Trojan.Crossrider.27708

Technical Information

To ensure autorun and distribution:

Creates or modifies the following files:

%WINDIR%\Tasks\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-1.job
%WINDIR%\Tasks\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-4.job
%WINDIR%\Tasks\temp_592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-2.job
%WINDIR%\Tasks\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-2.job
%WINDIR%\Tasks\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-11.job
%WINDIR%\Tasks\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-3.job
%WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
%WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job

Creates the following services:

[<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'

Malicious functions:

Creates and executes the following:

'%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-4.exe' /cCZMfeSA /EULsgStB='video MediaPlay-Air' /RanEoJ='%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd.xpi' /qZerxEp=59599 /LAGNHump='001673' /zlGDEpa='0' /HVzXtNy='0' /ggHcsUA=9882E1FC6AF44CE0B6AAAD68B1D6481BIE /aMfofmGBR=977542288c33914ce1275242064af847 /ZYSIh=1_34_07_01 /UfsKgx=1.34.7.1 /oPfzFlAg=1409175934 /HVFDO=http://st###.#enstatsnet.com /aSYWFrS=http://er####.genstatsnet.com /EiEqtOy=300 /pwecmz=ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com /QLZumaMwy=0.95 /zZXXloF=aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599 /zorOFLDxT=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/59599.rdf /aAiVVgDmZ='video MediaPlay-Air' /qPdhclo='MediaPlayerEnhance Extension' /eVbrN='enter' /INsFsII=ie /TGNMdcyOR='{"asw":[0, 0, 0]}' /JTyUet /cSPRk /lDxORFfy /zYPeaB='http://up####.genstatsnet.com/ff_agent_updates/{CAMP_ID}/update.json' /qCZTfVD /GhMcgT='installer' /zbHxiQt='%TEMP%\video MediaPlay-AirInstaller_1409175934.log'
'%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /svc
'%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /handoff "appguid={31f4c0d1-dc1f-4f0d-b1cc-eaab2aefedeb}&appname=36ab9fb7-1289-4d38-98b3-77b1812eb540&needsadmin=True&lang=en" /installsource otherinstallcmd /sessionid "{95665EDE-6A32-42B1-9B17-CEFC7EA724D9}" /silent
'%PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-codedownloader.exe' /ealWDDZL /EULsgStB='video MediaPlay-Air' /qZerxEp=59599 /LAGNHump='001673' /zlGDEpa='0' /HVzXtNy='0' /ggHcsUA=9882E1FC6AF44CE0B6AAAD68B1D6481BIE /aMfofmGBR=977542288c33914ce1275242064af847 /ZYSIh=1_34_07_01 /UfsKgx=1.34.7.1 /oPfzFlAg=1409175934 /HVFDO=http://st###.#enstatsnet.com /aSYWFrS=http://er####.genstatsnet.com /AhPGcayf=http://js.###statsnet.com /INsFsII=ie /xzZla='video MediaPlay-Air' /CuesV=http://js.####ntdemocloud.com /JTyUet /TGNMdcyOR='{"asw":[0, 0, 0]}' /GhMcgT=installer /zbHxiQt='%TEMP%\video MediaPlay-AirInstaller_1409175934.log' /ZONSSq='file://%TEMP%\nsm6.tmp\extensionData'
'%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-2.exe' /jspKGKwKB /EULsgStB='video MediaPlay-Air' /qZerxEp=59599 /LAGNHump='001673' /zlGDEpa='0' /HVzXtNy='0' /ggHcsUA=9882E1FC6AF44CE0B6AAAD68B1D6481BIE /aMfofmGBR=977542288c33914ce1275242064af847 /ZYSIh=1_34_07_01 /oPfzFlAg=1409175934 /HVFDO=http://st###.#enstatsnet.com /aSYWFrS=http://er####.genstatsnet.com /JwbBPdbM=11111111-1111-1111-1111-110511951199 /INsFsII=ie /NDWdk /JTyUet /zYPeaB='http://up####.genstatsnet.com/ie_enable_agent_updates/{CAMP_ID}/update.json' /GhMcgT='installer' /zbHxiQt='%TEMP%\video MediaPlay-AirInstaller_1409175934.log'
'%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5NTY2NUVERS02QTMyLTQyQjEtOUIxNy1DRUZDN0VBNzI0RDl9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezU5Q0IyNzFGLUYyNzMtNDgxNS05REI0LUU5OENDMzRFNjBEMn0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezMxRjRDMEQxLURDMUYtNEYwRC1CMUNDLUVBQUIyQUVGRURFQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMTA3Mjg5Njc2MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg==
'%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins5NTY2NUVERS02QTMyLTQyQjEtOUIxNy1DRUZDN0VBNzI0RDl9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezU3MzgxNTFFLTg3ODAtNDk3Qi1BQzlFLTg4RTA1MjE2NkU3OH0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48L2FwcD48L3JlcXVlc3Q-
'%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-3.exe' /QarKDhFPz=FKkqqjf5ze1W/zd+MPrLjSAb6Cr/mNBZlPm6cT7LZXhVIlEEofDoxFNcBSAIfxkkiTY/5/dUIUmVzOj/RZfm4H2J8T+PGbEEZkJ+ll4gRf3mXUCvY8ZrLWSqSL4ZkbTTTJ4ccgmWmbBTnykTzLsmVqnFircfJCBAa3fSLtfVEoKgztt+CDYZZlyRPn6xgcNJniSgGvYbmb3+ZCfKbaAeFs+n00sMLozFeGzRIg7Q2BB6k2mDM3wt73njdVKu28eRp7Z32+dhXn6RnJiQqpapB6yWVcakuh0mdnMK6mvRJQFLYtbfpgvCxYQ29yjcmsNgtmrufGlSfnxUYo5Uf9zjroMbn9HIItSx7m5r6bMKVrnbCBwQKnUoSYvmzTZDF87Cco8P2VJCs/uDMG4xdtY2sasfp/k8/jwtzfmBq9PnxpXf80kOIhq7ZhGMLM2HN7IbT5OkPomlbeSw48Xa3Qn4AHOLSUx/kYWCixh4FpybPw0QoohAoiQPaHC5xOk5bAQES8lNb3fv65qt4bggkUxUyscuOt2a4COHb1OBU/+Z+Dtcd2Kh/VXh2xypdQdLIyUOu5ZQ3gxUOABKnzxQL2+EiAKK4e01YZ05Okslmaoodrwt2qmsa7wtskbkRVbVf7EnTi2WFDvM+0wAPi9zU/usiFyoYzy2rqw0LZJRYFPpTciZXqNS/qTPFhku4ao3Ne4MSPmp7XLU8Juq7Lg9OfmPsuOxwWf4kidEPz70bJ0oKuwrurQRDEIu5AobBpOqDXL+6boYk9+uRHTyeBlZCYwzJXiXI3j/Id2+W+kBHnt3D+J/jnwTIz7MMObRsz0jU4jmtBWl9JRWc1iPp/60ehp5ERXCFM8KnaWcXLQirjSLeVtxblA4dFekRJ9LjOri39RFEL1wBkIWg4Et0ncLZ8q4pknshppKFZmC+OuTL/gg/XS2h9Wg5HZtT81qn9E7+umWX8XS6KhiwY5VuBVlPvLV0evl7+6y/ADqYuyx3WMoni6BPhhHwIIzpK4pZkaH68/ZZ/lC6bScAJvm6IENIC6x1zSpsPeqFqmxlWlGI0UdhjIFHOHIhNlL4tZvKuPWvjv4usbY+w0KVIvFaMN1bCLPJ7cqLulu/PuI02A8egsXCdJgA5NICb7aIrcIHllMrD7s4H2bfwXWYXr69M3dnS85g4XyEn7AnzOw9usX0c5+iMpNZlkxwSzdKz7AMnfHpsg3xqCxQZTFa4FLwdiw0CgD13/jhXxUVKpH4xF+FKyZ7y7cgNS3VvVunCtqCHnBAHIHfuJkkJF+tbPudMkrwYS68Qx+tGWhU1DbBfeGpSAuk2qrFS1cPWvshGrZdkG6g9oTayjVr0ZxnqCvTzh5L4UAkBrsoUN6N/5ObrTNBjOPDri9vIrHTcZB83H//78khYQSw53tNeQYTlia9bkM36kc4NeqUQ3QK2eXATP9YNjaZrFDnKGJeYOrS1qy+CjyzPrEv06/LkNCaGVr91kR49WWOsu+BcYcly2n9BoqGur/3/Eous0B5NExzccd9S9pSjSy
'%TEMP%\comh.473494\GoogleUpdate.exe' /silent /install "appguid={31f4c0d1-dc1f-4f0d-b1cc-eaab2aefedeb}&appname=36ab9fb7-1289-4d38-98b3-77b1812eb540&needsadmin=True&lang=en"
'%TEMP%\nsu3.tmp\Zkqhzx.exe'
'%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regserver
'%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-11.exe' /QarKDhFPz=tKX0XKx5qexd7qgEvoSu4tdu8KE9WXHG6zbJuztXGH43Z2r9iiiAyJfqLCyR/i6Q7WPYuMCe4WpDD/xxist/M83B8b82eyVYveL4RFOpCWAL9GrB68KYF3Ok5V7R9robPTtD5uwHtDTRceE8PB8g2vFKIQp4wGDeIZIzhWSe6kILTLtIREP7XoV5kPUEokl7rzuPGncgJjw1UTteCmPU1j/y0TfyDKiTJXRLYdwYf3/WI8qD6Zt9g+mtdcjt1X4xbM0lBH9XFARdBkL1M435+Q6bewO/uidS/lLsiDrRth3n+lPrctHBSrjJ23aBn6q5EXXv1f/iTxjnLM3JHxc9zT5Iko4oj/VNSTjl7o1gozPTxo4rx3J0i9ApuLEmMx6JHxFHTSpunuzu6NCnFMYO6hX/PKe7nVN0KOxPJeJnHLx510CicLgv+X2jz+1qhMslcFHW3d+s/BvnjkEZOfjh5uaVCynwr0LfBj7pNr9oxCgUo5J5onYrZSyncOcNW2NlV2p7FGC715ppzBOAejWUeoBCc3p6xKub/CzCgnFPq5T2SlTd5XCKVCGbmH1wt3kpdfAfbMq7v8+i9CkyG/KyyruiCRISJ1CguSbAGRgmFZIL5pb7xt5VmBwRnqrN2nd5BUUPa6cJ2JLFZ53kU9Hi8xRfdbYlpU/hhtNVrc237wZH5hJwDpP9sO0fHYaJsHQDUlZxk1Ab9YKnn1aQw9qo4MCdOlhOjRbRW21lKGZKq0e6DUa5uXvyYibbAko5Lt7SmJ8g4N1LLa+xRnebhYfjjkv6uAffsAEIEqEoencaQ7Mkdj6ffjFnJP9jmix6HhrBoYHXHrfs2HbGdcXhdajzOse2ZUAX+frCr6fptEuBwR1qw3jzoI4GGP0DXrJL5dQKIG7ZwXJod9yNN2Mics9GTU4V1IADfm8tyG3KO7+M9hUq1xR/mLTSpGPWuEMpFFNRAaDMzE1dvGEo/gFLdXzWMYmgdljac18hR96WBbrvnap8FehVOMKaoQkNPc1ZWBR6i9MyyuwA43diupu0hWmLOi9OC2bDJzTitP2lBnuZAbB6UdCWCSDw6Xh1IYQ1w5nYkzWwbpNeCm3n+2/oHa4OH9rtHSfV8/Awam0Y6pAdnv2njri7H9vIzUhLoeQo8doAJUuUPnDCCK0QxTe+Vn3ml/A4FVlQCauP9q9GKCcYIxVcmd912h5ln3VRqOXj2oDSx17o4h/xtr7GG+MXzyi9TsY2adb2LQaNtjT+Kw/GSkycz58Wq2PHezTY8OEz4Te7iKe9MUBozTJVM/IwPOLAvArpfnBGkJx0dSuWRvSj77RmKc9C5f5QBkbburdrrYE9mPbeC+jMlYJiRGA6hi6s6xdmYZykx9U5Aebw0AJCrPb4ftiV9hy8jFYNWXmIufXYGG/P96zYJr02RBaSuhrwrJbeN+cNbfRVJVKMBbtbXgt7Y1XMJsVnGogOl7NxYp9HnW6QPUshaEM4gtOso5X7QTcg29/wnYH6Cp1Frvst2NkUlZpzkwfMGrtxn9j2BW0yHoOc498CdId6Pf4ngN9MpckPG0rFQl7Hfw5BS1gNftWL3Jot1Fos9rrwC4jHuD1gnNPAwOB7M9MQZCPa70rH4IlCQptRWx0I+FTn9hTl4g5i++LaT3nIPYjlwUc9L759EVZBLrkPcP7BQdN28YcCpIDxtm4hLd2uoozCV9RIUgYj5jo3ixp7yBUPxKSWuJ/eQyN7gqgK770370BD1XWPbMG87Pys6lNY5ZxCbH6GLWl8IV/sBGLez6sp/Q6fvO5Cuu51oVpYCcvHCFTH4pCb4Rer454o+N2nhiYCq2kRXt2K1fxcsraE4ZvN31sOUBB3kISjA4tIbDMetzgmdpK7kQ==
'%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc

Executes the following:

'<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-bho.dll"
'<SYSTEM32>\msiexec.exe' /V

Terminates or attempts to terminate

the following user processes:

chrome.exe
opera.exe
iexplore.exe
firefox.exe

Modifies file system :

Creates the following files:

%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\8c32516467253dda1fcfec46d0461fc5.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\3682dfe4050daa195682e2a02f0eef51.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\7bad579d6da88e1aee461730f7de8a88.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\a02d7e7bc1ae943eb002cb5607af26ee.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\update.css
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\popup.html
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\icon48.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\cfbf7c07b57f85cc79bf5e7b304c9cd3.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\9438a72944538980a9368b9b3289add6.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\fc2a630ac973c9943df09d64e0703536.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\e7de8ffb77231ba67deceed408203e77.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\108a7e0350e3c2b36d934ef7d4a65513.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\ac6fc53148688aa7d63067d7cd7702a8.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\132e4249c60daa63541a593d084acb5c.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button2.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button4.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\crossrider_statusbar.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\icon128.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
%TEMP%\nsm6.tmp\extensionData\plugins\1.js
%TEMP%\nsm6.tmp\extensionData\plugins.json
%TEMP%\nsm6.tmp\extensionData\manifest.xml
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\icon24.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\skin.css
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button5.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button3.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\panelarrow-up.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\icon16.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\skin\button1.png
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\d4f919de8bc9d1370e86e70114c1dc5d.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\da1cc974f7d9d871171e4ac15405deb6.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\d37b243b11b361f138a6fd93237694b1.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\b4060c3bd5e10339ff02058da4b4d65c.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\installer.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\8a9058a59125f94edc149c7aab7f4608.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\e4110dbb63e7141fb4c3c0134f666698.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\browser.xul
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\options.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\search_dialog.xul
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\f1b7a8e13b0c8b49df8e5533142e2c2a.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\f4c2348320c88b9df46044b499b47031.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\2b8a5c97b0529c3c198de48d66e67225.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\aa95773dc64eab2aa0e44949ce250c29.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\de2f9674d18b4751222bfd3321988ad6.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\88dc102681c8c8cb58ed2c30ace6094c.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\a759c115d46d053b3963177971254157.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\7ffd4524405a9487b23237b79b34f1ef.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\5cae34cd23fefb147b0d360ca712e109.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\686e81541294adb4e487e955af16e638.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\66dc5baebb93a492eb43e808bd6581fb.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\api\1aafa9bc288b1f5d398250d662d30eb4.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\908ad89bbc9ed124edcef121aaf43039.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\0873cc265abd2f9aa90f8c92d5971408.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\c89be9e318a728fcbc185f84277f1053.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\d1845fd4552729ed4cce99cf15fa224d.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\59702d0da1def158d1882e3feaec1bef.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\538a43e450edb72923c83b680051557e.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\core\1c0a411e4c7b4c4d2b683ae04bbb89d0.js
%TEMP%\nsm6.tmp\extensionData\plugins\102.js
%TEMP%\nsm6.tmp\extensionData\plugins\43.js
%TEMP%\nsm6.tmp\extensionData\plugins\42.js
%TEMP%\nsm6.tmp\extensionData\plugins\41.js
%TEMP%\nsm6.tmp\extensionData\plugins\44.js
%TEMP%\nsm6.tmp\extensionData\plugins\47.js
%TEMP%\nsm6.tmp\extensionData\plugins\46.js
%TEMP%\nsm6.tmp\extensionData\plugins\45.js
%TEMP%\nsm6.tmp\extensionData\plugins\37.js
%TEMP%\nsm6.tmp\extensionData\plugins\36.js
%TEMP%\nsm6.tmp\extensionData\plugins\35.js
%TEMP%\nsm6.tmp\extensionData\plugins\38.js
%TEMP%\nsm6.tmp\extensionData\plugins\40.js
%TEMP%\nsm6.tmp\extensionData\plugins\4.js
%TEMP%\nsm6.tmp\extensionData\plugins\39.js
%TEMP%\nsm6.tmp\extensionData\plugins\64.js
%PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-bho.dll
%TEMP%\nsm6.tmp\extensionData\userCode\extension.js
%TEMP%\nsm6.tmp\extensionData\userCode\background.js
%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-2.exe
%PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-codedownloader.exe
%PROGRAM_FILES%\video MediaPlay-Air\video MediaPlay-Air-bg.exe
%PROGRAM_FILES%\video MediaPlay-Air\background.html
%TEMP%\nsm6.tmp\extensionData\plugins\78.js
%TEMP%\nsm6.tmp\extensionData\plugins\72.js
%TEMP%\nsm6.tmp\extensionData\plugins\7.js
%TEMP%\nsm6.tmp\extensionData\plugins\9.js
%TEMP%\nsm6.tmp\extensionData\plugins\94.js
%TEMP%\nsm6.tmp\extensionData\plugins\93.js
%TEMP%\nsm6.tmp\extensionData\plugins\91.js
%TEMP%\nsm6.tmp\extensionData\plugins\193.js
%TEMP%\nsm6.tmp\extensionData\plugins\191.js
%TEMP%\nsm6.tmp\extensionData\plugins\184.js
%TEMP%\nsm6.tmp\extensionData\plugins\195.js
%TEMP%\nsm6.tmp\extensionData\plugins\21.js
%TEMP%\nsm6.tmp\extensionData\plugins\207.js
%TEMP%\nsm6.tmp\extensionData\plugins\2.js
%TEMP%\nsm6.tmp\extensionData\plugins\14.js
%TEMP%\nsm6.tmp\extensionData\plugins\13.js
%TEMP%\nsm6.tmp\extensionData\plugins\104.js
%TEMP%\nsm6.tmp\extensionData\plugins\17.js
%TEMP%\nsm6.tmp\extensionData\plugins\183.js
%TEMP%\nsm6.tmp\extensionData\plugins\182.js
%TEMP%\nsm6.tmp\extensionData\plugins\177.js
%TEMP%\nsm6.tmp\extensionData\plugins\211.js
%TEMP%\nsm6.tmp\extensionData\plugins\269.js
%TEMP%\nsm6.tmp\extensionData\plugins\263.js
%TEMP%\nsm6.tmp\extensionData\plugins\262.js
%TEMP%\nsm6.tmp\extensionData\plugins\28.js
%TEMP%\nsm6.tmp\extensionData\plugins\3.js
%TEMP%\nsm6.tmp\extensionData\plugins\287.js
%TEMP%\nsm6.tmp\extensionData\plugins\281.js
%TEMP%\nsm6.tmp\extensionData\plugins\221.js
%TEMP%\nsm6.tmp\extensionData\plugins\220.js
%TEMP%\nsm6.tmp\extensionData\plugins\22.js
%TEMP%\nsm6.tmp\extensionData\plugins\226.js
%TEMP%\nsm6.tmp\extensionData\plugins\246.js
%TEMP%\nsm6.tmp\extensionData\plugins\244.js
%TEMP%\nsm6.tmp\extensionData\plugins\242.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\05d3fd853180389fe8681050a96ac2e8.js
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
%TEMP%\nsm6.tmp\ExecDos.dll
%APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
%APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
%TEMP%\CabB.tmp
%TEMP%\Cab9.tmp
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
%APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
%APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-3.exe
%TEMP%\Cab7.tmp
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd.crx
%PROGRAM_FILES%\video MediaPlay-Air\af8b22f5-20be-48bf-8f51-b81b8a6224c7.crx
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
%WINDIR%\Installer\3e418.msi
C:\Config.Msi\3e41b.rbs
%WINDIR%\Installer\MSID.tmp
%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-11.exe
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
%PROGRAM_FILES%\video MediaPlay-Air\1293297481.mxaddon
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
%TEMP%\nsm6.tmp\inetc.dll
%TEMP%\nsm6.tmp\UserInfo.dll
%TEMP%\nsm6.tmp\md5dll.dll
%TEMP%\nsm6.tmp\update.json
%TEMP%\nsm6.tmp\336534
%PROGRAM_FILES%\video MediaPlay-Air\utils.exe
%TEMP%\nsm6.tmp\StdUtils.dll
%TEMP%\nsb5.tmp
%TEMP%\nsp2.tmp
%TEMP%\nsm6.tmp\System.dll
%TEMP%\nsm6.tmp\nsisos.dll
%TEMP%\nsm6.tmp\InstallerUtils2.dll
%TEMP%\nsm6.tmp\InstallerUtils.dll
%TEMP%\nsm6.tmp\140817
%TEMP%\comh.473494\psmachine.dll
%TEMP%\comh.473494\npGoogleUpdate4.dll
%TEMP%\comh.473494\goopdateres_en.dll
%TEMP%\comh.473494\psuser.dll
%PROGRAM_FILES%\video MediaPlay-Air\06e8b1af-454a-42eb-a850-43b7718a4038.crx
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
%PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
%TEMP%\comh.473494\GoogleUpdate.exe
%TEMP%\comh.473494\GoogleCrashHandler.exe
%PROGRAM_FILES%\video MediaPlay-Air\Uninstall.exe
%TEMP%\comh.473494\GoogleUpdateBroker.exe
%TEMP%\comh.473494\goopdate.dll
%TEMP%\comh.473494\GoogleUpdateOnDemand.exe
%TEMP%\comh.473494\GoogleUpdateHelper.msi
%TEMP%\MSI3ee87.LOG
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\72.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\191.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\64.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\184.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\78.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\102.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\193.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\22.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\263.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\177.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\246.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\287.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\220.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\262.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\17.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\d389c84d33a988704c24285bdec450f5.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\f63d75f47e36192e659f0a7b8bbb00e3.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\options.xul
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\d9b7237fc52ff6ed54ebd5a8e9289a25.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\ffCoreFilesIndex.txt
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\background.html
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\dialog.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\98.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\13.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\47.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\207.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome\content\d31d5800e86d7edf44ba60f118db2707.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\userCode\background.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\userCode\extension.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\28.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\183.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\manifest.xml
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\268.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\244.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\211.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\226.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\install.rdf
%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-4.exe
%PROGRAM_FILES%\video MediaPlay-Air\592705b5-59f9-4b16-9ad4-dbc3ca9c87dd.xpi
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\locale\en-US\translations.dtd
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins.json
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\chrome.manifest
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\defaults\preferences\prefs.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\221.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\195.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\1.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\7.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\182.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\14.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\104.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\9.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\91.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\16.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\93.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\242.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\21.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\4.js
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\281.js

Deletes the following files:

%WINDIR%\Installer\3e418.msi
C:\Config.Msi\3e41b.rbs
%WINDIR%\Installer\3e41a.ipi
%WINDIR%\Tasks\temp_592705b5-59f9-4b16-9ad4-dbc3ca9c87dd-2.job
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite-journal
%TEMP%\Cab7.tmp
%TEMP%\nsm6.tmp\140817
%TEMP%\Cab9.tmp
%WINDIR%\Installer\MSID.tmp
%TEMP%\CabB.tmp

Network activity:

Connects to:

'ts####.ws.symantec.com':80
'cr#.#hawte.com':80
'localhost':1047
'localhost':1053
'localhost':1048
'er####.genstatsnet.com':80
'up####.genstatsnet.com':80
'st###.#enstatsnet.com':80
'www.download.windowsupdate.com':80
'lo##.##nstatsnet.com':80

TCP:

HTTP GET requests:

up####.genstatsnet.com/omaha/31F4C0D1-DC1F-4F0D-B1CC-EAAB2AEFEDEB/1/update.xml?ra#######################################################################################################################################################################################
up####.genstatsnet.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?ra#######
ts####.ws.symantec.com/tss-ca-g2.crl
up####.genstatsnet.com/omaha/31F4C0D1-DC1F-4F0D-B1CC-EAAB2AEFEDEB/1/update.xml?ra#######
up####.genstatsnet.com/omaha/31F4C0D1-DC1F-4F0D-B1CC-EAAB2AEFEDEB/1/ping.xml?ra#####
up####.genstatsnet.com/omaha/31F4C0D1-DC1F-4F0D-B1CC-EAAB2AEFEDEB/1/ping.xml?ra#######
lo##.##nstatsnet.com/monetization.gif?ra#####################################################################################################################################################################
st###.#enstatsnet.com/installer.gif?ac####################################################################################################################################################################################################################################################################################################################################################################################################################################
er####.genstatsnet.com/installer-error.gif?ac########################################################################################################################################################################################################################################################################################################################################################################################################
up####.genstatsnet.com/installer_updates/001673/update.json
lo##.##nstatsnet.com/monetization.gif?ev######################################################################################################################################################################################################################################################################
cr#.#hawte.com/ThawteTimestampingCA.crl
www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt

UDP:

DNS ASK www.download.windowsupdate.com
DNS ASK cr#.#hawte.com
DNS ASK ts####.ws.symantec.com
DNS ASK lo##.##nstatsnet.com
DNS ASK up####.genstatsnet.com
DNS ASK er####.genstatsnet.com
DNS ASK st###.#enstatsnet.com

Miscellaneous:

Searches for the following windows:

ClassName: 'Shell_TrayWnd' WindowName: ''

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial