Jump to content

Removal instructions for FrameFox Shop


Recommended Posts

  • Staff

What is FrameFox Shop?

The Malwarebytes research team has determined that FrameFox Shop is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by FrameFox Shop?

You may see these warnings during install:

main.png

warning1.png

and these browser extensions:

warning5.png

warning2.png

these tasks in your Task Scheduler:

warning3.png

and this entry in your list of installed programs:

warning4.png

How did FrameFox Shop get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove FrameFox Shop?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of FrameFox Shop?
  • No, Malwarebytes' Anti-Malware removes FrameFox Shop completely.
  • If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the FrameFox Shop entry.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the FrameFox Shop hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png

and it stops the connections the browser hijacker tries to make:

protection2.png

Technical details for experts

You may see these signs in a HijackThis log:

O4 - HKLM\..\Run: [FrameFox Shop] C:\Program Files (x86)\FrameFox\framefox.exeO23 - Service: Duuqu Update Service (dqupdate) (dqupdate) - Duuqu Group - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exeO23 - Service: Duuqu Update Service (dqupdatem) (dqupdatem) - Duuqu Group - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe
You may see these entries in FRST logs:

 () C:\Program Files (x86)\FrameFox\framefox.exe HKLM-x32\...\Run: [FrameFox Shop] => C:\Program Files (x86)\FrameFox\framefox.exe [416256 2015-05-08] () CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION FF Plugin-x32: @www.duuqu.com/omaha/tools//Duuqu Update;version=3 -> C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll [2015-11-25] (Duuqu Group) FF Plugin-x32: @www.duuqu.com/omaha/tools//Duuqu Update;version=9 -> C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll [2015-11-25] (Duuqu Group) FF user.js: detected! => C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js [2015-11-25] FF Extension: FrameFox Shop - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack [2015-11-25] [not signed] CHR Extension: (FrameFox Shop) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd [2015-11-25] S2 dqupdate; C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [98360 2015-11-25] (Duuqu Group) S3 dqupdatem; C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [98360 2015-11-25] (Duuqu Group) C:\Program Files (x86)\FrameFox C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job C:\Windows\System32\Tasks\DuuquUpdateTaskMachineUA C:\Windows\System32\Tasks\DuuquUpdateTaskMachineCore C:\Users\{username}\AppData\Local\Duuqu C:\Program Files (x86)\DuuquDuuqu Update Helper (x32 Version: 1.3.37.0 - Duuqu Group) Hidden <==== ATTENTIONFrameFox Shop 2.0.0.0 (HKLM-x32\...\{010BE806-614F-48F2-B83A-29DF45E6AC7D}) (Version: 2.0.0.0 - The Team)Task: {C75ABBB8-EB11-4E71-A63F-9C03B36CA221} - System32\Tasks\DuuquUpdateTaskMachineCore => C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [2015-11-25] (Duuqu Group) <==== ATTENTIONTask: {E073258A-6016-429C-A006-E8C4596B894C} - System32\Tasks\DuuquUpdateTaskMachineUA => C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [2015-11-25] (Duuqu Group) <==== ATTENTIONTask: C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job => C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe <==== ATTENTIONTask: C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job => C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe <==== ATTENTION
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\Program Files (x86)\Duuqu\CrashReports    Adds the folder C:\Program Files (x86)\Duuqu\Update       Adds the file DuuquUpdate.exe"="25/11/2015 09:38, 98360 bytes, A    Adds the folder C:\Program Files (x86)\Duuqu\Update\1.3.37.0       Adds the file DuuquCrashHandler.exe"="25/11/2015 09:38, 98360 bytes, A       Adds the file DuuquUpdate.exe"="25/11/2015 09:38, 98360 bytes, A       Adds the file DuuquUpdateBroker.exe"="25/11/2015 09:38, 59448 bytes, A       Adds the file DuuquUpdateHelper.msi"="25/11/2015 09:38, 45056 bytes, A       Adds the file DuuquUpdateOnDemand.exe"="25/11/2015 09:38, 59960 bytes, A       Adds the file goopdate.dll"="25/11/2015 09:38, 806968 bytes, A       Adds the file goopdateres_en.dll"="25/11/2015 09:38, 27192 bytes, A       Adds the file npDuuquUpdate3.dll"="25/11/2015 09:38, 236088 bytes, A       Adds the file psmachine.dll"="25/11/2015 09:38, 156728 bytes, A       Adds the file psuser.dll"="25/11/2015 09:38, 156728 bytes, A    Adds the folder C:\Program Files (x86)\Duuqu\Update\Download\{AC14D5E8-02B7-4849-B31E-35E81F72D121}\2.0.0.0       Adds the file {F5D802A2-C293-4973-956C-E28C5A2391FB}.msi"="08/05/2015 01:24, 745472 bytes, A    Adds the folder C:\Program Files (x86)\Duuqu\Update\Install    Adds the folder C:\Program Files (x86)\Duuqu\Update\Install\{65A43C9E-56BA-4251-A071-74EFE8C44416}       Adds the file {F5D802A2-C293-4973-956C-E28C5A2391FB}.msi"="08/05/2015 01:24, 745472 bytes, A       Adds the file {F5D802A2-C293-4973-956C-E28C5A2391FB}.msi.log"="25/11/2015 09:39, 46798 bytes, A    Adds the folder C:\Program Files (x86)\Duuqu\Update\Offline\{AEEF0F75-8711-48D4-A6F6-55C5815AD54A}    Adds the folder C:\Program Files (x86)\FrameFox       Adds the file COPYING"="14/02/2015 23:52, 11546 bytes, A       Adds the file framefox.exe"="08/05/2015 02:24, 416256 bytes, A       Adds the file LICENSE.txt"="14/02/2015 23:52, 819 bytes, A       Adds the file PRIVACY.txt"="05/05/2015 17:00, 163 bytes, A       Adds the file README.txt"="05/05/2015 17:01, 1800 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome       Adds the file manifest.json"="02/05/2015 21:40, 2381 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source       Adds the file background.html"="10/09/2013 22:50, 92 bytes, A       Adds the file background.js"="01/12/2014 13:49, 410 bytes, A       Adds the file bootstrap.js"="29/11/2014 18:06, 334 bytes, A       Adds the file icon128.png"="10/09/2013 22:50, 13590 bytes, A       Adds the file icon16.png"="29/11/2014 15:56, 841 bytes, A       Adds the file icon48.png"="02/12/2014 21:13, 2924 bytes, A       Adds the file manifest.json"="02/05/2015 21:40, 809 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\chrome\content       Adds the file content.js"="30/12/2014 00:51, 97248 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer       Adds the file manifest.json"="18/02/2015 14:47, 45 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source       Adds the file manifest.json"="18/02/2015 17:22, 95 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\chrome\content       Adds the file content.js"="18/02/2015 15:47, 97020 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox       Adds the file manifest.json"="02/05/2015 03:04, 571 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source       Adds the file bootstrap.js"="07/12/2014 18:00, 7261 bytes, A       Adds the file chrome.manifest"="12/11/2014 20:41, 33 bytes, A       Adds the file icon.png"="10/09/2013 22:50, 13590 bytes, A       Adds the file icon64.png"="10/09/2013 22:50, 13590 bytes, A       Adds the file install.rdf"="02/05/2015 21:40, 938 bytes, A    Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome\content       Adds the file content.js"="02/12/2014 00:17, 97225 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Duuqu    Adds the folder C:\Users\{username}\AppData\Local\Duuqu\CrashReports    In the existing folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default       Alters the file Preferences        23/11/2015 09:03, 183759 bytes, A ==> 25/11/2015 09:39, 190398 bytes, A       Alters the file Secure Preferences        23/11/2015 09:03, 41025 bytes, A ==> 25/11/2015 09:39, 66352 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0       Adds the file background.html"="10/09/2013 22:50, 92 bytes, A       Adds the file background.js"="01/12/2014 13:49, 410 bytes, A       Adds the file bootstrap.js"="29/11/2014 18:06, 334 bytes, A       Adds the file icon128.png"="10/09/2013 22:50, 13590 bytes, A       Adds the file icon16.png"="29/11/2014 15:56, 841 bytes, A       Adds the file icon48.png"="02/12/2014 21:13, 2924 bytes, A       Adds the file manifest.json"="25/11/2015 09:39, 1242 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\chrome\content       Adds the file content.js"="30/12/2014 00:51, 97248 bytes, A    In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default       Adds the file user.js"="25/11/2015 09:39, 422 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack       Adds the file bootstrap.js"="07/12/2014 18:00, 7261 bytes, A       Adds the file chrome.manifest"="12/11/2014 20:41, 33 bytes, A       Adds the file icon.png"="10/09/2013 22:50, 13590 bytes, A       Adds the file icon64.png"="10/09/2013 22:50, 13590 bytes, A       Adds the file install.rdf"="02/05/2015 21:40, 938 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome\content       Adds the file content.js"="02/12/2014 00:17, 97225 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file DuuquUpdateTaskMachineCore"="25/11/2015 09:38, 3638 bytes, A       Adds the file DuuquUpdateTaskMachineUA"="25/11/2015 09:38, 3890 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file DuuquUpdateTaskMachineCore.job"="25/11/2015 09:38, 890 bytes, A       Adds the file DuuquUpdateTaskMachineUA.job"="25/11/2015 09:38, 894 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}]       "(Default)"="REG_SZ", "ServiceModule"       "LocalService"="REG_SZ", "dqupdate"       "ServiceParameters"="REG_SZ", "/comsvc"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7BEC320-B746-4A47-B289-509214980E2B}]       "(Default)"="REG_SZ", "ServiceModule"       "LocalService"="REG_SZ", "dqupdatem"       "ServiceParameters"="REG_SZ", "/comsvc"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\DuuquUpdate.exe]       "AppID"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickCtrl.9]       "(Default)"="REG_SZ", "Duuqu Update Plugin"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickCtrl.9\CLSID]       "(Default)"="REG_SZ", "{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine]       "(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncher"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine\CLSID]       "(Default)"="REG_SZ", "{7D79AC47-48F6-40F8-BA34-17677EAEA37C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine\CurVer]       "(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncherMachine.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine.1.0]       "(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncher"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine.1.0\CLSID]       "(Default)"="REG_SZ", "{7D79AC47-48F6-40F8-BA34-17677EAEA37C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.Update3WebControl.3]       "(Default)"="REG_SZ", "Duuqu Update Plugin"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.Update3WebControl.3\CLSID]       "(Default)"="REG_SZ", "{B47AD5D8-9D04-4F7B-8776-35EA5892F138}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync]       "(Default)"="REG_SZ", "CoCreateAsync"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync\CLSID]       "(Default)"="REG_SZ", "{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.CoCreateAsync.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync.1.0]       "(Default)"="REG_SZ", "CoCreateAsync"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync.1.0\CLSID]       "(Default)"="REG_SZ", "{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass]       "(Default)"="REG_SZ", "Duuqu Update Core Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass\CLSID]       "(Default)"="REG_SZ", "{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.CoreClass.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass.1]       "(Default)"="REG_SZ", "Duuqu Update Core Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass.1\CLSID]       "(Default)"="REG_SZ", "{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass]       "(Default)"="REG_SZ", "Duuqu Update Core Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass\CLSID]       "(Default)"="REG_SZ", "{486E4A9A-50F4-4DA4-9F50-363FC9F72939}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.CoreMachineClass.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass.1]       "(Default)"="REG_SZ", "Duuqu Update Core Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass.1\CLSID]       "(Default)"="REG_SZ", "{486E4A9A-50F4-4DA4-9F50-363FC9F72939}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine]       "(Default)"="REG_SZ", "DuuquUpdate CredentialDialog"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine\CLSID]       "(Default)"="REG_SZ", "{D4B7651E-076D-4BB2-A021-26F6E7A59A48}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.CredentialDialogMachine.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine.1.0]       "(Default)"="REG_SZ", "DuuquUpdate CredentialDialog"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine.1.0\CLSID]       "(Default)"="REG_SZ", "{D4B7651E-076D-4BB2-A021-26F6E7A59A48}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine]       "(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine\CLSID]       "(Default)"="REG_SZ", "{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachine.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine.1.0]       "(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine.1.0\CLSID]       "(Default)"="REG_SZ", "{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback]       "(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback\CLSID]       "(Default)"="REG_SZ", "{B8669E7E-2C40-42DC-8BA0-314D860F5200}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachineFallback.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0]       "(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]       "(Default)"="REG_SZ", "{B8669E7E-2C40-42DC-8BA0-314D860F5200}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc]       "(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc\CLSID]       "(Default)"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassSvc.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc.1.0]       "(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc.1.0\CLSID]       "(Default)"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher]       "(Default)"="REG_SZ", "Duuqu Update Process Launcher Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher\CLSID]       "(Default)"="REG_SZ", "{E555444B-4EA6-4B30-A314-49C2D1BE413D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.ProcessLauncher.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher.1.0]       "(Default)"="REG_SZ", "Duuqu Update Process Launcher Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher.1.0\CLSID]       "(Default)"="REG_SZ", "{E555444B-4EA6-4B30-A314-49C2D1BE413D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService]       "(Default)"="REG_SZ", "Update3COMClass"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService\CLSID]       "(Default)"="REG_SZ", "{35047074-2A04-4CE9-BE91-8D2D02DC58E6}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.Update3COMClassService.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService.1.0]       "(Default)"="REG_SZ", "Update3COMClass"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService.1.0\CLSID]       "(Default)"="REG_SZ", "{35047074-2A04-4CE9-BE91-8D2D02DC58E6}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine]       "(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine\CLSID]       "(Default)"="REG_SZ", "{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachine.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine.1.0]       "(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine.1.0\CLSID]       "(Default)"="REG_SZ", "{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback]       "(Default)"="REG_SZ", "DuuquUpdate Update3Web"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback\CLSID]       "(Default)"="REG_SZ", "{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachineFallback.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback.1.0]       "(Default)"="REG_SZ", "DuuquUpdate Update3Web"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback.1.0\CLSID]       "(Default)"="REG_SZ", "{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc]       "(Default)"="REG_SZ", "DuuquUpdate Update3Web"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc\CLSID]       "(Default)"="REG_SZ", "{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc\CurVer]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebSvc.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc.1.0]       "(Default)"="REG_SZ", "DuuquUpdate Update3Web"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc.1.0\CLSID]       "(Default)"="REG_SZ", "{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.duuqu.oneclickctrl.9]       "CLSID"="REG_SZ", "{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.duuqu.update3webcontrol.3]       "CLSID"="REG_SZ", "{B47AD5D8-9D04-4F7B-8776-35EA5892F138}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}]       "(Default)"="REG_SZ", "DuuquUpdate Update3Web"       "AppID"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebSvc.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebSvc"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}]       "(Default)"="REG_SZ", "Duuqu Update Plugin"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}\ProgID]       "(Default)"="REG_SZ", "Duuqu.OneClickCtrl.9"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3279E34D-3F0F-4EE4-99FA-7141B82DB0A8}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3279E34D-3F0F-4EE4-99FA-7141B82DB0A8}\InprocHandler32]       "(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psmachine.dll"       "ThreadingModel"="REG_SZ", "Both"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}]       "(Default)"="REG_SZ", "Update3COMClass"       "AppID"="REG_SZ", "{35047074-2A04-4CE9-BE91-8D2D02DC58E6}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.Update3COMClassService.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.Update3COMClassService"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}]       "(Default)"="REG_SZ", "Duuqu Update Core Class"       "LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}\Elevation]       "Enabled"="REG_DWORD", 1       "IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.CoreMachineClass.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.CoreMachineClass"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}]       "(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncher"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}\ProgID]       "(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncherMachine.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}\VersionIndependentProgID]       "(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncherMachine"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}]       "(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"       "LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}\Elevation]       "Enabled"="REG_DWORD", 1       "IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachine.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachine"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}]       "(Default)"="REG_SZ", "PSFactoryBuffer"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}\InProcServer32]       "(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psmachine.dll"       "ThreadingModel"="REG_SZ", "Both"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}]       "(Default)"="REG_SZ", "DuuquUpdate Update3Web"       "LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}\Elevation]       "Enabled"="REG_DWORD", 1       "IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachineFallback.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachineFallback"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}]       "(Default)"="REG_SZ", "Duuqu Update Plugin"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}\ProgID]       "(Default)"="REG_SZ", "Duuqu.Update3WebControl.3"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}]       "(Default)"="REG_SZ", "Duuqu Update Core Class"       "AppID"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.CoreClass.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.CoreClass"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}]       "(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"       "LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}\Elevation]       "Enabled"="REG_DWORD", 1       "IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachineFallback.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachineFallback"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48}]       "(Default)"="REG_SZ", "DuuquUpdate CredentialDialog"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.CredentialDialogMachine.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.CredentialDialogMachine"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BEC320-B746-4A47-B289-509214980E2B}]       "(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"       "AppID"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BEC320-B746-4A47-B289-509214980E2B}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassSvc.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BEC320-B746-4A47-B289-509214980E2B}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassSvc"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D}]       "(Default)"="REG_SZ", "Duuqu Update Process Launcher Class"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.ProcessLauncher.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.ProcessLauncher"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psmachine.dll"       "ThreadingModel"="REG_SZ", "Both"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}]       "(Default)"="REG_SZ", "CoCreateAsync"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.CoCreateAsync.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.CoCreateAsync"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}]       "(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"       "LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}\Elevation]       "Enabled"="REG_DWORD", 1       "IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}\ProgID]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachine.1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}\VersionIndependentProgID]       "(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachine"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D8AA27B-F336-4D85-A4A1-F7148F40A6AE}]       "(Default)"="REG_SZ", "ICoCreateAsync"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D8AA27B-F336-4D85-A4A1-F7148F40A6AE}\NumMethods]       "(Default)"="REG_SZ", "4"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D8AA27B-F336-4D85-A4A1-F7148F40A6AE}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23E2AAB8-DF63-4A6F-AB08-287D23F374FF}]       "(Default)"="REG_SZ", "IDuuquUpdate3WebSecurity"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23E2AAB8-DF63-4A6F-AB08-287D23F374FF}\NumMethods]       "(Default)"="REG_SZ", "4"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23E2AAB8-DF63-4A6F-AB08-287D23F374FF}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D5188D8-B9E0-4C36-BB7D-568A49AE53A1}]       "(Default)"="REG_SZ", "IAppVersionWeb"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D5188D8-B9E0-4C36-BB7D-568A49AE53A1}\NumMethods]       "(Default)"="REG_SZ", "10"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D5188D8-B9E0-4C36-BB7D-568A49AE53A1}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F8564C9-651D-427D-987F-837B793ACEBC}]       "(Default)"="REG_SZ", "IJobObserver"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F8564C9-651D-427D-987F-837B793ACEBC}\NumMethods]       "(Default)"="REG_SZ", "13"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F8564C9-651D-427D-987F-837B793ACEBC}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{402FCA56-D17B-46D7-A90E-1CFA25B0215B}]       "(Default)"="REG_SZ", "IOneClickProcessLauncher"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{402FCA56-D17B-46D7-A90E-1CFA25B0215B}\NumMethods]       "(Default)"="REG_SZ", "4"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{402FCA56-D17B-46D7-A90E-1CFA25B0215B}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{414A428D-BB4B-40B0-88EC-D21AFEF37CB4}]       "(Default)"="REG_SZ", "IDuuquUpdate3Web"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{414A428D-BB4B-40B0-88EC-D21AFEF37CB4}\NumMethods]       "(Default)"="REG_SZ", "8"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{414A428D-BB4B-40B0-88EC-D21AFEF37CB4}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5516DBF3-8B85-4A9E-A2A8-D393A938BD58}]       "(Default)"="REG_SZ", "IDuuquUpdateCore"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5516DBF3-8B85-4A9E-A2A8-D393A938BD58}\NumMethods]       "(Default)"="REG_SZ", "4"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5516DBF3-8B85-4A9E-A2A8-D393A938BD58}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D365F25-8B03-4B7B-9E4A-A37CE436019E}]       "(Default)"="REG_SZ", "IPackage"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D365F25-8B03-4B7B-9E4A-A37CE436019E}\NumMethods]       "(Default)"="REG_SZ", "10"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D365F25-8B03-4B7B-9E4A-A37CE436019E}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{61E7C4F0-2579-4C25-9189-8EC876B97ED1}]       "(Default)"="REG_SZ", "IDuuquUpdate"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{61E7C4F0-2579-4C25-9189-8EC876B97ED1}\NumMethods]       "(Default)"="REG_SZ", "5"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{61E7C4F0-2579-4C25-9189-8EC876B97ED1}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6464558C-D81D-4016-B90E-6782FDB9DCD0}]       "(Default)"="REG_SZ", "ICurrentState"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6464558C-D81D-4016-B90E-6782FDB9DCD0}\NumMethods]       "(Default)"="REG_SZ", "24"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6464558C-D81D-4016-B90E-6782FDB9DCD0}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{67D67055-EDB3-416B-9711-024AD839FB6A}]       "(Default)"="REG_SZ", "IAppVersion"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{67D67055-EDB3-416B-9711-024AD839FB6A}\NumMethods]       "(Default)"="REG_SZ", "10"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{67D67055-EDB3-416B-9711-024AD839FB6A}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A2683D1-57B4-484F-BF88-BC4F870CE703}]       "(Default)"="REG_SZ", "ICoCreateAsyncStatus"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A2683D1-57B4-484F-BF88-BC4F870CE703}\NumMethods]       "(Default)"="REG_SZ", "10"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A2683D1-57B4-484F-BF88-BC4F870CE703}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8147068D-4315-4688-8CBC-246B57265267}]       "(Default)"="REG_SZ", "IRegistrationUpdateHook"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8147068D-4315-4688-8CBC-246B57265267}\NumMethods]       "(Default)"="REG_SZ", "8"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8147068D-4315-4688-8CBC-246B57265267}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{82892E3A-727E-4D86-B4D1-46063B58A0AA}]       "(Default)"="REG_SZ", "IAppBundleWeb"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{82892E3A-727E-4D86-B4D1-46063B58A0AA}\NumMethods]       "(Default)"="REG_SZ", "24"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{82892E3A-727E-4D86-B4D1-46063B58A0AA}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DA2D086-7DE1-45F7-814A-514224A1CE22}]       "(Default)"="REG_SZ", "IAppBundle"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DA2D086-7DE1-45F7-814A-514224A1CE22}\NumMethods]       "(Default)"="REG_SZ", "39"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DA2D086-7DE1-45F7-814A-514224A1CE22}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92A86E90-3C97-44BF-94A1-C4BA65C93AFE}]       "(Default)"="REG_SZ", "IProgressWndEvents"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92A86E90-3C97-44BF-94A1-C4BA65C93AFE}\NumMethods]       "(Default)"="REG_SZ", "9"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92A86E90-3C97-44BF-94A1-C4BA65C93AFE}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9BC6F7DA-195B-4154-AA9D-E217F705D9B9}]       "(Default)"="REG_SZ", "IApp"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9BC6F7DA-195B-4154-AA9D-E217F705D9B9}\NumMethods]       "(Default)"="REG_SZ", "44"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9BC6F7DA-195B-4154-AA9D-E217F705D9B9}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AD457CF1-7331-4A05-BC9A-EF24E99E5CCE}]       "(Default)"="REG_SZ", "IAppWeb"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AD457CF1-7331-4A05-BC9A-EF24E99E5CCE}\NumMethods]       "(Default)"="REG_SZ", "14"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AD457CF1-7331-4A05-BC9A-EF24E99E5CCE}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFC41141-AC68-4D20-B4FE-A8D6C18731F6}]       "(Default)"="REG_SZ", "IBrowserHttpRequest2"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFC41141-AC68-4D20-B4FE-A8D6C18731F6}\NumMethods]       "(Default)"="REG_SZ", "4"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFC41141-AC68-4D20-B4FE-A8D6C18731F6}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4A19F2F-B72B-49D5-B72A-081B1E53D04C}]       "(Default)"="REG_SZ", "ICredentialDialog"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4A19F2F-B72B-49D5-B72A-081B1E53D04C}\NumMethods]       "(Default)"="REG_SZ", "4"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4A19F2F-B72B-49D5-B72A-081B1E53D04C}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D263ED30-CDED-4834-BEB9-75CBCE761A3A}]       "(Default)"="REG_SZ", "IProcessLauncher"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D263ED30-CDED-4834-BEB9-75CBCE761A3A}\NumMethods]       "(Default)"="REG_SZ", "6"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D263ED30-CDED-4834-BEB9-75CBCE761A3A}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DED54547-5E5E-402A-83A9-14F5D3DE3B8D}]       "(Default)"="REG_SZ", "IDuuquUpdate3"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DED54547-5E5E-402A-83A9-14F5D3DE3B8D}\NumMethods]       "(Default)"="REG_SZ", "10"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DED54547-5E5E-402A-83A9-14F5D3DE3B8D}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update]       "MsiStubRun"="REG_DWORD", 0       "path"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe"       "version"="REG_SZ", "1.3.37.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]       "name"="REG_SZ", "Duuqu Update"       "pv"="REG_SZ", "1.3.37.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\Clients\{AC14D5E8-02B7-4849-B31E-35E81F72D121}]       "name"="REG_SZ", "FrameFox Shop"       "pv"="REG_SZ", "2.0.0.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]       "brand"="REG_SZ", "DQLS"       "campaign"="REG_SZ", "2"       "InstallTime"="REG_DWORD", 1448440725       "pv"="REG_SZ", "1.3.37.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\ClientState\{AC14D5E8-02B7-4849-B31E-35E81F72D121}]       "brand"="REG_SZ", "DQLS"       "campaign"="REG_SZ", "2"       "InstallTime"="REG_DWORD", 1448440726       "lang"="REG_SZ", "en"       "LastCheckSuccess"="REG_DWORD", 1448440758       "pv"="REG_SZ", "2.0.0.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\ClientStateMedium\{AC14D5E8-02B7-4849-B31E-35E81F72D121}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\network\secure]    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FrameFox\FrameFox Shop]       "version"="REG_SZ", "2.0.0.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]       "FrameFox Shop"="REG_SZ", "C:\Program Files (x86)\FrameFox\framefox.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{010BE806-614F-48F2-B83A-29DF45E6AC7D}]       "AuthorizedCDFPrefix"="REG_SZ", ""       "Comments"="REG_SZ", ""       "Contact"="REG_SZ", ""       "DisplayName"="REG_SZ", "FrameFox Shop 2.0.0.0"       "DisplayVersion"="REG_SZ", "2.0.0.0"       "EstimatedSize"="REG_DWORD", 295       "HelpLink"="REG_SZ", ""       "HelpTelephone"="REG_SZ", ""       "InstallDate"="REG_SZ", "20151125"       "InstallLocation"="REG_SZ", ""       "InstallSource"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\Install\{65A43C9E-56BA-4251-A071-74EFE8C44416}\"       "Language"="REG_DWORD", 1033       "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /X{010BE806-614F-48F2-B83A-29DF45E6AC7D}"       "NoModify"="REG_DWORD", 1       "Publisher"="REG_SZ", "The Team"       "Readme"="REG_SZ", ""       "Size"="REG_SZ", ""       "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /X{010BE806-614F-48F2-B83A-29DF45E6AC7D}"       "URLInfoAbout"="REG_SZ", ""       "URLUpdateInfo"="REG_SZ", ""       "Version"="REG_DWORD", 33554432       "VersionMajor"="REG_DWORD", 2       "VersionMinor"="REG_DWORD", 0       "WindowsInstaller"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]       "AuthorizedCDFPrefix"="REG_SZ", ""       "Comments"="REG_SZ", ""       "Contact"="REG_SZ", ""       "DisplayName"="REG_SZ", "Duuqu Update Helper"       "DisplayVersion"="REG_SZ", "1.3.37.0"       "EstimatedSize"="REG_DWORD", 45       "HelpLink"="REG_SZ", ""       "HelpTelephone"="REG_SZ", ""       "InstallDate"="REG_SZ", "20151125"       "InstallLocation"="REG_SZ", ""       "InstallSource"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\"       "Language"="REG_DWORD", 1033       "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"       "Publisher"="REG_SZ", "Duuqu Group"       "Readme"="REG_SZ", ""       "Size"="REG_SZ", ""       "SystemComponent"="REG_DWORD", 1       "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"       "URLInfoAbout"="REG_SZ", ""       "URLUpdateInfo"="REG_SZ", ""       "Version"="REG_DWORD", 16973861       "VersionMajor"="REG_DWORD", 1       "VersionMinor"="REG_DWORD", 3       "WindowsInstaller"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=3]       "Description"="REG_SZ", "Duuqu Update"       "Path"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll"       "ProductName"="REG_SZ", "Duuqu Update"       "Vendor"="REG_SZ", "Duuqu Group"       "Version"="REG_SZ", "3"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=3\MimeTypes\application/x-vnd.duuqu.update3webcontrol.3]    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=9]       "Description"="REG_SZ", "Duuqu Update"       "Path"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll"       "ProductName"="REG_SZ", "Duuqu Update"       "Vendor"="REG_SZ", "Duuqu Group"       "Version"="REG_SZ", "9"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=9\MimeTypes\application/x-vnd.duuqu.oneclickctrl.9]    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dqupdate]       "DelayedAutostart"="REG_DWORD", 1       "DependOnService"="REG_MULTI_SZ, "RPCSS "       "Description"="REG_SZ", "Keeps your Duuqu software up to date. If this service is disabled or stopped, your Duuqu software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Duuqu software using it."       "DisplayName"="REG_SZ", "Duuqu Update Service (dqupdate)"       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe /svc"       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16       "WOW64"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dqupdatem]       "DelayedAutostart"="REG_DWORD", 1       "DependOnService"="REG_MULTI_SZ, "RPCSS "       "Description"="REG_SZ", "Keeps your Duuqu software up to date. If this service is disabled or stopped, your Duuqu software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Duuqu software using it."       "DisplayName"="REG_SZ", "Duuqu Update Service (dqupdatem)"       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe /medsvc"       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 3       "Type"="REG_DWORD", 16       "WOW64"="REG_DWORD", 1
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 25/11/2015Scan Time: 13:10Logfile: mbamFrameFoxShop.txtAdministrator: YesVersion: 2.2.0.1020Malware Database: v2015.11.25.03Rootkit Database: v2015.11.23.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 309976Time Elapsed: 5 min, 4 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\framefox.exe, 2748, Delete-on-Reboot, [2314740ef59626108206453bb44fb14f]Modules: 0(No malicious items detected)Registry Keys: 91PUP.Optional.Duuqu, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dqupdate, Quarantined, [a7908ff3bad1ea4c319114149e6321df], PUP.Optional.Duuqu, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dqupdatem, Quarantined, [a7908ff3bad1ea4c319114149e6321df], PUP.Optional.Duuqu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DUUQUUPDATE.EXE, Quarantined, [a7908ff3bad1ea4c319114149e6321df], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DUUQUUPDATE.EXE, Quarantined, [a7908ff3bad1ea4c319114149e6321df], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\Duuqu.OneClickCtrl.9, Quarantined, [a1969ce6f398b0865ec8ccb19d66827e], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\Duuqu.OneClickProcessLauncherMachine, Quarantined, [e84f3e44bccf43f363c34a3345bed52b], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\Duuqu.OneClickProcessLauncherMachine.1.0, Quarantined, [3cfb087ae6a5b5817caa314cf2117d83], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoCreateAsync, Quarantined, [ae899ae8abe0ab8ba285a5d8f211659b], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoCreateAsync.1.0, Quarantined, [df581969187360d67cab2c5162a1d12f], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoreClass, Quarantined, [46f16022ddae79bdad7a9ce17a89ba46], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoreClass.1, Quarantined, [989fbfc3f19a71c581a691ecf40fb44c], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoreMachineClass, Quarantined, [0532d0b24a4161d51611552840c3ad53], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoreMachineClass.1, Quarantined, [63d4dda51b7041f50621b6c7956e5ea2], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CredentialDialogMachine, Quarantined, [ec4ba3df2b60231384a3d4a97b8838c8], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CredentialDialogMachine.1.0, Quarantined, [59de146e573491a5ca5db3ca19eaf709], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassMachine, Quarantined, [41f6087ac3c8122472b5522bc43f8c74], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [0433354dc4c70f272205423b986b966a], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassMachineFallback, Quarantined, [10271c667e0db284c16680fd9d6613ed], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [50e72e542467be7815129de02bd827d9], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassSvc, Quarantined, [ba7d4e34f794a5918d9a601d9c6757a9], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [bb7c384a038893a373b40578aa59ae52], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.ProcessLauncher, Quarantined, [23144240a8e33bfb899e6a134fb47a86], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.ProcessLauncher.1.0, Quarantined, [033421616e1dbe7857d06f0e20e3fb05], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3COMClassService, Quarantined, [3bfc245e6625ce688b9c85f8aa5938c8], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3COMClassService.1.0, Quarantined, [83b4b0d2701bd85e50d70d700102da26], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebMachine, Quarantined, [3afd79099deee0565acd2459ea197987], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebMachine.1.0, Quarantined, [c96e6f13583379bdc85f90ed2ed549b7], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebMachineFallback, Quarantined, [ab8c037f6a2192a4df487607887b966a], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebMachineFallback.1.0, Quarantined, [c176c6bc008b46f06cbb324b2ad99070], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebSvc, Quarantined, [7abd12704744f24487a0a9d47a891ee2], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebSvc.1.0, Quarantined, [9b9c2c5647447bbbe83fc8b51ae947b9], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\APPID\DuuquUpdate.exe, Quarantined, [1c1bbbc7612a0531bc69d0ad1de62ed2], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.oneclickctrl.9, Quarantined, [ae896d15eba0f1453deb3a434bb808f8], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.update3webcontrol.3, Quarantined, [5ed96f134843c96dea3ec6b75ca7dc24], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DuuquUpdate.exe, Quarantined, [48efbbc7a6e566d0cc5987f606fd39c7], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.oneclickctrl.9, Quarantined, [60d7a6dcc2c991a5f83097e6cf34629e], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.update3webcontrol.3, Quarantined, [b780344e018ad165d3557d00e41f38c8], PUP.Optional.Duuqu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DuuquUpdateTaskMachineCore, Delete-on-Reboot, [4ee95929434840f687a46a13db28eb15], PUP.Optional.Duuqu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DuuquUpdateTaskMachineUA, Delete-on-Reboot, [ef48275b4e3d3600f9335924bb48d030], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\Duuqu, Quarantined, [bb7c255dd9b2d75f1218a5d8937019e7], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Duuqu.OneClickCtrl.9, Quarantined, [b483c1c13c4f979f9690235ad62db44c], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Duuqu.OneClickProcessLauncherMachine, Quarantined, [78bfe0a20a817db90c1a96e759aa24dc], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Duuqu.OneClickProcessLauncherMachine.1.0, Quarantined, [b582ccb6a1ea6bcb67bf27565aa9f40c], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoCreateAsync, Quarantined, [82b512708506d75fe24516675ba80ef2], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoCreateAsync.1.0, Quarantined, [91a67210197237ff82a534499271b749], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoreClass, Quarantined, [082f8002b0db3303c95e2f4ed92a26da], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoreClass.1, Quarantined, [41f6d6acc9c2d06648df225bec17bb45], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoreMachineClass, Quarantined, [a3944939246738fe37f01e5f986b14ec], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoreMachineClass.1, Quarantined, [d85fa7db8cffb68049de87f6699a9c64], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CredentialDialogMachine, Quarantined, [0f284b3708839c9a899e4f2eb44fd22e], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CredentialDialogMachine.1.0, Quarantined, [ca6d8af8107bda5cfa2d3b42778ccd33], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassMachine, Quarantined, [c07784fe068525114addb6c76f940ff1], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [06318cf6b0db5adc45e2afce2fd420e0], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassMachineFallback, Quarantined, [82b52a58cfbc6cca53d45c21f40f956b], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [67d08ef473189f972afdf786cb3813ed], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassSvc, Quarantined, [77c0e89a3853c86e3dea027b2dd68977], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [30074f3393f80c2a80a7b6c745be15eb], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.ProcessLauncher, Quarantined, [fb3c50320289b28471b6126b2ad9c739], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.ProcessLauncher.1.0, Quarantined, [d85fd2b05338290dde49502d768d0ef2], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3COMClassService, Quarantined, [49ee22606b20d0668d9a2a5317ec6b95], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3COMClassService.1.0, Quarantined, [7dbad9a94942a4924fd8b6c7bb48659b], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebMachine, Quarantined, [41f64b378902a78f5ec987f6d132ec14], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebMachine.1.0, Quarantined, [d1661171bccf57dfad7a106d927128d8], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebMachineFallback, Quarantined, [0a2d235fdab1f244cb5ca2db1ae9ec14], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebMachineFallback.1.0, Quarantined, [1126cfb3414aa393f82f403d48bb02fe], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebSvc, Quarantined, [61d6fa8848438ea8fb2c0974ae55649c], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebSvc.1.0, Quarantined, [59de8df5365574c292957706986b649c], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DuuquUpdate.exe, Quarantined, [55e222602b608babff264b32bb4801ff], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.oneclickctrl.9, Quarantined, [fc3bb2d0b3d8ce6831f7d7a66f94ce32], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.update3webcontrol.3, Quarantined, [8ea9f989d9b2ba7ca97fafce3dc6bc44], PUP.Optional.FrameFox, HKLM\SOFTWARE\WOW6432NODE\FRAMEFOX\FrameFox Shop, Quarantined, [f542e9999fec9d99c7dab9332ad9cc34], PUP.Optional.FrameFox, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{010BE806-614F-48F2-B83A-29DF45E6AC7D}, Quarantined, [83b4e2a0ccbfd561dec4509ce61d16ea], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@www.duuqu.com/omaha/tools//Duuqu Update;version=3, Quarantined, [f047b9c9a4e70234fc31423b0ef5e41c], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@www.duuqu.com/omaha/tools//Duuqu Update;version=9, Quarantined, [ba7d59292c5fea4c65c8c9b4cf34619f], PUP.Optional.Duuqu, HKCU\SOFTWARE\Duuqu, Quarantined, [76c12f53d1ba15210b1e7effe122f010], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Duuqu.OneClickCtrl.9, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\Duuqu.Update3WebControl.3, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Duuqu.Update3WebControl.3, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Duuqu.Update3WebControl.3, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], Registry Values: 1PUP.Optional.FrameFox, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FrameFox Shop, C:\Program Files (x86)\FrameFox\framefox.exe, Quarantined, [2314740ef59626108206453bb44fb14f]Registry Data: 0(No malicious items detected)Folders: 40PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox, Delete-on-Reboot, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\chrome, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\chrome\content, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales\en_GB, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales\en_US, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\chrome, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\chrome\content, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome\content, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.Duuqu, C:\Users\{username}\AppData\Local\Duuqu, Quarantined, [ed4a334f2d5e3204d349afc53bc7748c], PUP.Optional.Duuqu, C:\Users\{username}\AppData\Local\Duuqu\CrashReports, Quarantined, [ed4a334f2d5e3204d349afc53bc7748c], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\CrashReports, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Download, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Download\{AC14D5E8-02B7-4849-B31E-35E81F72D121}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Download\{AC14D5E8-02B7-4849-B31E-35E81F72D121}\2.0.0.0, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Install, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Install\{8D339F9E-EF5B-4C6A-967F-8F02B4A38BE6}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Offline, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Offline\{C2EFC4A3-840A-4077-BD62-B4B357D8202B}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome\content, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\chrome, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\chrome\content, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales\en_GB, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales\en_US, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], Files: 62PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe, Quarantined, [a7908ff3bad1ea4c319114149e6321df], PUP.Optional.Duuqu, C:\Users\{username}\Desktop\FrameFoxShopSetup.exe, Quarantined, [2f08235fd6b57fb741812afe0001817f], PUP.Optional.Duuqu, C:\Windows\System32\Tasks\DuuquUpdateTaskMachineCore, Quarantined, [4dea7c064348ae88f22f1b6204ff3fc1], PUP.Optional.Duuqu, C:\Windows\System32\Tasks\DuuquUpdateTaskMachineUA, Quarantined, [0433b8ca79126fc7c35fe895da292ad6], PUP.Optional.Duuqu, C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job, Quarantined, [3ff80280a8e3999dfd262459fe053cc4], PUP.Optional.Duuqu, C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job, Quarantined, [003789f94744e45262c2c5b8996a43bd], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\README.txt, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\COPYING, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\framefox.exe, Delete-on-Reboot, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\LICENSE.txt, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\PRIVACY.txt, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\background.html, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\background.js, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\bootstrap.js, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\icon128.png, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\icon16.png, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\icon48.png, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\chrome\content\content.js, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales\en_GB\messages.json, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales\en_US\messages.json, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\chrome\content\content.js, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\bootstrap.js, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome.manifest, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\icon.png, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\icon64.png, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\install.rdf, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome\content\content.js, Quarantined, [2314740ef59626108206453bb44fb14f], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquCrashHandler.exe, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdate.exe, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateHelper.msi, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdateres_en.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psmachine.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psuser.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Download\{AC14D5E8-02B7-4849-B31E-35E81F72D121}\2.0.0.0\{F5D802A2-C293-4973-956C-E28C5A2391FB}.msi, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Install\{8D339F9E-EF5B-4C6A-967F-8F02B4A38BE6}\{F5D802A2-C293-4973-956C-E28C5A2391FB}.msi, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Install\{8D339F9E-EF5B-4C6A-967F-8F02B4A38BE6}\{F5D802A2-C293-4973-956C-E28C5A2391FB}.msi.log, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\bootstrap.js, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome.manifest, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\icon.png, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\icon64.png, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\install.rdf, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome\content\content.js, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\background.html, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\background.js, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\bootstrap.js, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\icon128.png, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\icon16.png, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\icon48.png, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\manifest.json, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\chrome\content\content.js, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales\en_GB\messages.json, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales\en_US\messages.json, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c], PUM.FireFoxSecurityOverride, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Quarantined, [1c1bdca6751681b50f3ed2bfcb399e62], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.