:14 AM, 2020 bytes, A Adds the file IPSECKEY.py"="9/21/2016 4:14 AM, 5682 bytes, A Adds the file KX.py"="9/21/2016 4:14 AM, 881 bytes, A Adds the file NAPTR.py"="9/21/2016 4:14 AM, 4470 bytes, A Adds the file NSAP.py"="9/21/2016 4:14 AM, 2080 bytes, A Adds the file NSAP_PTR.py"="9/21/2016 4:14 AM, 893 bytes, A Adds the file PX.py"="9/21/2016 4:14 AM, 3394 bytes, A Adds the file SRV.py"="9/21/2016 4:14 AM, 3054 bytes, A Adds the file WKS.py"="9/21/2016 4:14 AM, 3812 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib Adds the file __init__.py"="3/26/2012 6:49 AM, 0 bytes, A Adds the file error.py"="3/19/2013 8:47 AM, 2743 bytes, A Adds the file parse.py"="2/8/2015 6:39 PM, 36221 bytes, A Adds the file request.py"="12/7/2015 12:25 AM, 95648 bytes, A Adds the file response.py"="12/7/2015 12:25 AM, 2379 bytes, A Adds the file robotparser.py"="6/23/2014 6:50 AM, 7176 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib\__pycache__ Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 180 bytes, A Adds the file error.cpython-34.pyc"="5/4/2017 12:13 PM, 2728 bytes, A Adds the file parse.cpython-34.pyc"="5/4/2017 12:13 PM, 30851 bytes, A Adds the file request.cpython-34.pyc"="5/4/2017 12:13 PM, 74129 bytes, A Adds the file response.cpython-34.pyc"="5/4/2017 12:13 PM, 3446 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file adpighggolpekomhljmodbklekkbebac"="5/4/2017 12:14 PM, 3662 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\adpighggolpekomhljmodbklekkbebac] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "adpighggolpekomhljmodbklekkbebac"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe" "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\ml.py" --APPNAME="adpighggolpekomhljmodbklekkbebac"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\adpighggolpekomhljmodbklekkbebac] "DisplayName"="REG_SZ", "adpighggolpekomhljmodbklekkbebac" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uninstall.exe" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/4/17 Scan Time: 12:31 PM Logfile: mbamPythonExtension.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1866 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 329746 Time Elapsed: 2 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Quarantined, [1358], [389396],1.0.1866 Module: 7 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\unicodedata.pyd, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ctypes.pyd, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_socket.pyd, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ssl.pyd, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\msvcr100.dll, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python34.dll, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Quarantined, [1358], [389396],1.0.1866 Registry Key: 1 Adware.Agent.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\adpighggolpekomhljmodbklekkbebac, Delete-on-Reboot, [1358], [389396],1.0.1866 Registry Value: 1 Adware.Agent.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|adpighggolpekomhljmodbklekkbebac, Delete-on-Reboot, [1358], [389396],1.0.1866 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 38 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales\en, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [58], [389392],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\USERS\{username}\APPDATA\ROAMING\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [1358], [389396],1.0.1866 File: 474 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales\en\messages.json, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata\computed_hashes.json, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata\verified_contents.json, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\128x128.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\19x19.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\38x38.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\48x48.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\64x64.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\cs.js, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\manifest.json, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\popup.html, Delete-on-Reboot, [58], [389392],1.0.1866 Adware.Agent.Generic, C:\USERS\{username}\APPDATA\ROAMING\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC.CRX, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\select.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\unicodedata.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ctypes.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_socket.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ssl.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__\__init__.cpython-34.pyc, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\abc.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_compat_pickle.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_dummy_thread.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_sitebuiltins.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_weakrefset.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__future__.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\msvcr100.dll, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python.exe, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python34.dll, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\brplugin.bin, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\brplugin.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\hash.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\id.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\launchall.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\ml.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\subid.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\time.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uninstall.exe, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uuid.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Trojan.Agent.Python, C:\USERS\{username}\DESKTOP\B45BAF964E244E67E38A32C8E50A2E09.EXE, Delete-on-Reboot, [9112], [389379],1.0.1866 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [58], [391191],1.0.1866 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is setupsk? The Malwarebytes research team has determined that setupsk is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one sets a proxy port on visits to certain domains and IPs. How do I know if my computer is affected by setupsk? You may see this entry in your list of installed software: and these warnings during install: these Scheduled Tasks: How did setupsk get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove setupsk? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of setupsk? No, Malwarebytes removes setupsk completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the setupsk hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: () C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe HKCU\...\Run: [setupsk_upd] => C:\Users\{username}\AppData\Roaming\setupsk_upd\python\pythonw.exe [27136 2012-09-29] () HKCU\...\Run: [setupsk] => C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe [27136 2012-09-29] () C:\Windows\System32\Tasks\setupsk_upd C:\Windows\System32\Tasks\setupsk C:\Users\{username}\AppData\Roaming\setupsk C:\Users\{username}\AppData\Roaming\setupsk_upd setupsk (HKCU\...\setupsk) (Version: - ) Task: {2CD7F699-A883-44C4-900B-EA04AF7E4AF6} - System32\Tasks\setupsk => C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe [2012-09-29] () Task: {86E66202-596A-4E46-B15A-CE52C138B39C} - System32\Tasks\setupsk_upd => C:\Users\{username}\AppData\Roaming\setupsk_upd\python\pythonw.exe [2012-09-29] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\setupsk Adds the file httpfilter.bin"="4/19/2017 9:17 AM, 972800 bytes, A Adds the file httpfilter.bin.sha1"="4/19/2017 9:17 AM, 40 bytes, A Adds the file httpfilter.py"="4/19/2017 9:17 AM, 21778 bytes, A Adds the file httpfilter.py.sha1"="4/19/2017 9:17 AM, 40 bytes, A Adds the file id.txt"="4/19/2017 9:17 AM, 30 bytes, A Adds the file localconfig.json"="4/3/2017 5:21 PM, 55 bytes, A Adds the file ml.py"="4/19/2017 9:17 AM, 12861 bytes, A Adds the file ml.py.sha1"="4/19/2017 9:17 AM, 40 bytes, A Adds the file rules.ini"="4/19/2017 9:17 AM, 626 bytes, A Adds the file rules.ini.sha1"="4/19/2017 9:17 AM, 40 bytes, A Adds the file settings.ini"="4/19/2017 9:17 AM, 20369 bytes, A Adds the file settings.ini.sha1"="4/19/2017 9:17 AM, 40 bytes, A Adds the file subid.txt"="4/19/2017 9:16 AM, 0 bytes, A Adds the file uninstall.exe"="4/19/2017 9:16 AM, 60337 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\configs Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\js Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python Adds the file msvcr100.dll"="2/19/2011 8:40 AM, 773968 bytes, A Adds the file python.exe"="9/29/2012 9:56 AM, 26624 bytes, A Adds the file python.exe.sha1"="4/19/2017 9:17 AM, 40 bytes, A Adds the file python33.dll"="9/29/2012 9:55 AM, 2641408 bytes, A Adds the file pythonw.exe"="9/29/2012 9:56 AM, 27136 bytes, A Adds the file pythonw.exe.sha1"="4/19/2017 9:17 AM, 40 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\collections Adds the file __init__.py"="8/1/2012 10:05 AM, 43164 bytes, A Adds the file __main__.py"="8/1/2012 10:05 AM, 1313 bytes, A Adds the file abc.py"="8/1/2012 10:05 AM, 16686 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\collections\__pycache__ Adds the file __init__.cpython-33.pyc"="2/17/2017 6:54 PM, 69719 bytes, A Adds the file abc.cpython-33.pyc"="2/17/2017 6:54 PM, 35937 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\ctypes Adds the file __init__.py"="8/1/2012 10:05 AM, 17574 bytes, A Adds the file _endian.py"="3/25/2012 9:48 PM, 2013 bytes, A Adds the file util.py"="8/1/2012 10:05 AM, 8238 bytes, A Adds the file wintypes.py"="3/25/2012 9:48 PM, 5830 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\ctypes\__pycache__ Adds the file __init__.cpython-33.pyc"="2/17/2017 6:57 PM, 28719 bytes, A Adds the file _endian.cpython-33.pyc"="2/17/2017 6:57 PM, 3096 bytes, A Adds the file wintypes.cpython-33.pyc"="4/19/2017 9:17 AM, 8373 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\ctypes\macholib Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\ctypes\test Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\email Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\email\mime Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\encodings Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\encodings\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\http Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\json Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\logging Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\logging\__pycache__ Adds the file __init__.cpython-33.pyc"="4/19/2017 9:16 AM, 82884 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages Adds the file README.txt"="5/7/2011 1:04 PM, 121 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\client Adds the file __init__.py"="2/17/2017 6:39 PM, 10460 bytes, A Adds the file _code_cache.py"="2/17/2017 6:39 PM, 5606 bytes, A Adds the file _events.py"="2/17/2017 6:39 PM, 11291 bytes, A Adds the file _generate.py"="2/17/2017 6:39 PM, 7298 bytes, A Adds the file dynamic.py"="2/17/2017 6:39 PM, 5927 bytes, A Adds the file lazybind.py"="2/17/2017 6:39 PM, 10188 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\client\__pycache__ Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 10953 bytes, A Adds the file _code_cache.cpython-33.pyc"="4/19/2017 9:17 AM, 6327 bytes, A Adds the file _events.cpython-33.pyc"="4/19/2017 9:17 AM, 14040 bytes, A Adds the file _generate.cpython-33.pyc"="4/19/2017 9:17 AM, 6842 bytes, A Adds the file dynamic.cpython-33.pyc"="4/19/2017 9:17 AM, 9478 bytes, A Adds the file lazybind.cpython-33.pyc"="4/19/2017 9:17 AM, 11574 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\gen Adds the file __init__.py"="4/19/2017 9:17 AM, 56 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\gen\__pycache__ Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 186 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\server Adds the file __init__.py"="2/17/2017 6:39 PM, 2390 bytes, A Adds the file automation.py"="2/17/2017 6:39 PM, 3006 bytes, A Adds the file connectionpoints.py"="2/17/2017 6:39 PM, 6201 bytes, A Adds the file inprocserver.py"="2/17/2017 6:39 PM, 4317 bytes, A Adds the file localserver.py"="2/17/2017 6:39 PM, 2392 bytes, A Adds the file register.py"="2/17/2017 6:39 PM, 14506 bytes, A Adds the file w_getopt.py"="2/17/2017 6:39 PM, 2701 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\server\__pycache__ Adds the file __init__.cpython-33.pyc"="2/17/2017 6:39 PM, 2819 bytes, A Adds the file automation.cpython-33.pyc"="2/17/2017 6:39 PM, 4934 bytes, A Adds the file connectionpoints.cpython-33.pyc"="2/17/2017 6:39 PM, 8031 bytes, A Adds the file inprocserver.cpython-33.pyc"="2/17/2017 6:39 PM, 6035 bytes, A Adds the file localserver.cpython-33.pyc"="2/17/2017 6:39 PM, 4677 bytes, A Adds the file register.cpython-33.pyc"="2/17/2017 6:39 PM, 16218 bytes, A Adds the file w_getopt.cpython-33.pyc"="2/17/2017 6:39 PM, 4056 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\test Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\test\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\tools Adds the file __init__.py"="2/17/2017 6:39 PM, 29 bytes, A Adds the file codegenerator.py"="2/17/2017 6:39 PM, 41196 bytes, A Adds the file tlbparser.py"="2/17/2017 6:39 PM, 31825 bytes, A Adds the file typedesc.py"="2/17/2017 6:39 PM, 3896 bytes, A Adds the file typedesc_base.py"="2/17/2017 6:39 PM, 5414 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\tools\__pycache__ Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 188 bytes, A Adds the file codegenerator.cpython-33.pyc"="4/19/2017 9:17 AM, 42807 bytes, A Adds the file tlbparser.cpython-33.pyc"="2/17/2017 6:39 PM, 31017 bytes, A Adds the file typedesc.cpython-33.pyc"="4/19/2017 9:17 AM, 12748 bytes, A Adds the file typedesc_base.cpython-33.pyc"="4/19/2017 9:17 AM, 18960 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\ANY Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\IN Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\IN\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\urllib Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections Adds the file __init__.py"="8/1/2012 10:05 AM, 43164 bytes, A Adds the file __main__.py"="8/1/2012 10:05 AM, 1313 bytes, A Adds the file abc.py"="8/1/2012 10:05 AM, 16686 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__pycache__ Adds the file __init__.cpython-33.pyc"="2/17/2017 6:54 PM, 69719 bytes, A Adds the file abc.cpython-33.pyc"="2/17/2017 6:54 PM, 35937 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes Adds the file __init__.py"="8/1/2012 10:05 AM, 17574 bytes, A Adds the file _endian.py"="3/25/2012 9:48 PM, 2013 bytes, A Adds the file util.py"="8/1/2012 10:05 AM, 8238 bytes, A Adds the file wintypes.py"="3/25/2012 9:48 PM, 5830 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\__pycache__ Adds the file __init__.cpython-33.pyc"="2/17/2017 6:57 PM, 28719 bytes, A Adds the file _endian.cpython-33.pyc"="2/17/2017 6:57 PM, 3096 bytes, A Adds the file wintypes.cpython-33.pyc"="4/19/2017 9:16 AM, 8386 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\test Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\email Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\email\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\email\mime Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\encodings Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\encodings\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\http Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\http\__pycache__ Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 165 bytes, A Adds the file client.cpython-33.pyc"="4/19/2017 9:17 AM, 45039 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\json Adds the file __init__.py"="8/1/2012 10:05 AM, 13045 bytes, A Adds the file decoder.py"="8/1/2012 10:05 AM, 13467 bytes, A Adds the file encoder.py"="8/1/2012 10:05 AM, 15441 bytes, A Adds the file scanner.py"="3/25/2012 9:48 PM, 2479 bytes, A Adds the file tool.py"="8/1/2012 10:05 AM, 935 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\json\__pycache__ Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 12976 bytes, A Adds the file decoder.cpython-33.pyc"="4/19/2017 9:17 AM, 12820 bytes, A Adds the file encoder.cpython-33.pyc"="4/19/2017 9:17 AM, 15207 bytes, A Adds the file scanner.cpython-33.pyc"="4/19/2017 9:17 AM, 3042 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\logging Adds the file __init__.py"="8/1/2012 10:05 AM, 68090 bytes, A Adds the file config.py"="8/1/2012 10:05 AM, 35502 bytes, A Adds the file handlers.py"="8/1/2012 10:05 AM, 56306 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\logging\__pycache__ Adds the file __init__.cpython-33.pyc"="4/19/2017 9:16 AM, 83028 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages Adds the file README.txt"="5/7/2011 1:04 PM, 121 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\client Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\client\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\gen Adds the file __init__.py"="4/19/2017 9:17 AM, 56 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\gen\__pycache__ Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 187 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\server Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\server\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\test Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\test\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\tools Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\tools\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\ANY Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\IN Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\IN\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\urllib Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\urllib\__pycache__ In the existing folder C:\Windows\System32\Tasks Adds the file setupsk"="4/19/2017 9:17 AM, 3456 bytes, A Adds the file setupsk_upd"="4/19/2017 9:17 AM, 3470 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "setupsk"="REG_SZ", ""C:\Users\{username}1\AppData\Roaming\setupsk\python\pythonw.exe" "C:\Users\{username}1\AppData\Roaming\setupsk\ml.py" --APPNAME="setupsk"" "setupsk_upd"="REG_SZ", ""C:\Users\{username}1\AppData\Roaming\SETUPS~1\python\pythonw.exe" "C:\Users\{username}1\AppData\Roaming\SETUPS~1\ml.py" --APPNAME="setupsk_upd"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\setupsk] "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Roaming\setupsk\uninstall.exe" "DisplayName"="REG_SZ", "setupsk" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Roaming\setupsk\uninstall.exe" [HKEY_CURRENT_USER\Software\setupsk] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\setupsk" Most relevant part of Malwarebytes log (contact me for the full log): Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/19/17 Scan Time: 9:35 AM Logfile: mbamProxyPup.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.96 Update Package Version: 1.0.1758 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 327671 Time Elapsed: 2 min, 12 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 6 PUP.Optional.RussAd, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\setupsk, Delete-on-Reboot, [12], [387127],1.0.1758 Adware.StartPage, HKCU\SOFTWARE\setupsk, Delete-on-Reboot, [1154], [387357],1.0.1758 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\setupsk, Delete-on-Reboot, [57], [381377],1.0.1758 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\setupsk_upd, Delete-on-Reboot, [57], [381377],1.0.1758 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2CD7F699-A883-44C4-900B-EA04AF7E4AF6}, Delete-on-Reboot, [57], [381374],1.0.1758 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{86E66202-596A-4E46-B15A-CE52C138B39C}, Delete-on-Reboot, [57], [381374],1.0.1758 Registry Value: 4 PUP.Optional.StartPage, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|setupsk_upd, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|setupsk, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2CD7F699-A883-44C4-900B-EA04AF7E4AF6}|PATH, Delete-on-Reboot, [57], [381374],1.0.1758 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{86E66202-596A-4E46-B15A-CE52C138B39C}|PATH, Delete-on-Reboot, [57], [381374],1.0.1758 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 88 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\ROAMING\setupsk_upd, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\Lib, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\configs, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\ROAMING\SETUPSK, Delete-on-Reboot, [57], [381378],1.0.1758 File: 1510 PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\ROAMING\SETUPSK_UPD\PYTHON\PYTHONW.EXE, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\select.pyd, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\unicodedata.pyd, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\_ctypes.pyd, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\_socket.pyd, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\_ssl.pyd, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__pycache__\abc.cpython-33.pyc, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__pycache__\__init__.cpython-33.pyc, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\abc.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__init__.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__main__.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\dyld.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\dylib.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\fetch_macholib, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\fetch_macholib.bat, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\framework.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\README.ctypes, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\__init__.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\quopri.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\abc.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\argparse.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\base64.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\bisect.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\calendar.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\codecs.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\contextlib.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\copy.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\copyreg.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\datetime.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\decimal.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\dummy_threading.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\fnmatch.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\functools.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\genericpath.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\hashlib.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\heapq.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\hmac.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\io.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\keyword.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\linecache.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\locale.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\mimetypes.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ntpath.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\nturl2path.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\numbers.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\optparse.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\os.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\pickle.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\posixpath.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\random.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\re.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\reprlib.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\shutil.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\socket.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\sre_compile.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\sre_constants.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\sre_parse.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ssl.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\stat.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\string.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\stringprep.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\struct.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\subprocess.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\sysconfig.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\tarfile.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\tempfile.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\textwrap.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\threading.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\token.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\tokenize.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\traceback.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\types.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\uu.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\warnings.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\weakref.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\_compat_pickle.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\_dummy_thread.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\_weakrefset.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\__future__.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\msvcr100.dll, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\python.exe, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\python33.dll, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\app.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\ml.py, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\path.txt, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\time.txt, Delete-on-Reboot, [57], [387141],1.0.1758 PUP.Optional.RussAd, C:\USERS\{username}\APPDATA\ROAMING\SETUPSK\UNINSTALL.EXE, Delete-on-Reboot, [12], [387127],1.0.1758 PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\ROAMING\SETUPSK\ML.PY, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\configs\rules.ini, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\configs\settings.ini, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\common.js, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\common.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\meech.js, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\meech.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\orm.js, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\orm.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\vkopt.js, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\vkopt.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\vk_lib.js, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\vk_lib.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\select.pyd, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\unicodedata.pyd, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\_ctypes.pyd, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\_socket.pyd, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\_ssl.pyd, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\msvcr100.dll, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\python.exe, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\python.exe.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\python33.dll, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\httpfilter.bin, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\httpfilter.bin.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\httpfilter.py, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\httpfilter.py.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\id.txt, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\localconfig.json, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\ml.py.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\rules.ini, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\rules.ini.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\settings.ini, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\settings.ini.sha1, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\subid.txt, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\time.txt, Delete-on-Reboot, [57], [381378],1.0.1758 PUP.Optional.RussAd, C:\USERS\{username}\DESKTOP\PYTHONPROXY.EXE, Delete-on-Reboot, [12], [387127],1.0.1758 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\setupsk, Delete-on-Reboot, [57], [381379],1.0.1758 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\setupsk_upd, Delete-on-Reboot, [57], [381379],1.0.1758 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.