Gen.Variant.Adware.MPlug.3_73eb5753ae

not-a-virus:AdWare.Win32.MultiPlug.nbjq (Kaspersky), Gen:Variant.Adware.MPlug.3 (B) (Emsisoft), Gen:Variant.Adware.MPlug.3 (AdAware) Behaviour: Adware The description has been automatically generated...
Blog rating:1.7 out of5 with6 ratings

Gen.Variant.Adware.MPlug.3_73eb5753ae

by malwarelabrobot on November 25th, 2014 in Malware Descriptions.

not-a-virus:AdWare.Win32.MultiPlug.nbjq (Kaspersky), Gen:Variant.Adware.MPlug.3 (B) (Emsisoft), Gen:Variant.Adware.MPlug.3 (AdAware)
Behaviour: Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
The sample has been submitted by Lavasoft customers.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 73eb5753aee9fcabbbece86d83f0fbcc
SHA1: deb37b579a21b36e28939b7206b4a57657f66fcf
SHA256: 56afc32b2ed0cb3ed7cc1ccf937eda3bbbecc1a7e255858e631049102d0a18bc
SSDeep: 49152:FQhVhEdq1dLHXx8bIQ2oLwxXbDGaqXN/2YWHiPeJX23CFuXE:UXCbIQ2oeXWaqXZ2YWCWV23Cs
Size: 2172416 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualCv71EXE, UPolyXv05_v6
Company: no certificate found
Created at: 2014-09-17 14:59:24
Analyzed on: WindowsXP SP3 32-bit


Summary:

Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.

Payload

No specific payload has been found.

Process activity

The PUP creates the following process(es):

Vn.exe:1136
regsvr32.exe:468
%original file name%.exe:1532

The PUP injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process Vn.exe:1136 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Program Files%\saveclicker\q.x64.dll (23680 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Program Files%\saveclicker\q.tlb (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\All Users\Application Data\f362fc35c4a3dbfb\{E96338DC-1468-4918-8EC2-8454BFFC5025}.20141101004802 (186 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Program Files%\saveclicker\q.dll (20880 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\All Users\Application Data\saveclicker\Vn.dat (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Program Files%\saveclicker\q.dat (259 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
%Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe (21472 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
%Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
%Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
%Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
%Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)

The process %original file name%.exe:1532 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\bootstrap.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\lsdb.js (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\content\bg.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.dll (3691 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected] (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\install.rdf (602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.exe (3710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\content.js (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.x64.dll (3771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\chrome.manifest (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\background.html (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.tlb (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\CupGD.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\manifest.json (503 bytes)

The PUP deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\bootstrap.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\lsdb.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\content\bg.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\install.rdf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\content.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\chrome.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\background.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.tlb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\CupGD.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\content (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\manifest.json (0 bytes)

Registry activity

The process Vn.exe:1136 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"NoModify" = "1"
"DisplayIcon" = "C:\Windows\System32\msiexec.exe"

[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib]
"Version" = "1.0"
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"URLUpdateInfo" = "http://saveclickersoft.info/"

[HKCR\SaveClicker.SaveClicker\CLSID]
"(Default)" = "{F2F1364C-6DA1-7164-02B6-94E920F94BCE}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\ProgID]
"(Default)" = "saveclicker.2.1"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\SaveClicker.SaveClicker.2.1\CLSID]
"(Default)" = "{F2F1364C-6DA1-7164-02B6-94E920F94BCE}"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
"(Default)" = "%Program Files%\saveclicker"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\TypeLib]
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\RegisteredApplicationsEx]
"14072980f35b615cfaea624446a9ac55" = "1"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"_In" = "20141031"

[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\InprocServer32]
"(Default)" = "%Program Files%\saveclicker\q.dll"

[HKCR\SaveClicker.SaveClicker]
"(Default)" = "saveclicker"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
"(Default)" = "%Program Files%\saveclicker\q.tlb"

[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\VersionIndependentProgID]
"(Default)" = "saveclicker"

[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}]
"(Default)" = "IRegistry"

[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"NoRepair" = "1"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}]
"(Default)" = "IPlaghinMein"

[HKCR\SaveClicker.SaveClicker\CurVer]
"(Default)" = "saveclicker.2.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"SilentUninstall" = "%Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe /s /n /i:ExecuteCommands;UninstallCommands %Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
"{F2F1364C-6DA1-7164-02B6-94E920F94BCE}" = "1"

[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
"(Default)" = "saveclicker"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"DisplayVersion" = "1.0.0.1880"
"URLInfoAbout" = "http://saveclickersoft.info/"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\TypeLib]
"(Default)" = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 96 EF BD 74 A6 7E 61 16 89 15 D1 AF 2B C4 6B"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}]
"(Default)" = "ILocalStorage"

[HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0]
"(Default)" = "IEPluginLib"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"CategoryName" = "Apps"

"DisplayName" = "saveclicker"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"InstallDate" = "20140917"

[HKCR\SaveClicker.SaveClicker.2.1]
"(Default)" = "saveclicker"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025}]
"Publisher" = "saveclicker"
"UninstallString" = "%Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe /s /n /i:ExecuteCommands;UninstallCommands %Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}\TypeLib]
"Version" = "1.0"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
"(Default)" = "saveclicker"

"NoExplorer" = "1"

The PUP deletes the following registry key(s):

[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\VersionIndependentProgID]
[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
[HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\Programmable]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\ProgID]
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}\InprocServer32]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]
[HKCR\CLSID\{F2F1364C-6DA1-7164-02B6-94E920F94BCE}]

The process regsvr32.exe:468 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 84 52 CC D1 FC 1C A8 A2 4B 75 57 52 7B 16 05"

Dropped PE files

MD5 File path
eb30b8b0410baa09030d150e8d2fd121 c:\Documents and Settings\All Users\Application Data\saveclicker\Vn.exe
ad41aeafe70701aef008a6a60c4af29d c:\Program Files\saveclicker\q.dll
cca2ae9671e4eb0ab11d5e6a6f9d71b8 c:\Program Files\saveclicker\q.x64.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Setup
Product Name: Setup
Product Version: 2.5.0.0
Legal Copyright: Copyright (c) 2014
Legal Trademarks:
Original Filename: Setup
Internal Name: Setup
File Version: 2.5.0.0
File Description: Setup
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 78398 78848 4.61486 b1cd3e832a8ba5edf1d2af749ec78597
.rdata 86016 2051628 2052096 5.4443 d3c25a17ef9dc2a50ea24a28332ae028
.data 2138112 31016 20992 1.09238 a7fbbd86955e4ea11eede05ad005b7c1
.rsrc 2170880 6530 6656 2.7844 70a69fd9f94f0c83303c6fc3634ca638
.reloc 2179072 12706 12800 3.3392 d4ce4a7491f543d75b88ebfc1568fbc9

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The PUP connects to the servers at the folowing location(s):

Strings from Dumps were not found.


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    Vn.exe:1136
    regsvr32.exe:468
    %original file name%.exe:1532

  2. Delete the original PUP file.
  3. Delete or disinfect the following files created/modified by the PUP:

    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Program Files%\saveclicker\q.x64.dll (23680 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Program Files%\saveclicker\q.tlb (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\All Users\Application Data\f362fc35c4a3dbfb\{E96338DC-1468-4918-8EC2-8454BFFC5025}.20141101004802 (186 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Program Files%\saveclicker\q.dll (20880 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\All Users\Application Data\saveclicker\Vn.dat (259 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Program Files%\saveclicker\q.dat (259 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\CupGD.js (261 bytes)
    %Documents and Settings%\All Users\Application Data\saveclicker\Vn.exe (21472 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\manifest.json (759 bytes)
    %Documents and Settings%\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\content.js (144 bytes)
    %Documents and Settings%\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\lsdb.js (787 bytes)
    %Documents and Settings%\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\klebnfdkmkkgldicolbmiopfljbnhaco\2.1\background.html (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\bootstrap.js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\lsdb.js (531 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\content\bg.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.dll (3691 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\install.rdf (602 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.exe (3710 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\content.js (144 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.x64.dll (3771 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\[email protected]\chrome.manifest (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\Vn.dat (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\background.html (142 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\q.tlb (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\CupGD.js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\011f4d48\klebnfdkmkkgldicolbmiopfljbnhaco\manifest.json (503 bytes)

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Average: 1.7 (6 votes)


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now