Jump to content

Removal instructions for 1SaleADay


Recommended Posts

  • Staff

What is 1SaleADay?

The Malwarebytes research team has determined that 1SaleADay is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by 1SaleADay?

This is how the startscreen of the installer looks:

main.png

And you may see these toolbars:

warning1.png

warning2.png

and this entry in your list of installed programs:

 

warning4.png

How did 1SaleADay get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove 1SaleADay?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of 1SaleADay?
  • The rogue replaces your hosts file, so you may have to restore the old one. You can find third-party hosts file alternatives at hpHosts or at mvps.org or you can simply reset the default hosts file as outlined here by Microsoft.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the 1SaleADay hijacker.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

 

protection1.png

Technical details for experts

 

Signs in a HijackThis log:

O1 - Hosts: 54.225.95.126 fajlaffcbedhanohppkbkddgdbcbekjhO2 - BHO: 1SaleADay BHO - {7B4C2DE1-93F6-438E-AD5D-D5B3350D9068} - C:\Program Files\1SaleADay\FrameworkBHO.dllO4 - HKLM\..\Run: [BService] C:\Program Files\Bench\BService\1.1\bservice.exeO4 - HKLM\..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exe
 

Alterations made by the installer:

 

File system details  ---------------------------------------------    Adds the folder C:\Program Files\1SaleADay       Adds the file background.html"="9/8/2014 9:02 AM, 157 bytes, A       Adds the file config.xml"="9/8/2014 9:02 AM, 2242 bytes, A       Adds the file extension_info.json"="9/11/2014 8:41 AM, 2311 bytes, A       Adds the file FrameworkBHO.dll"="9/8/2014 9:02 AM, 355432 bytes, A       Adds the file FrameworkBHO64.dll"="9/8/2014 9:02 AM, 576104 bytes, A       Adds the file FrameworkEngine.exe"="9/8/2014 9:02 AM, 264024 bytes, A    Adds the folder C:\Program Files\1SaleADay\AppFramework       Adds the file appAPI_bg.js"="9/8/2014 9:02 AM, 2582 bytes, A       Adds the file appAPI_browseraction.js"="9/8/2014 9:02 AM, 799 bytes, A       Adds the file appAPI_common.js"="9/8/2014 9:02 AM, 9871 bytes, A       Adds the file appAPI_content.js"="9/8/2014 9:02 AM, 1247 bytes, A       Adds the file appAPI_settings.js"="9/8/2014 9:02 AM, 83 bytes, A       Adds the file appAPI_webrequest.js"="9/8/2014 9:02 AM, 138 bytes, A       Adds the file jquery.min.js"="9/8/2014 9:02 AM, 93548 bytes, A    Adds the folder C:\Program Files\1SaleADay\CanvasFramework       Adds the file canvas_bg.js"="9/8/2014 9:02 AM, 5651 bytes, A       Adds the file canvasscript_engine.js"="9/8/2014 9:02 AM, 437 bytes, A       Adds the file md5.js"="9/8/2014 9:02 AM, 3264 bytes, A       Adds the file registry.js"="9/8/2014 9:02 AM, 908 bytes, A       Adds the file webrequest.js"="9/8/2014 9:02 AM, 4005 bytes, A    Adds the folder C:\Program Files\1SaleADay\framework       Adds the file backgroundscript_engine.js"="9/8/2014 9:02 AM, 1872 bytes, A       Adds the file base.js"="9/8/2014 9:02 AM, 2933 bytes, A       Adds the file browser.js"="9/8/2014 9:02 AM, 11200 bytes, A       Adds the file console.js"="9/8/2014 9:02 AM, 489 bytes, A       Adds the file framework.js"="9/8/2014 9:02 AM, 3542 bytes, A       Adds the file global.js"="9/8/2014 9:02 AM, 1850 bytes, A       Adds the file i18n.js"="9/8/2014 9:02 AM, 1661 bytes, A       Adds the file initialize.js"="9/8/2014 9:02 AM, 316 bytes, A       Adds the file invoke_async.js"="9/8/2014 9:02 AM, 2312 bytes, A       Adds the file io.js"="9/8/2014 9:02 AM, 1308 bytes, A       Adds the file json2.js"="9/8/2014 9:02 AM, 2791 bytes, A       Adds the file lang.js"="9/8/2014 9:02 AM, 1633 bytes, A       Adds the file legacy.js"="9/8/2014 9:02 AM, 1270 bytes, A       Adds the file message_target.js"="9/8/2014 9:02 AM, 854 bytes, A       Adds the file messaging.js"="9/8/2014 9:02 AM, 1507 bytes, A       Adds the file storage.js"="9/8/2014 9:02 AM, 3603 bytes, A       Adds the file timer.js"="9/8/2014 9:02 AM, 409 bytes, A       Adds the file updater.js"="9/8/2014 9:02 AM, 2417 bytes, A       Adds the file userscript_client.js"="9/8/2014 9:02 AM, 310 bytes, A       Adds the file userscript_engine.js"="9/8/2014 9:02 AM, 3062 bytes, A       Adds the file utils.js"="9/8/2014 9:02 AM, 2492 bytes, A       Adds the file xhr.js"="9/8/2014 9:02 AM, 3081 bytes, A    Adds the folder C:\Program Files\1SaleADay\framework-ui       Adds the file browser_button.js"="9/8/2014 9:02 AM, 5135 bytes, A       Adds the file context_menu.js"="9/8/2014 9:02 AM, 738 bytes, A       Adds the file context_menu_item_handler.html"="9/8/2014 9:02 AM, 225 bytes, A       Adds the file framework_api.js"="9/8/2014 9:02 AM, 1589 bytes, A       Adds the file notification.html"="9/8/2014 9:02 AM, 6591 bytes, A       Adds the file notifications.js"="9/8/2014 9:02 AM, 2409 bytes, A       Adds the file options.js"="9/8/2014 9:02 AM, 660 bytes, A       Adds the file ui_base.js"="9/8/2014 9:02 AM, 1788 bytes, A    Adds the folder C:\Program Files\1SaleADay\framework-ui\theme\bubble       Adds the file bottom-left.png"="9/8/2014 9:02 AM, 316 bytes, A       Adds the file bottom-middle.png"="9/8/2014 9:02 AM, 240 bytes, A       Adds the file bottom-right.png"="9/8/2014 9:02 AM, 311 bytes, A       Adds the file middle-left.png"="9/8/2014 9:02 AM, 235 bytes, A       Adds the file middle-right.png"="9/8/2014 9:02 AM, 234 bytes, A       Adds the file tail-bottom.png"="9/8/2014 9:02 AM, 315 bytes, A       Adds the file tail-left.png"="9/8/2014 9:02 AM, 307 bytes, A       Adds the file tail-right.png"="9/8/2014 9:02 AM, 304 bytes, A       Adds the file tail-top.png"="9/8/2014 9:02 AM, 315 bytes, A       Adds the file top-left.png"="9/8/2014 9:02 AM, 310 bytes, A       Adds the file top-middle.png"="9/8/2014 9:02 AM, 240 bytes, A       Adds the file top-right.png"="9/8/2014 9:02 AM, 308 bytes, A    Adds the folder C:\Program Files\1SaleADay\icons       Adds the file button.png"="9/8/2014 9:02 AM, 808 bytes, A       Adds the file icon100.png"="9/8/2014 9:02 AM, 12737 bytes, A       Adds the file icon128.png"="9/8/2014 9:02 AM, 18385 bytes, A       Adds the file icon32.png"="9/8/2014 9:02 AM, 2279 bytes, A       Adds the file icon48.png"="9/8/2014 9:02 AM, 4385 bytes, A    Adds the folder C:\Program Files\Bench\BService\1.1       Adds the file bhelper.dll"="8/20/2014 5:14 PM, 53248 bytes, A       Adds the file bservice.exe"="8/20/2014 5:14 PM, 52736 bytes, A    Adds the folder C:\Program Files\Bench\NmHost       Adds the file manifest.json"="9/11/2014 8:41 AM, 215 bytes, A       Adds the file nmhost.exe"="8/20/2014 5:14 PM, 165376 bytes, A    Adds the folder C:\Program Files\Bench\NmHost\data\installer       Adds the file fajlaffcbedhanohppkbkddgdbcbekjh"="9/11/2014 8:41 AM, 948 bytes, A    Adds the folder C:\Program Files\Bench\Updater       Adds the file products.xml"="9/11/2014 8:41 AM, 377 bytes, A       Adds the file updater.exe"="8/20/2014 5:09 PM, 67072 bytes, A    Adds the folder C:\Program Files\Bench\Updater\1.7.0.0       Adds the file updater.exe"="8/20/2014 5:09 PM, 419840 bytes, A    Adds the folder C:\Program Files\Bench\Wd       Adds the file wd.exe"="8/20/2014 5:15 PM, 92672 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\1SaleADay       Adds the file chrome_gp_update.js"="8/20/2014 5:15 PM, 2348 bytes, A       Adds the file chrome_installer.js"="8/20/2014 5:14 PM, 6304 bytes, A       Adds the file common.js"="8/20/2014 5:14 PM, 13540 bytes, A       Adds the file firefox_installer.js"="8/20/2014 5:14 PM, 6848 bytes, A       Adds the file gpedit.exe"="8/20/2014 5:14 PM, 93184 bytes, A       Adds the file icon.ico"="9/8/2014 9:02 AM, 32038 bytes, A       Adds the file ie_installer.js"="8/20/2014 5:14 PM, 3685 bytes, A       Adds the file installer.js"="8/20/2014 5:14 PM, 799 bytes, A       Adds the file main_installer.js"="8/20/2014 5:15 PM, 1567 bytes, A       Adds the file migrate.js"="8/20/2014 5:14 PM, 4746 bytes, A       Adds the file projectInstaller.js"="8/20/2014 5:14 PM, 3004 bytes, A       Adds the file repair_data.json"="9/11/2014 8:41 AM, 2951 bytes, A       Adds the file SoftwareDetector.exe"="8/20/2014 5:14 PM, 78848 bytes, A       Adds the file sqlite3.exe"="8/20/2014 5:14 PM, 492544 bytes, A       Adds the file storageedit.exe"="8/20/2014 5:14 PM, 75264 bytes, A       Adds the file uninstall.exe"="9/11/2014 8:41 AM, 132676 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\1SaleADay\firefox       Adds the file background.html"="9/8/2014 9:02 AM, 157 bytes, A       Adds the file bootstrap.js"="9/8/2014 9:02 AM, 2857 bytes, A       Adds the file chrome.manifest"="9/8/2014 9:02 AM, 57 bytes, A       Adds the file extension_info.json"="9/8/2014 9:02 AM, 1631 bytes, A       Adds the file install.rdf"="9/8/2014 9:02 AM, 1142 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework       Adds the file appAPI_bg.js"="9/8/2014 9:02 AM, 2582 bytes, A       Adds the file appAPI_browseraction.js"="9/8/2014 9:02 AM, 799 bytes, A       Adds the file appAPI_common.js"="9/8/2014 9:02 AM, 9871 bytes, A       Adds the file appAPI_content.js"="9/8/2014 9:02 AM, 1247 bytes, A       Adds the file appAPI_settings.js"="9/8/2014 9:02 AM, 83 bytes, A       Adds the file appAPI_webrequest.js"="9/8/2014 9:02 AM, 138 bytes, A       Adds the file jquery.min.js"="9/8/2014 9:02 AM, 83059 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\1SaleADay\firefox\CanvasFramework       Adds the file canvas_bg.js"="9/8/2014 9:02 AM, 5651 bytes, A       Adds the file canvasscript_engine.js"="9/8/2014 9:02 AM, 437 bytes, A       Adds the file md5.js"="9/8/2014 9:02 AM, 3264 bytes, A       Adds the file registry.js"="9/8/2014 9:02 AM, 796 bytes, A       Adds the file webrequest.js"="9/8/2014 9:02 AM, 5575 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework       Adds the file backgroundscript_engine.js"="9/8/2014 9:02 AM, 1580 bytes, A       Adds the file base.js"="9/8/2014 9:02 AM, 2933 bytes, A       Adds the file browser.js"="9/8/2014 9:02 AM, 12801 bytes, A       Adds the file chrome_windows.js"="9/8/2014 9:02 AM, 2627 bytes, A       Adds the file console.js"="9/8/2014 9:02 AM, 540 bytes, A       Adds the file content_proxy.js"="9/8/2014 9:02 AM, 502 bytes, A       Adds the file framework.js"="9/8/2014 9:02 AM, 4381 bytes, A       Adds the file i18n.js"="9/8/2014 9:02 AM, 1601 bytes, A       Adds the file invoke_async.js"="9/8/2014 9:02 AM, 2312 bytes, A       Adds the file io.js"="9/8/2014 9:02 AM, 976 bytes, A       Adds the file lang.js"="9/8/2014 9:02 AM, 3080 bytes, A       Adds the file legacy.js"="9/8/2014 9:02 AM, 1270 bytes, A       Adds the file message_target.js"="9/8/2014 9:02 AM, 854 bytes, A       Adds the file messaging.js"="9/8/2014 9:02 AM, 1507 bytes, A       Adds the file storage.js"="9/8/2014 9:02 AM, 6156 bytes, A       Adds the file timer.js"="9/8/2014 9:02 AM, 977 bytes, A       Adds the file uninstall.js"="9/8/2014 9:02 AM, 73 bytes, A       Adds the file userscript_client.js"="9/8/2014 9:02 AM, 310 bytes, A       Adds the file userscript_engine.js"="9/8/2014 9:02 AM, 3062 bytes, A       Adds the file utils.js"="9/8/2014 9:02 AM, 2492 bytes, A       Adds the file xhr.js"="9/8/2014 9:02 AM, 2155 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui       Adds the file browser_button.js"="9/8/2014 9:02 AM, 9099 bytes, A       Adds the file content_notifications.js"="9/8/2014 9:02 AM, 9098 bytes, A       Adds the file contentNotification.tmpl"="9/8/2014 9:02 AM, 836 bytes, A       Adds the file contentNotificationStyle.tmpl"="9/8/2014 9:02 AM, 3729 bytes, A       Adds the file context_menu.js"="9/8/2014 9:02 AM, 2144 bytes, A       Adds the file framework_api.js"="9/8/2014 9:02 AM, 1627 bytes, A       Adds the file notifications.js"="9/8/2014 9:02 AM, 3542 bytes, A       Adds the file options.js"="9/8/2014 9:02 AM, 934 bytes, A       Adds the file ui_base.js"="9/8/2014 9:02 AM, 1788 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\1SaleADay\firefox\icons       Adds the file button.png"="9/8/2014 9:02 AM, 808 bytes, A       Adds the file icon100.png"="9/8/2014 9:02 AM, 12737 bytes, A       Adds the file icon128.png"="9/8/2014 9:02 AM, 18385 bytes, A       Adds the file icon32.png"="9/8/2014 9:02 AM, 2279 bytes, A       Adds the file icon48.png"="9/8/2014 9:02 AM, 4385 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\BenchUpdater       Adds the file products.xml"="9/11/2014 8:41 AM, 433 bytes, A    In the existing folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default       Alters the file Preferences        6/15/2014 12:36 PM, 65300 bytes, A ==> 9/11/2014 8:41 AM, 40308 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1SaleADay       Adds the file Uninstall.lnk"="9/11/2014 8:41 AM, 1061 bytes, A    In the existing folder C:\Windows\System32\drivers\etc       Alters the file hosts        6/10/2009 11:39 PM, 824 bytes, A ==> 9/11/2014 8:41 AM, 872 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001"="9/11/2014 8:41 AM, 3234 bytes, A       Adds the file bench-sys"="9/11/2014 8:41 AM, 3242 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="9/11/2014 8:41 AM, 346 bytes, A       Adds the file bench-sys.job"="9/11/2014 8:41 AM, 346 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE]       "38936"="REG_SZ", "1SaleADay"    [HKEY_LOCAL_MACHINE\SOFTWARE\1SaleADay]       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\1SaleADay"       "CDN"="REG_SZ", "contentcache-a.akamaihd.net"       "InstallTime"="REG_SZ", "1410424830"       "Pid"="REG_SZ", "1802"       "Seen"="REG_SZ", "1"       "SeenDate"="REG_SZ", "1410417630"       "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd"       "UTCInstallTime"="REG_SZ", "1410417630"       "ZoneId"="REG_SZ", "486308"    [HKEY_LOCAL_MACHINE\SOFTWARE\AdvertisingSupport]       "Existing"="REG_SZ", "0"       "Seen"="REG_SZ", "1"       "SeenDate"="REG_SZ", "1410417630"       "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService]       "Path"="REG_SZ", "C:\Program Files\Bench\BService\1.1"       "Version"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService\38936]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\InstalledExtensions]       "38936"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost]       "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\nmhost.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost\38936]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater]       "path"="REG_SZ", "C:\Program Files\Bench\Updater\updater.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater\38936]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606E8861-1CC9-46C0-A193-DF4F4205347F}]       "(Default)"="REG_SZ", "1SaleADay"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606E8861-1CC9-46C0-A193-DF4F4205347F}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606E8861-1CC9-46C0-A193-DF4F4205347F}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\1SaleADay\FrameworkBHO.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606E8861-1CC9-46C0-A193-DF4F4205347F}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606E8861-1CC9-46C0-A193-DF4F4205347F}\TypeLib]       "(Default)"="REG_SZ", "{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606E8861-1CC9-46C0-A193-DF4F4205347F}\Version]       "(Default)"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}]       "(Default)"="REG_SZ", "1SaleADay BHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\1SaleADay\FrameworkBHO.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}\TypeLib]       "(Default)"="REG_SZ", "{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}\Version]       "(Default)"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2792C1A-386C-47D0-891D-9697F8388235}]       "(Default)"="REG_SZ", "1SaleADay"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2792C1A-386C-47D0-891D-9697F8388235}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\1SaleADay\FrameworkEngine.exe""       "ServerExecutable"="REG_SZ", "C:\Program Files\1SaleADay\FrameworkEngine.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2792C1A-386C-47D0-891D-9697F8388235}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2792C1A-386C-47D0-891D-9697F8388235}\TypeLib]       "(Default)"="REG_SZ", "{98A02DB4-3A60-4324-9A75-522518493617}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2792C1A-386C-47D0-891D-9697F8388235}\Version]       "(Default)"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60208857-1C61-467F-B689-D04FB705397F}]       "(Default)"="REG_SZ", "IKangoToolbar"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60208857-1C61-467F-B689-D04FB705397F}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60208857-1C61-467F-B689-D04FB705397F}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60208857-1C61-467F-B689-D04FB705397F}\TypeLib]       "(Default)"="REG_SZ", "{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BE72D1D-9350-43CF-8498-4CB3E80DEA68}]       "(Default)"="REG_SZ", "IKangoBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BE72D1D-9350-43CF-8498-4CB3E80DEA68}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BE72D1D-9350-43CF-8498-4CB3E80DEA68}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BE72D1D-9350-43CF-8498-4CB3E80DEA68}\TypeLib]       "(Default)"="REG_SZ", "{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2AD2C6E-388C-4750-BEBF-1497FD388235}]       "(Default)"="REG_SZ", "IKangoEngine"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2AD2C6E-388C-4750-BEBF-1497FD388235}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2AD2C6E-388C-4750-BEBF-1497FD388235}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2AD2C6E-388C-4750-BEBF-1497FD388235}\TypeLib]       "(Default)"="REG_SZ", "{98A02DB4-3A60-4324-9A75-522518493617}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}\1.0]       "(Default)"="REG_SZ", "Framework 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\1SaleADay\FrameworkBHO.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\1SaleADay"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{98A02DB4-3A60-4324-9A75-522518493617}\1.0]       "(Default)"="REG_SZ", "EngineLib"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{98A02DB4-3A60-4324-9A75-522518493617}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\1SaleADay\FrameworkEngine.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{98A02DB4-3A60-4324-9A75-522518493617}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{98A02DB4-3A60-4324-9A75-522518493617}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\1SaleADay"    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost]       "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\manifest.json"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}]       "(Default)"="REG_SZ", "1SaleADay BHO"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]       "BService"="REG_SZ", "C:\Program Files\Bench\BService\1.1\bservice.exe"       "Wd"="REG_SZ", "C:\Program Files\Bench\Wd\wd.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]       "1SaleADay"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\38936_1SaleADay]       "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\1SaleADay/icon.ico"       "DisplayName"="REG_SZ", "1SaleADay"       "DisplayVersion"="REG_SZ", "1.0"       "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\1SaleADay"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "Gratifying Apps"       "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\1SaleADay\uninstall.exe "    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="REG_BINARY, ................................       "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job.fp"="REG_DWORD", -1274161616       "bench-sys.job"="REG_BINARY, ................................       "bench-sys.job.fp"="REG_DWORD", -699942957    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]       "1"="REG_SZ", "fajlaffcbedhanohppkbkddgdbcbekjh;http://fajlaffcbedhanohppkbkddgdbcbekjh/check/.eJwNyUsOgCAMANG7dE2MbrmMKbTITyBQjYnx7rKcNy8IjgQarO_1ZFBwcx-hlknbss4OZQjmzB209IsV8CN7oPkdxozOWcPksVTfWjKJ6CAzKUUP3w_Y9iDs.PiTtpTXSXLDOHVFleIUbh5wMKeg"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}]       "Flags"="REG_DWORD", 1024
 

Malwarebytes Anti-Malware log:

 

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 9/11/2014Scan Time: 8:53:01 AMLogfile: mbam1SaleADay.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.09.11.01Rootkit Database: v2014.09.10.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 264993Time Elapsed: 2 min, 59 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 3PUP.Optional.Bench.A, C:\Program Files\Bench\Wd\wd.exe, 2088, Delete-on-Reboot, [ec71a4489dde58de730341e5679c13ed]PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, 832, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3]PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\FrameworkEngine.exe, 3836, Delete-on-Reboot, [1f3e5795502bd26414567d7bc63cb050]Modules: 7PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], Registry Keys: 18PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\CLASSES\CLSID\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\CLASSES\CLSID\{606E8861-1CC9-46C0-A193-DF4F4205347F}, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{232A6BFA-442C-4F7C-9FCA-3402FD687D4C}, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{60208857-1C61-467F-B689-D04FB705397F}, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7BE72D1D-9350-43CF-8498-4CB3E80DEA68}, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\CLASSES\CLSID\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}\INPROCSERVER32, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.1SaleADay.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.1SaleADay.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7B4C2DE1-93F6-438E-AD5D-D5B3350D9068}, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.GratifyingApps.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\38936_1SaleADay, Quarantined, [1647727aa2d963d3efcb8d2ce02124dc], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\1SaleADay, Quarantined, [63fae309f18a9d99294a778248ba6898], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\BService, Quarantined, [83da4d9f6813cd69fa1453bf27dcb44c], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\InstalledExtensions, Quarantined, [62fb8d5fc9b264d211fe0a08b44f03fd], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\NmHost, Quarantined, [f766f0fcaccf6bcb818f62b027dcc43c], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\Updater, Quarantined, [b4a9e4084b30082ed73ad63cff0447b9], PUP.Optional.Bench.A, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhost, Quarantined, [c994bf2d215ae254f5fc97c4fd072fd1], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{98A02DB4-3A60-4324-9A75-522518493617}, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2AD2C6E-388C-4750-BEBF-1497FD388235}, Quarantined, [1f3e5795502bd26414567d7bc63cb050], Registry Values: 2PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Wd, C:\Program Files\Bench\Wd\wd.exe, Quarantined, [ec71a4489dde58de730341e5679c13ed]PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BService, C:\Program Files\Bench\BService\1.1\bservice.exe, Quarantined, [2c31e309295204323988d0012bd70df3]Registry Data: 0(No malicious items detected)Folders: 33PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost, Quarantined, [0a5397553d3ea98d47a46dc09c67d729], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\data, Quarantined, [0a5397553d3ea98d47a46dc09c67d729], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\data\installer, Quarantined, [0a5397553d3ea98d47a46dc09c67d729], PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater, Quarantined, [d28b5894b2c9e84eaa50969820e3d12f], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater, Quarantined, [abb217d50e6d7abc27b8725cf80a5fa1], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0, Quarantined, [abb217d50e6d7abc27b8725cf80a5fa1], PUP.Optional.Bench.A, C:\Program Files\Bench\BService, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\Wd, Delete-on-Reboot, [c19c5399aecd66d06d55ece50af8c13f], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\AppFramework, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\CanvasFramework, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\icons, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\includes, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\CanvasFramework, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\icons, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay, Delete-on-Reboot, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\AppFramework, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\CanvasFramework, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\icons, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1SaleADay, Quarantined, [005d25c7d8a31a1cf07e53a51be743bd], Files: 197PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\FrameworkBHO.dll, Quarantined, [90cdc527611ae84e47139ce3ca3854ac], PUP.Optional.GratifyingApps.A, C:\Users\{username}\Desktop\ad370bf0002cd5c2f6a37e3b9b9ded3bdae221bdf3fd4facdacfe9f40b039d91.exe, Quarantined, [adb0c923bcbf181e3189f4c53ec38b75], PUP.Optional.GratifyingApps.A, C:\Users\{username}\AppData\Local\1SaleADay\uninstall.exe, Quarantined, [1647727aa2d963d3efcb8d2ce02124dc], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fajlaffcbedhanohppkbkddgdbcbekjh_0.localstorage, Quarantined, [8bd286669dde94a2beb8fcfda65c25db], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fajlaffcbedhanohppkbkddgdbcbekjh_0.localstorage-journal, Quarantined, [d38a2bc1186357dff97dbe3b20e232ce], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001, Quarantined, [7be249a39dde30067c0ca169ec178c74], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-sys, Quarantined, [1f3e57953546d2649aee26e44ab9fd03], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\nmhost.exe, Quarantined, [0a5397553d3ea98d47a46dc09c67d729], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\manifest.json, Quarantined, [0a5397553d3ea98d47a46dc09c67d729], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\data\installer\fajlaffcbedhanohppkbkddgdbcbekjh, Quarantined, [0a5397553d3ea98d47a46dc09c67d729], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job, Quarantined, [0e4faf3dd0aba5919762200e6e95b050], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, Quarantined, [3c213fadf18ab284a653ea449e656799], PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater\products.xml, Quarantined, [d28b5894b2c9e84eaa50969820e3d12f], PUP.Optional.Bench.A, C:\Program Files\Bench\Wd\wd.exe, Delete-on-Reboot, [ec71a4489dde58de730341e5679c13ed], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\products.xml, Quarantined, [abb217d50e6d7abc27b8725cf80a5fa1], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\updater.exe, Quarantined, [abb217d50e6d7abc27b8725cf80a5fa1], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0\updater.exe, Quarantined, [abb217d50e6d7abc27b8725cf80a5fa1], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, Delete-on-Reboot, [2c31e309295204323988d0012bd70df3], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\background.html, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\extension_info.json, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\manifest.json, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\AppFramework\appAPI_bg.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\AppFramework\appAPI_browseraction.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\AppFramework\appAPI_common.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\AppFramework\appAPI_content.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\AppFramework\appAPI_settings.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\AppFramework\appAPI_webrequest.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\AppFramework\jquery.min.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\CanvasFramework\canvasscript_engine.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\CanvasFramework\canvas_bg.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\CanvasFramework\webrequest.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\backgroundscript_engine.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\base.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\browser.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\console.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\framework.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\i18n.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\initialize.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\invoke_async.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\io.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\lang.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\legacy.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\message_target.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\messaging.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\storage.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\timer.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\userscript_client.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\userscript_engine.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\utils.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework\xhr.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui\browser_button.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui\context_menu.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui\framework_api.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui\notifications.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui\options.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui\remote_popup_host.html, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui\remote_popup_host.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\framework-ui\ui_base.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\icons\button.png, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\icons\icon100.png, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\icons\icon128.png, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\icons\icon32.png, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\icons\icon48.png, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.SignedApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajlaffcbedhanohppkbkddgdbcbekjh\1.0_0\includes\content.js, Quarantined, [5508eb01dc9f9e984c1b72867e848b75], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\chrome_gp_update.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\chrome_installer.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\common.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox_installer.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\gpedit.exe, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\icon.ico, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\ie_installer.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\installer.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\main_installer.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\migrate.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\projectInstaller.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\repair_data.json, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\SoftwareDetector.exe, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\sqlite3.exe, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\storageedit.exe, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\background.html, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\bootstrap.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\chrome.manifest, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\extension_info.json, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\install.rdf, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework\appAPI_bg.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework\appAPI_browseraction.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework\appAPI_common.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework\appAPI_content.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework\appAPI_settings.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework\appAPI_webrequest.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\AppFramework\jquery.min.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\CanvasFramework\canvasscript_engine.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\CanvasFramework\canvas_bg.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\CanvasFramework\md5.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\CanvasFramework\registry.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\CanvasFramework\webrequest.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\backgroundscript_engine.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\base.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\browser.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\chrome_windows.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\console.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\content_proxy.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\framework.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\i18n.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\invoke_async.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\io.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\lang.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\legacy.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\message_target.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\messaging.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\storage.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\timer.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\uninstall.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\userscript_client.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\userscript_engine.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\utils.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework\xhr.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\browser_button.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\contentNotification.tmpl, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\contentNotificationStyle.tmpl, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\content_notifications.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\context_menu.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\framework_api.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\notifications.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\options.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\framework-ui\ui_base.js, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\icons\button.png, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\icons\icon100.png, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\icons\icon128.png, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\icons\icon32.png, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Local\1SaleADay\firefox\icons\icon48.png, Quarantined, [97c67c70d3a83cfa20494cacc141b24e], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\background.html, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\config.xml, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\extension_info.json, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\FrameworkBHO64.dll, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\FrameworkEngine.exe, Delete-on-Reboot, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\AppFramework\appAPI_bg.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\AppFramework\appAPI_browseraction.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\AppFramework\appAPI_common.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\AppFramework\appAPI_content.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\AppFramework\appAPI_settings.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\AppFramework\appAPI_webrequest.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\AppFramework\jquery.min.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\CanvasFramework\canvasscript_engine.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\CanvasFramework\canvas_bg.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\CanvasFramework\md5.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\CanvasFramework\registry.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\CanvasFramework\webrequest.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\backgroundscript_engine.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\base.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\browser.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\console.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\framework.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\global.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\i18n.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\initialize.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\invoke_async.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\io.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\json2.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\lang.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\legacy.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\message_target.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\messaging.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\storage.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\timer.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\updater.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\userscript_client.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\userscript_engine.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\utils.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework\xhr.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\browser_button.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\context_menu.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\context_menu_item_handler.html, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\framework_api.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\notification.html, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\notifications.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\options.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\ui_base.js, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\bottom-left.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\bottom-middle.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\bottom-right.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\middle-left.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\middle-right.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\tail-bottom.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\tail-left.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\tail-right.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\tail-top.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\top-left.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\top-middle.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\framework-ui\theme\bubble\top-right.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\icons\button.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\icons\icon100.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\icons\icon128.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\icons\icon32.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Program Files\1SaleADay\icons\icon48.png, Quarantined, [1f3e5795502bd26414567d7bc63cb050], PUP.Optional.1SaleADay.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1SaleADay\Uninstall.lnk, Quarantined, [005d25c7d8a31a1cf07e53a51be743bd], Physical Sectors: 0(No malicious items detected)(end)
 

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.