What is FrameFox Shop?
The Malwarebytes research team has determined that FrameFox Shop is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.
How do I know if my computer is affected by FrameFox Shop?
You may see these warnings during install:
and these browser extensions:
these tasks in your Task Scheduler:
and this entry in your list of installed programs:
How did FrameFox Shop get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove FrameFox Shop?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes FrameFox Shop completely.
- If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the FrameFox Shop entry.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the FrameFox Shop hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and it stops the connections the browser hijacker tries to make:
Technical details for experts
You may see these signs in a HijackThis log:
O4 - HKLM\..\Run: [FrameFox Shop] C:\Program Files (x86)\FrameFox\framefox.exe O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) - Duuqu Group - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe O23 - Service: Duuqu Update Service (dqupdatem) (dqupdatem) - Duuqu Group - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exeYou may see these entries in FRST logs:
() C:\Program Files (x86)\FrameFox\framefox.exe
HKLM-x32\...\Run: [FrameFox Shop] => C:\Program Files (x86)\FrameFox\framefox.exe [416256 2015-05-08] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin-x32: @www.duuqu.com/omaha/tools//Duuqu Update;version=3 -> C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll [2015-11-25] (Duuqu Group)
FF Plugin-x32: @www.duuqu.com/omaha/tools//Duuqu Update;version=9 -> C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll [2015-11-25] (Duuqu Group)
FF user.js: detected! => C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js [2015-11-25]
FF Extension: FrameFox Shop - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack [2015-11-25] [not signed]
CHR Extension: (FrameFox Shop) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd [2015-11-25]
S2 dqupdate; C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [98360 2015-11-25] (Duuqu Group)
S3 dqupdatem; C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [98360 2015-11-25] (Duuqu Group)
C:\Program Files (x86)\FrameFox
C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job
C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\DuuquUpdateTaskMachineUA
C:\Windows\System32\Tasks\DuuquUpdateTaskMachineCore
C:\Users\{username}\AppData\Local\Duuqu
C:\Program Files (x86)\Duuqu
Duuqu Update Helper (x32 Version: 1.3.37.0 - Duuqu Group) Hidden <==== ATTENTION
FrameFox Shop 2.0.0.0 (HKLM-x32\...\{010BE806-614F-48F2-B83A-29DF45E6AC7D}) (Version: 2.0.0.0 - The Team)
Task: {C75ABBB8-EB11-4E71-A63F-9C03B36CA221} - System32\Tasks\DuuquUpdateTaskMachineCore => C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [2015-11-25] (Duuqu Group) <==== ATTENTION
Task: {E073258A-6016-429C-A006-E8C4596B894C} - System32\Tasks\DuuquUpdateTaskMachineUA => C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [2015-11-25] (Duuqu Group) <==== ATTENTION
Task: C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job => C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job => C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe <==== ATTENTION
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files (x86)\Duuqu\CrashReports
Adds the folder C:\Program Files (x86)\Duuqu\Update
Adds the file DuuquUpdate.exe"="25/11/2015 09:38, 98360 bytes, A
Adds the folder C:\Program Files (x86)\Duuqu\Update\1.3.37.0
Adds the file DuuquCrashHandler.exe"="25/11/2015 09:38, 98360 bytes, A
Adds the file DuuquUpdate.exe"="25/11/2015 09:38, 98360 bytes, A
Adds the file DuuquUpdateBroker.exe"="25/11/2015 09:38, 59448 bytes, A
Adds the file DuuquUpdateHelper.msi"="25/11/2015 09:38, 45056 bytes, A
Adds the file DuuquUpdateOnDemand.exe"="25/11/2015 09:38, 59960 bytes, A
Adds the file goopdate.dll"="25/11/2015 09:38, 806968 bytes, A
Adds the file goopdateres_en.dll"="25/11/2015 09:38, 27192 bytes, A
Adds the file npDuuquUpdate3.dll"="25/11/2015 09:38, 236088 bytes, A
Adds the file psmachine.dll"="25/11/2015 09:38, 156728 bytes, A
Adds the file psuser.dll"="25/11/2015 09:38, 156728 bytes, A
Adds the folder C:\Program Files (x86)\Duuqu\Update\Download\{AC14D5E8-02B7-4849-B31E-35E81F72D121}\2.0.0.0
Adds the file {F5D802A2-C293-4973-956C-E28C5A2391FB}.msi"="08/05/2015 01:24, 745472 bytes, A
Adds the folder C:\Program Files (x86)\Duuqu\Update\Install
Adds the folder C:\Program Files (x86)\Duuqu\Update\Install\{65A43C9E-56BA-4251-A071-74EFE8C44416}
Adds the file {F5D802A2-C293-4973-956C-E28C5A2391FB}.msi"="08/05/2015 01:24, 745472 bytes, A
Adds the file {F5D802A2-C293-4973-956C-E28C5A2391FB}.msi.log"="25/11/2015 09:39, 46798 bytes, A
Adds the folder C:\Program Files (x86)\Duuqu\Update\Offline\{AEEF0F75-8711-48D4-A6F6-55C5815AD54A}
Adds the folder C:\Program Files (x86)\FrameFox
Adds the file COPYING"="14/02/2015 23:52, 11546 bytes, A
Adds the file framefox.exe"="08/05/2015 02:24, 416256 bytes, A
Adds the file LICENSE.txt"="14/02/2015 23:52, 819 bytes, A
Adds the file PRIVACY.txt"="05/05/2015 17:00, 163 bytes, A
Adds the file README.txt"="05/05/2015 17:01, 1800 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome
Adds the file manifest.json"="02/05/2015 21:40, 2381 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source
Adds the file background.html"="10/09/2013 22:50, 92 bytes, A
Adds the file background.js"="01/12/2014 13:49, 410 bytes, A
Adds the file bootstrap.js"="29/11/2014 18:06, 334 bytes, A
Adds the file icon128.png"="10/09/2013 22:50, 13590 bytes, A
Adds the file icon16.png"="29/11/2014 15:56, 841 bytes, A
Adds the file icon48.png"="02/12/2014 21:13, 2924 bytes, A
Adds the file manifest.json"="02/05/2015 21:40, 809 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\chrome\content
Adds the file content.js"="30/12/2014 00:51, 97248 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer
Adds the file manifest.json"="18/02/2015 14:47, 45 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source
Adds the file manifest.json"="18/02/2015 17:22, 95 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\chrome\content
Adds the file content.js"="18/02/2015 15:47, 97020 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox
Adds the file manifest.json"="02/05/2015 03:04, 571 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source
Adds the file bootstrap.js"="07/12/2014 18:00, 7261 bytes, A
Adds the file chrome.manifest"="12/11/2014 20:41, 33 bytes, A
Adds the file icon.png"="10/09/2013 22:50, 13590 bytes, A
Adds the file icon64.png"="10/09/2013 22:50, 13590 bytes, A
Adds the file install.rdf"="02/05/2015 21:40, 938 bytes, A
Adds the folder C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome\content
Adds the file content.js"="02/12/2014 00:17, 97225 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\Duuqu
Adds the folder C:\Users\{username}\AppData\Local\Duuqu\CrashReports
In the existing folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default
Alters the file Preferences
23/11/2015 09:03, 183759 bytes, A ==> 25/11/2015 09:39, 190398 bytes, A
Alters the file Secure Preferences
23/11/2015 09:03, 41025 bytes, A ==> 25/11/2015 09:39, 66352 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0
Adds the file background.html"="10/09/2013 22:50, 92 bytes, A
Adds the file background.js"="01/12/2014 13:49, 410 bytes, A
Adds the file bootstrap.js"="29/11/2014 18:06, 334 bytes, A
Adds the file icon128.png"="10/09/2013 22:50, 13590 bytes, A
Adds the file icon16.png"="29/11/2014 15:56, 841 bytes, A
Adds the file icon48.png"="02/12/2014 21:13, 2924 bytes, A
Adds the file manifest.json"="25/11/2015 09:39, 1242 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales
Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\chrome\content
Adds the file content.js"="30/12/2014 00:51, 97248 bytes, A
In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default
Adds the file user.js"="25/11/2015 09:39, 422 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack
Adds the file bootstrap.js"="07/12/2014 18:00, 7261 bytes, A
Adds the file chrome.manifest"="12/11/2014 20:41, 33 bytes, A
Adds the file icon.png"="10/09/2013 22:50, 13590 bytes, A
Adds the file icon64.png"="10/09/2013 22:50, 13590 bytes, A
Adds the file install.rdf"="02/05/2015 21:40, 938 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome\content
Adds the file content.js"="02/12/2014 00:17, 97225 bytes, A
In the existing folder C:\Windows\System32\Tasks
Adds the file DuuquUpdateTaskMachineCore"="25/11/2015 09:38, 3638 bytes, A
Adds the file DuuquUpdateTaskMachineUA"="25/11/2015 09:38, 3890 bytes, A
In the existing folder C:\Windows\Tasks
Adds the file DuuquUpdateTaskMachineCore.job"="25/11/2015 09:38, 890 bytes, A
Adds the file DuuquUpdateTaskMachineUA.job"="25/11/2015 09:38, 894 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}]
"(Default)"="REG_SZ", "ServiceModule"
"LocalService"="REG_SZ", "dqupdate"
"ServiceParameters"="REG_SZ", "/comsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7BEC320-B746-4A47-B289-509214980E2B}]
"(Default)"="REG_SZ", "ServiceModule"
"LocalService"="REG_SZ", "dqupdatem"
"ServiceParameters"="REG_SZ", "/comsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\DuuquUpdate.exe]
"AppID"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickCtrl.9]
"(Default)"="REG_SZ", "Duuqu Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickCtrl.9\CLSID]
"(Default)"="REG_SZ", "{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine]
"(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine\CLSID]
"(Default)"="REG_SZ", "{7D79AC47-48F6-40F8-BA34-17677EAEA37C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine\CurVer]
"(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine.1.0]
"(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)"="REG_SZ", "{7D79AC47-48F6-40F8-BA34-17677EAEA37C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.Update3WebControl.3]
"(Default)"="REG_SZ", "Duuqu Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Duuqu.Update3WebControl.3\CLSID]
"(Default)"="REG_SZ", "{B47AD5D8-9D04-4F7B-8776-35EA5892F138}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync]
"(Default)"="REG_SZ", "CoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync\CLSID]
"(Default)"="REG_SZ", "{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync.1.0]
"(Default)"="REG_SZ", "CoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoCreateAsync.1.0\CLSID]
"(Default)"="REG_SZ", "{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass]
"(Default)"="REG_SZ", "Duuqu Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass\CLSID]
"(Default)"="REG_SZ", "{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass.1]
"(Default)"="REG_SZ", "Duuqu Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreClass.1\CLSID]
"(Default)"="REG_SZ", "{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass]
"(Default)"="REG_SZ", "Duuqu Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass\CLSID]
"(Default)"="REG_SZ", "{486E4A9A-50F4-4DA4-9F50-363FC9F72939}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass.1]
"(Default)"="REG_SZ", "Duuqu Update Core Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CoreMachineClass.1\CLSID]
"(Default)"="REG_SZ", "{486E4A9A-50F4-4DA4-9F50-363FC9F72939}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine]
"(Default)"="REG_SZ", "DuuquUpdate CredentialDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine\CLSID]
"(Default)"="REG_SZ", "{D4B7651E-076D-4BB2-A021-26F6E7A59A48}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine.1.0]
"(Default)"="REG_SZ", "DuuquUpdate CredentialDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)"="REG_SZ", "{D4B7651E-076D-4BB2-A021-26F6E7A59A48}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine]
"(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)"="REG_SZ", "{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine.1.0]
"(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)"="REG_SZ", "{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback]
"(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)"="REG_SZ", "{B8669E7E-2C40-42DC-8BA0-314D860F5200}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)"="REG_SZ", "{B8669E7E-2C40-42DC-8BA0-314D860F5200}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc]
"(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc.1.0]
"(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher]
"(Default)"="REG_SZ", "Duuqu Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher\CLSID]
"(Default)"="REG_SZ", "{E555444B-4EA6-4B30-A314-49C2D1BE413D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher.1.0]
"(Default)"="REG_SZ", "Duuqu Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.ProcessLauncher.1.0\CLSID]
"(Default)"="REG_SZ", "{E555444B-4EA6-4B30-A314-49C2D1BE413D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService]
"(Default)"="REG_SZ", "Update3COMClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService\CLSID]
"(Default)"="REG_SZ", "{35047074-2A04-4CE9-BE91-8D2D02DC58E6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService.1.0]
"(Default)"="REG_SZ", "Update3COMClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3COMClassService.1.0\CLSID]
"(Default)"="REG_SZ", "{35047074-2A04-4CE9-BE91-8D2D02DC58E6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine]
"(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine\CLSID]
"(Default)"="REG_SZ", "{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine.1.0]
"(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachine.1.0\CLSID]
"(Default)"="REG_SZ", "{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback]
"(Default)"="REG_SZ", "DuuquUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback\CLSID]
"(Default)"="REG_SZ", "{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback.1.0]
"(Default)"="REG_SZ", "DuuquUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)"="REG_SZ", "{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc]
"(Default)"="REG_SZ", "DuuquUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc\CLSID]
"(Default)"="REG_SZ", "{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc\CurVer]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc.1.0]
"(Default)"="REG_SZ", "DuuquUpdate Update3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DuuquUpdate.Update3WebSvc.1.0\CLSID]
"(Default)"="REG_SZ", "{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.duuqu.oneclickctrl.9]
"CLSID"="REG_SZ", "{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.duuqu.update3webcontrol.3]
"CLSID"="REG_SZ", "{B47AD5D8-9D04-4F7B-8776-35EA5892F138}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}]
"(Default)"="REG_SZ", "DuuquUpdate Update3Web"
"AppID"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}]
"(Default)"="REG_SZ", "Duuqu Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll"
"ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}\ProgID]
"(Default)"="REG_SZ", "Duuqu.OneClickCtrl.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3279E34D-3F0F-4EE4-99FA-7141B82DB0A8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3279E34D-3F0F-4EE4-99FA-7141B82DB0A8}\InprocHandler32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psmachine.dll"
"ThreadingModel"="REG_SZ", "Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}]
"(Default)"="REG_SZ", "Update3COMClass"
"AppID"="REG_SZ", "{35047074-2A04-4CE9-BE91-8D2D02DC58E6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35047074-2A04-4CE9-BE91-8D2D02DC58E6}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.Update3COMClassService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}]
"(Default)"="REG_SZ", "Duuqu Update Core Class"
"LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}\Elevation]
"Enabled"="REG_DWORD", 1
"IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.CoreMachineClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}]
"(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}\ProgID]
"(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C}\VersionIndependentProgID]
"(Default)"="REG_SZ", "Duuqu.OneClickProcessLauncherMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}]
"(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"
"LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}\Elevation]
"Enabled"="REG_DWORD", 1
"IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}]
"(Default)"="REG_SZ", "PSFactoryBuffer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}\InProcServer32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psmachine.dll"
"ThreadingModel"="REG_SZ", "Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}]
"(Default)"="REG_SZ", "DuuquUpdate Update3Web"
"LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}\Elevation]
"Enabled"="REG_DWORD", 1
"IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.Update3WebMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}]
"(Default)"="REG_SZ", "Duuqu Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll"
"ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}\ProgID]
"(Default)"="REG_SZ", "Duuqu.Update3WebControl.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}]
"(Default)"="REG_SZ", "Duuqu Update Core Class"
"AppID"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.CoreClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}]
"(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"
"LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}\Elevation]
"Enabled"="REG_DWORD", 1
"IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48}]
"(Default)"="REG_SZ", "DuuquUpdate CredentialDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.CredentialDialogMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BEC320-B746-4A47-B289-509214980E2B}]
"(Default)"="REG_SZ", "Duuqu Update Legacy On Demand"
"AppID"="REG_SZ", "{D7BEC320-B746-4A47-B289-509214980E2B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BEC320-B746-4A47-B289-509214980E2B}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D7BEC320-B746-4A47-B289-509214980E2B}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D}]
"(Default)"="REG_SZ", "Duuqu Update Process Launcher Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.ProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psmachine.dll"
"ThreadingModel"="REG_SZ", "Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}]
"(Default)"="REG_SZ", "CoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EE3ABAE3-E109-43E4-9126-DD9E82CA212B}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.CoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}]
"(Default)"="REG_SZ", "Duuqu Update Broker Class Factory"
"LocalizedString"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}\Elevation]
"Enabled"="REG_DWORD", 1
"IconReference"="REG_SZ", "@C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}\LocalServer32]
"(Default)"="REG_SZ", ""C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}\ProgID]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D}\VersionIndependentProgID]
"(Default)"="REG_SZ", "DuuquUpdate.OnDemandCOMClassMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D8AA27B-F336-4D85-A4A1-F7148F40A6AE}]
"(Default)"="REG_SZ", "ICoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D8AA27B-F336-4D85-A4A1-F7148F40A6AE}\NumMethods]
"(Default)"="REG_SZ", "4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D8AA27B-F336-4D85-A4A1-F7148F40A6AE}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23E2AAB8-DF63-4A6F-AB08-287D23F374FF}]
"(Default)"="REG_SZ", "IDuuquUpdate3WebSecurity"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23E2AAB8-DF63-4A6F-AB08-287D23F374FF}\NumMethods]
"(Default)"="REG_SZ", "4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23E2AAB8-DF63-4A6F-AB08-287D23F374FF}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D5188D8-B9E0-4C36-BB7D-568A49AE53A1}]
"(Default)"="REG_SZ", "IAppVersionWeb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D5188D8-B9E0-4C36-BB7D-568A49AE53A1}\NumMethods]
"(Default)"="REG_SZ", "10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D5188D8-B9E0-4C36-BB7D-568A49AE53A1}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F8564C9-651D-427D-987F-837B793ACEBC}]
"(Default)"="REG_SZ", "IJobObserver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F8564C9-651D-427D-987F-837B793ACEBC}\NumMethods]
"(Default)"="REG_SZ", "13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F8564C9-651D-427D-987F-837B793ACEBC}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{402FCA56-D17B-46D7-A90E-1CFA25B0215B}]
"(Default)"="REG_SZ", "IOneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{402FCA56-D17B-46D7-A90E-1CFA25B0215B}\NumMethods]
"(Default)"="REG_SZ", "4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{402FCA56-D17B-46D7-A90E-1CFA25B0215B}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{414A428D-BB4B-40B0-88EC-D21AFEF37CB4}]
"(Default)"="REG_SZ", "IDuuquUpdate3Web"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{414A428D-BB4B-40B0-88EC-D21AFEF37CB4}\NumMethods]
"(Default)"="REG_SZ", "8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{414A428D-BB4B-40B0-88EC-D21AFEF37CB4}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5516DBF3-8B85-4A9E-A2A8-D393A938BD58}]
"(Default)"="REG_SZ", "IDuuquUpdateCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5516DBF3-8B85-4A9E-A2A8-D393A938BD58}\NumMethods]
"(Default)"="REG_SZ", "4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5516DBF3-8B85-4A9E-A2A8-D393A938BD58}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D365F25-8B03-4B7B-9E4A-A37CE436019E}]
"(Default)"="REG_SZ", "IPackage"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D365F25-8B03-4B7B-9E4A-A37CE436019E}\NumMethods]
"(Default)"="REG_SZ", "10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5D365F25-8B03-4B7B-9E4A-A37CE436019E}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{61E7C4F0-2579-4C25-9189-8EC876B97ED1}]
"(Default)"="REG_SZ", "IDuuquUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{61E7C4F0-2579-4C25-9189-8EC876B97ED1}\NumMethods]
"(Default)"="REG_SZ", "5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{61E7C4F0-2579-4C25-9189-8EC876B97ED1}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6464558C-D81D-4016-B90E-6782FDB9DCD0}]
"(Default)"="REG_SZ", "ICurrentState"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6464558C-D81D-4016-B90E-6782FDB9DCD0}\NumMethods]
"(Default)"="REG_SZ", "24"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6464558C-D81D-4016-B90E-6782FDB9DCD0}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{67D67055-EDB3-416B-9711-024AD839FB6A}]
"(Default)"="REG_SZ", "IAppVersion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{67D67055-EDB3-416B-9711-024AD839FB6A}\NumMethods]
"(Default)"="REG_SZ", "10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{67D67055-EDB3-416B-9711-024AD839FB6A}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A2683D1-57B4-484F-BF88-BC4F870CE703}]
"(Default)"="REG_SZ", "ICoCreateAsyncStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A2683D1-57B4-484F-BF88-BC4F870CE703}\NumMethods]
"(Default)"="REG_SZ", "10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A2683D1-57B4-484F-BF88-BC4F870CE703}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8147068D-4315-4688-8CBC-246B57265267}]
"(Default)"="REG_SZ", "IRegistrationUpdateHook"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8147068D-4315-4688-8CBC-246B57265267}\NumMethods]
"(Default)"="REG_SZ", "8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8147068D-4315-4688-8CBC-246B57265267}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{82892E3A-727E-4D86-B4D1-46063B58A0AA}]
"(Default)"="REG_SZ", "IAppBundleWeb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{82892E3A-727E-4D86-B4D1-46063B58A0AA}\NumMethods]
"(Default)"="REG_SZ", "24"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{82892E3A-727E-4D86-B4D1-46063B58A0AA}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DA2D086-7DE1-45F7-814A-514224A1CE22}]
"(Default)"="REG_SZ", "IAppBundle"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DA2D086-7DE1-45F7-814A-514224A1CE22}\NumMethods]
"(Default)"="REG_SZ", "39"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DA2D086-7DE1-45F7-814A-514224A1CE22}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92A86E90-3C97-44BF-94A1-C4BA65C93AFE}]
"(Default)"="REG_SZ", "IProgressWndEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92A86E90-3C97-44BF-94A1-C4BA65C93AFE}\NumMethods]
"(Default)"="REG_SZ", "9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92A86E90-3C97-44BF-94A1-C4BA65C93AFE}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9BC6F7DA-195B-4154-AA9D-E217F705D9B9}]
"(Default)"="REG_SZ", "IApp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9BC6F7DA-195B-4154-AA9D-E217F705D9B9}\NumMethods]
"(Default)"="REG_SZ", "44"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9BC6F7DA-195B-4154-AA9D-E217F705D9B9}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AD457CF1-7331-4A05-BC9A-EF24E99E5CCE}]
"(Default)"="REG_SZ", "IAppWeb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AD457CF1-7331-4A05-BC9A-EF24E99E5CCE}\NumMethods]
"(Default)"="REG_SZ", "14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AD457CF1-7331-4A05-BC9A-EF24E99E5CCE}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFC41141-AC68-4D20-B4FE-A8D6C18731F6}]
"(Default)"="REG_SZ", "IBrowserHttpRequest2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFC41141-AC68-4D20-B4FE-A8D6C18731F6}\NumMethods]
"(Default)"="REG_SZ", "4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AFC41141-AC68-4D20-B4FE-A8D6C18731F6}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4A19F2F-B72B-49D5-B72A-081B1E53D04C}]
"(Default)"="REG_SZ", "ICredentialDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4A19F2F-B72B-49D5-B72A-081B1E53D04C}\NumMethods]
"(Default)"="REG_SZ", "4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4A19F2F-B72B-49D5-B72A-081B1E53D04C}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D263ED30-CDED-4834-BEB9-75CBCE761A3A}]
"(Default)"="REG_SZ", "IProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D263ED30-CDED-4834-BEB9-75CBCE761A3A}\NumMethods]
"(Default)"="REG_SZ", "6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D263ED30-CDED-4834-BEB9-75CBCE761A3A}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DED54547-5E5E-402A-83A9-14F5D3DE3B8D}]
"(Default)"="REG_SZ", "IDuuquUpdate3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DED54547-5E5E-402A-83A9-14F5D3DE3B8D}\NumMethods]
"(Default)"="REG_SZ", "10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DED54547-5E5E-402A-83A9-14F5D3DE3B8D}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update]
"MsiStubRun"="REG_DWORD", 0
"path"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe"
"version"="REG_SZ", "1.3.37.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"name"="REG_SZ", "Duuqu Update"
"pv"="REG_SZ", "1.3.37.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\Clients\{AC14D5E8-02B7-4849-B31E-35E81F72D121}]
"name"="REG_SZ", "FrameFox Shop"
"pv"="REG_SZ", "2.0.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"brand"="REG_SZ", "DQLS"
"campaign"="REG_SZ", "2"
"InstallTime"="REG_DWORD", 1448440725
"pv"="REG_SZ", "1.3.37.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\ClientState\{AC14D5E8-02B7-4849-B31E-35E81F72D121}]
"brand"="REG_SZ", "DQLS"
"campaign"="REG_SZ", "2"
"InstallTime"="REG_DWORD", 1448440726
"lang"="REG_SZ", "en"
"LastCheckSuccess"="REG_DWORD", 1448440758
"pv"="REG_SZ", "2.0.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\ClientStateMedium\{AC14D5E8-02B7-4849-B31E-35E81F72D121}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Duuqu\Update\network\secure]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FrameFox\FrameFox Shop]
"version"="REG_SZ", "2.0.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FrameFox Shop"="REG_SZ", "C:\Program Files (x86)\FrameFox\framefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{010BE806-614F-48F2-B83A-29DF45E6AC7D}]
"AuthorizedCDFPrefix"="REG_SZ", ""
"Comments"="REG_SZ", ""
"Contact"="REG_SZ", ""
"DisplayName"="REG_SZ", "FrameFox Shop 2.0.0.0"
"DisplayVersion"="REG_SZ", "2.0.0.0"
"EstimatedSize"="REG_DWORD", 295
"HelpLink"="REG_SZ", ""
"HelpTelephone"="REG_SZ", ""
"InstallDate"="REG_SZ", "20151125"
"InstallLocation"="REG_SZ", ""
"InstallSource"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\Install\{65A43C9E-56BA-4251-A071-74EFE8C44416}\"
"Language"="REG_DWORD", 1033
"ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /X{010BE806-614F-48F2-B83A-29DF45E6AC7D}"
"NoModify"="REG_DWORD", 1
"Publisher"="REG_SZ", "The Team"
"Readme"="REG_SZ", ""
"Size"="REG_SZ", ""
"UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /X{010BE806-614F-48F2-B83A-29DF45E6AC7D}"
"URLInfoAbout"="REG_SZ", ""
"URLUpdateInfo"="REG_SZ", ""
"Version"="REG_DWORD", 33554432
"VersionMajor"="REG_DWORD", 2
"VersionMinor"="REG_DWORD", 0
"WindowsInstaller"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"AuthorizedCDFPrefix"="REG_SZ", ""
"Comments"="REG_SZ", ""
"Contact"="REG_SZ", ""
"DisplayName"="REG_SZ", "Duuqu Update Helper"
"DisplayVersion"="REG_SZ", "1.3.37.0"
"EstimatedSize"="REG_DWORD", 45
"HelpLink"="REG_SZ", ""
"HelpTelephone"="REG_SZ", ""
"InstallDate"="REG_SZ", "20151125"
"InstallLocation"="REG_SZ", ""
"InstallSource"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\"
"Language"="REG_DWORD", 1033
"ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
"Publisher"="REG_SZ", "Duuqu Group"
"Readme"="REG_SZ", ""
"Size"="REG_SZ", ""
"SystemComponent"="REG_DWORD", 1
"UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
"URLInfoAbout"="REG_SZ", ""
"URLUpdateInfo"="REG_SZ", ""
"Version"="REG_DWORD", 16973861
"VersionMajor"="REG_DWORD", 1
"VersionMinor"="REG_DWORD", 3
"WindowsInstaller"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=3]
"Description"="REG_SZ", "Duuqu Update"
"Path"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll"
"ProductName"="REG_SZ", "Duuqu Update"
"Vendor"="REG_SZ", "Duuqu Group"
"Version"="REG_SZ", "3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=3\MimeTypes\application/x-vnd.duuqu.update3webcontrol.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=9]
"Description"="REG_SZ", "Duuqu Update"
"Path"="REG_SZ", "C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll"
"ProductName"="REG_SZ", "Duuqu Update"
"Vendor"="REG_SZ", "Duuqu Group"
"Version"="REG_SZ", "9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@www.duuqu.com/omaha/tools//Duuqu Update;version=9\MimeTypes\application/x-vnd.duuqu.oneclickctrl.9]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dqupdate]
"DelayedAutostart"="REG_DWORD", 1
"DependOnService"="REG_MULTI_SZ, "RPCSS "
"Description"="REG_SZ", "Keeps your Duuqu software up to date. If this service is disabled or stopped, your Duuqu software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Duuqu software using it."
"DisplayName"="REG_SZ", "Duuqu Update Service (dqupdate)"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe /svc"
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 16
"WOW64"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dqupdatem]
"DelayedAutostart"="REG_DWORD", 1
"DependOnService"="REG_MULTI_SZ, "RPCSS "
"Description"="REG_SZ", "Keeps your Duuqu software up to date. If this service is disabled or stopped, your Duuqu software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Duuqu software using it."
"DisplayName"="REG_SZ", "Duuqu Update Service (dqupdatem)"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe /medsvc"
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 3
"Type"="REG_DWORD", 16
"WOW64"="REG_DWORD", 1
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 25/11/2015
Scan Time: 13:10
Logfile: mbamFrameFoxShop.txt
Administrator: Yes
Version: 2.2.0.1020
Malware Database: v2015.11.25.03
Rootkit Database: v2015.11.23.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309976
Time Elapsed: 5 min, 4 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\framefox.exe, 2748, Delete-on-Reboot, [2314740ef59626108206453bb44fb14f]
Modules: 0
(No malicious items detected)
Registry Keys: 91
PUP.Optional.Duuqu, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dqupdate, Quarantined, [a7908ff3bad1ea4c319114149e6321df],
PUP.Optional.Duuqu, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dqupdatem, Quarantined, [a7908ff3bad1ea4c319114149e6321df],
PUP.Optional.Duuqu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DUUQUUPDATE.EXE, Quarantined, [a7908ff3bad1ea4c319114149e6321df],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DUUQUUPDATE.EXE, Quarantined, [a7908ff3bad1ea4c319114149e6321df],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\Duuqu.OneClickCtrl.9, Quarantined, [a1969ce6f398b0865ec8ccb19d66827e],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\Duuqu.OneClickProcessLauncherMachine, Quarantined, [e84f3e44bccf43f363c34a3345bed52b],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\Duuqu.OneClickProcessLauncherMachine.1.0, Quarantined, [3cfb087ae6a5b5817caa314cf2117d83],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoCreateAsync, Quarantined, [ae899ae8abe0ab8ba285a5d8f211659b],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoCreateAsync.1.0, Quarantined, [df581969187360d67cab2c5162a1d12f],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoreClass, Quarantined, [46f16022ddae79bdad7a9ce17a89ba46],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoreClass.1, Quarantined, [989fbfc3f19a71c581a691ecf40fb44c],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoreMachineClass, Quarantined, [0532d0b24a4161d51611552840c3ad53],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CoreMachineClass.1, Quarantined, [63d4dda51b7041f50621b6c7956e5ea2],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CredentialDialogMachine, Quarantined, [ec4ba3df2b60231384a3d4a97b8838c8],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.CredentialDialogMachine.1.0, Quarantined, [59de146e573491a5ca5db3ca19eaf709],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassMachine, Quarantined, [41f6087ac3c8122472b5522bc43f8c74],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [0433354dc4c70f272205423b986b966a],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassMachineFallback, Quarantined, [10271c667e0db284c16680fd9d6613ed],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [50e72e542467be7815129de02bd827d9],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassSvc, Quarantined, [ba7d4e34f794a5918d9a601d9c6757a9],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [bb7c384a038893a373b40578aa59ae52],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.ProcessLauncher, Quarantined, [23144240a8e33bfb899e6a134fb47a86],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.ProcessLauncher.1.0, Quarantined, [033421616e1dbe7857d06f0e20e3fb05],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3COMClassService, Quarantined, [3bfc245e6625ce688b9c85f8aa5938c8],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3COMClassService.1.0, Quarantined, [83b4b0d2701bd85e50d70d700102da26],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebMachine, Quarantined, [3afd79099deee0565acd2459ea197987],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebMachine.1.0, Quarantined, [c96e6f13583379bdc85f90ed2ed549b7],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebMachineFallback, Quarantined, [ab8c037f6a2192a4df487607887b966a],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebMachineFallback.1.0, Quarantined, [c176c6bc008b46f06cbb324b2ad99070],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebSvc, Quarantined, [7abd12704744f24487a0a9d47a891ee2],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\DuuquUpdate.Update3WebSvc.1.0, Quarantined, [9b9c2c5647447bbbe83fc8b51ae947b9],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\APPID\DuuquUpdate.exe, Quarantined, [1c1bbbc7612a0531bc69d0ad1de62ed2],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.oneclickctrl.9, Quarantined, [ae896d15eba0f1453deb3a434bb808f8],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.update3webcontrol.3, Quarantined, [5ed96f134843c96dea3ec6b75ca7dc24],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DuuquUpdate.exe, Quarantined, [48efbbc7a6e566d0cc5987f606fd39c7],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.oneclickctrl.9, Quarantined, [60d7a6dcc2c991a5f83097e6cf34629e],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.update3webcontrol.3, Quarantined, [b780344e018ad165d3557d00e41f38c8],
PUP.Optional.Duuqu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DuuquUpdateTaskMachineCore, Delete-on-Reboot, [4ee95929434840f687a46a13db28eb15],
PUP.Optional.Duuqu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DuuquUpdateTaskMachineUA, Delete-on-Reboot, [ef48275b4e3d3600f9335924bb48d030],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\Duuqu, Quarantined, [bb7c255dd9b2d75f1218a5d8937019e7],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Duuqu.OneClickCtrl.9, Quarantined, [b483c1c13c4f979f9690235ad62db44c],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Duuqu.OneClickProcessLauncherMachine, Quarantined, [78bfe0a20a817db90c1a96e759aa24dc],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Duuqu.OneClickProcessLauncherMachine.1.0, Quarantined, [b582ccb6a1ea6bcb67bf27565aa9f40c],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoCreateAsync, Quarantined, [82b512708506d75fe24516675ba80ef2],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoCreateAsync.1.0, Quarantined, [91a67210197237ff82a534499271b749],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoreClass, Quarantined, [082f8002b0db3303c95e2f4ed92a26da],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoreClass.1, Quarantined, [41f6d6acc9c2d06648df225bec17bb45],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoreMachineClass, Quarantined, [a3944939246738fe37f01e5f986b14ec],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CoreMachineClass.1, Quarantined, [d85fa7db8cffb68049de87f6699a9c64],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CredentialDialogMachine, Quarantined, [0f284b3708839c9a899e4f2eb44fd22e],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.CredentialDialogMachine.1.0, Quarantined, [ca6d8af8107bda5cfa2d3b42778ccd33],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassMachine, Quarantined, [c07784fe068525114addb6c76f940ff1],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [06318cf6b0db5adc45e2afce2fd420e0],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassMachineFallback, Quarantined, [82b52a58cfbc6cca53d45c21f40f956b],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [67d08ef473189f972afdf786cb3813ed],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassSvc, Quarantined, [77c0e89a3853c86e3dea027b2dd68977],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [30074f3393f80c2a80a7b6c745be15eb],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.ProcessLauncher, Quarantined, [fb3c50320289b28471b6126b2ad9c739],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.ProcessLauncher.1.0, Quarantined, [d85fd2b05338290dde49502d768d0ef2],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3COMClassService, Quarantined, [49ee22606b20d0668d9a2a5317ec6b95],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3COMClassService.1.0, Quarantined, [7dbad9a94942a4924fd8b6c7bb48659b],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebMachine, Quarantined, [41f64b378902a78f5ec987f6d132ec14],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebMachine.1.0, Quarantined, [d1661171bccf57dfad7a106d927128d8],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebMachineFallback, Quarantined, [0a2d235fdab1f244cb5ca2db1ae9ec14],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebMachineFallback.1.0, Quarantined, [1126cfb3414aa393f82f403d48bb02fe],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebSvc, Quarantined, [61d6fa8848438ea8fb2c0974ae55649c],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DuuquUpdate.Update3WebSvc.1.0, Quarantined, [59de8df5365574c292957706986b649c],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DuuquUpdate.exe, Quarantined, [55e222602b608babff264b32bb4801ff],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.oneclickctrl.9, Quarantined, [fc3bb2d0b3d8ce6831f7d7a66f94ce32],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MIME\DATABASE\CONTENT TYPE\application/x-vnd.duuqu.update3webcontrol.3, Quarantined, [8ea9f989d9b2ba7ca97fafce3dc6bc44],
PUP.Optional.FrameFox, HKLM\SOFTWARE\WOW6432NODE\FRAMEFOX\FrameFox Shop, Quarantined, [f542e9999fec9d99c7dab9332ad9cc34],
PUP.Optional.FrameFox, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{010BE806-614F-48F2-B83A-29DF45E6AC7D}, Quarantined, [83b4e2a0ccbfd561dec4509ce61d16ea],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@www.duuqu.com/omaha/tools//Duuqu Update;version=3, Quarantined, [f047b9c9a4e70234fc31423b0ef5e41c],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@www.duuqu.com/omaha/tools//Duuqu Update;version=9, Quarantined, [ba7d59292c5fea4c65c8c9b4cf34619f],
PUP.Optional.Duuqu, HKCU\SOFTWARE\Duuqu, Quarantined, [76c12f53d1ba15210b1e7effe122f010],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Duuqu.OneClickCtrl.9, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{02C5B62D-AC28-4C96-AED9-1B1CBC5E73F5}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\Duuqu.Update3WebControl.3, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Duuqu.Update3WebControl.3, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Duuqu.Update3WebControl.3, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B47AD5D8-9D04-4F7B-8776-35EA5892F138}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B00F7CE0-B83A-47D7-86A3-BBEF4C0C619C}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E99EA3EA-C92C-434B-B83D-74CDB4F8613C}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
Registry Values: 1
PUP.Optional.FrameFox, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FrameFox Shop, C:\Program Files (x86)\FrameFox\framefox.exe, Quarantined, [2314740ef59626108206453bb44fb14f]
Registry Data: 0
(No malicious items detected)
Folders: 40
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox, Delete-on-Reboot, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\chrome, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\chrome\content, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales\en_GB, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales\en_US, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\chrome, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\chrome\content, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome\content, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.Duuqu, C:\Users\{username}\AppData\Local\Duuqu, Quarantined, [ed4a334f2d5e3204d349afc53bc7748c],
PUP.Optional.Duuqu, C:\Users\{username}\AppData\Local\Duuqu\CrashReports, Quarantined, [ed4a334f2d5e3204d349afc53bc7748c],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\CrashReports, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Download, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Download\{AC14D5E8-02B7-4849-B31E-35E81F72D121}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Download\{AC14D5E8-02B7-4849-B31E-35E81F72D121}\2.0.0.0, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Install, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Install\{8D339F9E-EF5B-4C6A-967F-8F02B4A38BE6}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Offline, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Offline\{C2EFC4A3-840A-4077-BD62-B4B357D8202B}, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome\content, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\chrome, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\chrome\content, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales\en_GB, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales\en_US, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
Files: 62
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe, Quarantined, [a7908ff3bad1ea4c319114149e6321df],
PUP.Optional.Duuqu, C:\Users\{username}\Desktop\FrameFoxShopSetup.exe, Quarantined, [2f08235fd6b57fb741812afe0001817f],
PUP.Optional.Duuqu, C:\Windows\System32\Tasks\DuuquUpdateTaskMachineCore, Quarantined, [4dea7c064348ae88f22f1b6204ff3fc1],
PUP.Optional.Duuqu, C:\Windows\System32\Tasks\DuuquUpdateTaskMachineUA, Quarantined, [0433b8ca79126fc7c35fe895da292ad6],
PUP.Optional.Duuqu, C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job, Quarantined, [3ff80280a8e3999dfd262459fe053cc4],
PUP.Optional.Duuqu, C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job, Quarantined, [003789f94744e45262c2c5b8996a43bd],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\README.txt, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\COPYING, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\framefox.exe, Delete-on-Reboot, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\LICENSE.txt, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\PRIVACY.txt, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\background.html, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\background.js, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\bootstrap.js, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\icon128.png, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\icon16.png, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\icon48.png, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\chrome\content\content.js, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales\en_GB\messages.json, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\GoogleChrome\Source\_locales\en_US\messages.json, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MicrosoftInternetExplorer\Source\chrome\content\content.js, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\manifest.json, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\bootstrap.js, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome.manifest, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\icon.png, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\icon64.png, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\install.rdf, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.FrameFox, C:\Program Files (x86)\FrameFox\Extensions\MozillaFirefox\Source\chrome\content\content.js, Quarantined, [2314740ef59626108206453bb44fb14f],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquCrashHandler.exe, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdate.exe, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateBroker.exe, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateHelper.msi, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\DuuquUpdateOnDemand.exe, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdate.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\goopdateres_en.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psmachine.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\1.3.37.0\psuser.dll, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Download\{AC14D5E8-02B7-4849-B31E-35E81F72D121}\2.0.0.0\{F5D802A2-C293-4973-956C-E28C5A2391FB}.msi, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Install\{8D339F9E-EF5B-4C6A-967F-8F02B4A38BE6}\{F5D802A2-C293-4973-956C-E28C5A2391FB}.msi, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.Duuqu, C:\Program Files (x86)\Duuqu\Update\Install\{8D339F9E-EF5B-4C6A-967F-8F02B4A38BE6}\{F5D802A2-C293-4973-956C-E28C5A2391FB}.msi.log, Quarantined, [72c58df50d7eda5c72abd89c03ff1ae6],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\bootstrap.js, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome.manifest, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\icon.png, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\icon64.png, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\install.rdf, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\8C033D1B-0514-492c-A44B-6D802CC25673@jetpack\chrome\content\content.js, Quarantined, [1b1cbdc5c6c50e28c203791941c105fb],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\background.html, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\background.js, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\bootstrap.js, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\icon128.png, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\icon16.png, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\icon48.png, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\manifest.json, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\chrome\content\content.js, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales\en_GB\messages.json, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUP.Optional.FrameFox.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojddnfeomepaknnacagpkghdobipmccd\2.0.0.0_0\_locales\en_US\messages.json, Quarantined, [ec4bd1b13e4d75c1b3136929966cf40c],
PUM.FireFoxSecurityOverride, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Quarantined, [1c1bdca6751681b50f3ed2bfcb399e62],
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
