Metallica
-
Content count
1,956 -
Joined
-
Last visited
-
What is SearchApp? The Malwarebytes research team has determined that SearchApp is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one hijacks your Chrome search. How do I know if my computer is affected by SearchApp? You may see this entry in your list of Chrome extensions: and these warnings during install: this changed setting in Chrome: and you will see this icon in your Chrome menu bar: How did SearchApp get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was offered as a redirect by an adrotator. How do I remove SearchApp? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SearchApp? No, Malwarebytes removes SearchApp completely. You may have to remove the Extension manually under Tools > More Tools > Extensions. Click on the bin behind the SearchApp entry and confirm Remove in the prompt. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the SearchApp hijacker. It would have stopped you from being redirected to their site. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://www.blpsearch.com/search?sid=674&aid={APPID}&itype=u&src=ds&p={searchTerms}&tm=0 CHR DefaultSearchKeyword: Default -> BLPSearch CHR Extension: (SearchApp) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb [2017-10-20] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0 Adds the file Archive created by free jZip.url"="11/26/2013 11:21 AM, 58 bytes, A Adds the file manifest.json"="10/20/2017 9:14 AM, 1569 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\_metadata Adds the file computed_hashes.json"="10/20/2017 9:14 AM, 464 bytes, A Adds the file verified_contents.json"="7/27/2017 4:47 PM, 1789 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\icons Adds the file icon-128.png"="10/20/2017 9:14 AM, 8663 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\js Adds the file background.js"="7/27/2017 12:21 PM, 11045 bytes, A Adds the file brand.js"="7/27/2017 12:21 PM, 218 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "nflbbjfpebejdkcodllhcpobineppjpb"="REG_SZ", "0D729E0A8C5F8621C050C5518C3BECA115BF95984BAD5032E1B30DF45B146C73" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/20/17 Scan Time: 9:28 AM Log File: 409262f1-b568-11e7-90d3-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.212 Update Package Version: 1.0.3054 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330587 Threats Detected: 14 Threats Quarantined: 13 Time Elapsed: 1 min, 39 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\_metadata, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\icons, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\js, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NFLBBJFPEBEJDKCODLLHCPOBINEPPJPB\1.0.0.3280_0, Quarantined, [9103], [443081],1.0.3054 File: 9 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Removal Failed, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Preferences, Replaced, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NFLBBJFPEBEJDKCODLLHCPOBINEPPJPB\1.0.0.3280_0\JS\BRAND.JS, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\icons\icon-128.png, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\js\background.js, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\_metadata\computed_hashes.json, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\_metadata\verified_contents.json, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\Archive created by free jZip.url, Quarantined, [9103], [443081],1.0.3054 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflbbjfpebejdkcodllhcpobineppjpb\1.0.0.3280_0\manifest.json, Quarantined, [9103], [443081],1.0.3054 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
-
What is Soft cores? The Malwarebytes research team has determined that Soft cores is a Bitcoin miner. These miners are designed to earn cryptocurrency by using system resources. How do I know if my computer is affected by Soft cores? You may see this entry in your list of installed programs: and this type of deeply nested Scheduled Task: How did Soft cores get on my computer? Trojans use different methods for distributing themselves. This particular one was installed by another trojan. How do I remove Soft cores? Our program Malwarebytes can detect and remove this trojan. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Soft cores? This miner creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this trojan. As you can see below the full version of Malwarebytes would have protected you against the Soft cores trojan. It would have warned you before the trojan could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: (Soft core) C:\Users\{username}\AppData\Roaming\FireFox\launcher\Systemcore.exe HKCU\...\Run: [core_i] => C:\Users\{username}\AppData\Roaming\FireFox\launcher\Systemcore.exe [4518912 2017-10-01] (Soft core) C:\Users\{username}\AppData\Roaming\FireFox ssc 1.12 (HKLM-x32\...\ssc 1.12) (Version: 1.12 - Soft cores) Task: {4D595699-3433-48AE-9BB1-FB0BD90B43AF} - System32\Tasks\Microsoft\Windows\Wininet\sscore => Task: {C0990B5F-EB71-4C2D-8FB7-42573A9004A1} - System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c\d\e\f\g\h\i => C:\Users\{username}\AppData\Roaming\systembackup\backup\ssc.sfx.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\FireFox\launcher Adds the file libmySQL.dll"="8/21/2017 10:05 AM, 4002304 bytes, A Adds the file Systemcore.exe"="10/1/2017 10:29 PM, 4518912 bytes, A Adds the folder C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c\d\e\f\g\h Adds the file i"="10/19/2017 11:08 AM, 3624 bytes, A In the existing folder C:\Windows\System32\Tasks\Microsoft\Windows\Wininet Adds the file sscore"="10/19/2017 11:08 AM, 3542 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ssc 1.12] "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Roaming\FireFox\launcher\Uninstall.exe" "DisplayName"="REG_SZ", "ssc 1.12" "DisplayVersion"="REG_SZ", "1.12" "EstimatedSize"="REG_DWORD", 8322 "HelpLink"="REG_SZ", "mailto:support@company.com" "InstallDate"="REG_SZ", "20171019" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\FireFox\launcher\" "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop\" "Language"="REG_DWORD", 1049 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Soft cores" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Roaming\FireFox\launcher\Uninstall.exe" "URLInfoAbout"="REG_SZ", "http://www.msdn.com/" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 12 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "core_i"="REG_SZ", "C:\Users\{username}\AppData\Roaming\FireFox\launcher\Systemcore.exe" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/19/17 Scan Time: 1:53 PM Log File: 25909b9d-b4c4-11e7-9519-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.212 Update Package Version: 1.0.3048 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330587 Threats Detected: 29 Threats Quarantined: 29 Time Elapsed: 2 min, 11 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 Trojan.BitCoinMiner.TskLnk, C:\USERS\{username}\APPDATA\ROAMING\FIREFOX\LAUNCHER\SYSTEMCORE.EXE, Quarantined, [8795], [447435],1.0.3048 Module: 2 Trojan.BitCoinMiner.TskLnk, C:\USERS\{username}\APPDATA\ROAMING\FIREFOX\LAUNCHER\SYSTEMCORE.EXE, Quarantined, [8795], [447435],1.0.3048 Trojan.BitCoinMiner, C:\USERS\{username}\APPDATA\ROAMING\FIREFOX\LAUNCHER\LIBMYSQL.DLL, Quarantined, [78], [447430],1.0.3048 Registry Key: 8 Trojan.BitCoinMiner.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\sscore, Delete-on-Reboot, [8795], [-1],0.0.0 Trojan.BitCoinMiner.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37ED7276-9B08-4C31-A903-B6CECC613BD6}, Delete-on-Reboot, [8795], [-1],0.0.0 Trojan.BitCoinMiner.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37ED7276-9B08-4C31-A903-B6CECC613BD6}, Delete-on-Reboot, [8795], [-1],0.0.0 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\sscore, Delete-on-Reboot, [78], [447921],1.0.3048 Trojan.BitCoinMiner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ssc 1.12, Delete-on-Reboot, [78], [447432],1.0.3048 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{37ED7276-9B08-4C31-A903-B6CECC613BD6}, Delete-on-Reboot, [78], [447923],1.0.3048 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F52788E1-EC0D-4F28-8A73-0F0722143641}, Delete-on-Reboot, [78], [447924],1.0.3048 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\sysem, Delete-on-Reboot, [78], [447922],1.0.3048 Registry Value: 3 Trojan.BitCoinMiner.TskLnk, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|core_i, Delete-on-Reboot, [8795], [447435],1.0.3048 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{37ED7276-9B08-4C31-A903-B6CECC613BD6}|PATH, Delete-on-Reboot, [78], [447923],1.0.3048 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F52788E1-EC0D-4F28-8A73-0F0722143641}|PATH, Delete-on-Reboot, [78], [447924],1.0.3048 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c\d\e\f\g\h, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c\d\e\f\g, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c\d\e\f, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c\d\e, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c\d, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\SYSEM, Delete-on-Reboot, [78], [447912],1.0.3048 File: 5 Trojan.BitCoinMiner.TskLnk, C:\USERS\{username}\APPDATA\ROAMING\FIREFOX\LAUNCHER\SYSTEMCORE.EXE, Delete-on-Reboot, [8795], [447435],1.0.3048 Trojan.BitCoinMiner.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Wininet\sscore, Delete-on-Reboot, [8795], [-1],0.0.0 Trojan.BitCoinMiner, C:\USERS\{username}\APPDATA\ROAMING\FIREFOX\LAUNCHER\LIBMYSQL.DLL, Delete-on-Reboot, [78], [447430],1.0.3048 Trojan.BitCoinMiner, C:\Windows\System32\Tasks\Microsoft\Windows\sysem\ssrec\a\b\c\d\e\f\g\h\i, Delete-on-Reboot, [78], [447912],1.0.3048 Trojan.BitCoinMiner, C:\USERS\{username}\DESKTOP\BCM SETUP.EXE, Delete-on-Reboot, [78], [447580],1.0.3048 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
-
What is InboxAce? The Malwarebytes research team has determined that InboxAce is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. InboxAce is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by InboxAce? You may see this browser extensions/add-ons: these warnings during install: You may see this entry in your list of installed software: and this new homepage in the affected browsers: How did InboxAce get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site after an ad-rotator redirect. How do I remove InboxAce? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of InboxAce? If you are using Chrome, you may have to remove the Extension manually under Tools > More Tools > Extensions. Click on the bin behind the InboxAce entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the InboxAce hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/inboxace/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}&si={si1}&coid={coid1} FF Homepage: hxxp://hp.myway.com/inboxace/ttab02/index.html?coId={coid2}&subId={si1}&ln=en&n={n2}&ptb={ptb2}&st&p2={p21}&si={si1} FF Extension: InboxAce - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\Extensions\_1gMembers_@www.inboxace.com [2017-10-18] CHR Extension: (InboxAce) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid [2017-10-18] C:\Users\{username}\AppData\Local\InboxAceTooltab InboxAce Internet Explorer Homepage and New Tab (HKCU\...\InboxAceTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/18/17 Scan Time: 9:05 AM Log File: c6a083d3-b3d2-11e7-833e-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.212 Update Package Version: 1.0.3037 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330266 Threats Detected: 401 Threats Quarantined: 400 Time Elapsed: 2 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\InboxAceTooltab\TooltabExtension.dll, Quarantined, [846], [356944],1.0.3037 Registry Key: 4 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InboxAceTooltab Uninstall Internet Explorer, Quarantined, [846], [356944],1.0.3037 PUP.Optional.MyWay.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\inboxace.dl.myway.com, Quarantined, [9044], [444109],1.0.3037 PUP.Optional.ASK.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\inboxace.dl.tb.ask.com, Quarantined, [1376], [444105],1.0.3037 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\InboxAce, Quarantined, [846], [444113],1.0.3037 Registry Value: 2 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InboxAceTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [260], [352442],1.0.3037 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\InboxAce|START PAGE, Quarantined, [846], [444113],1.0.3037 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [260], [293497],1.0.3037 Data Stream: 0 (No malicious items detected) Folder: 91 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\InboxAce_1g, Quarantined, [260], [240302],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\InboxAceTooltab, Delete-on-Reboot, [846], [356944],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fkfcmeoepjhclglafbppmeidjjolcgid, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\abstractbutton\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedscript\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\thirdparty\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\uninstall\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedhtml\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\weather\css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\topapps\css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\weather\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\weather\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\topapps\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\generic\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio\css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedscript\html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\alert\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\flare\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\topapps, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\link\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\weather, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\abstractbutton, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedhtml\html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedscript\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\common, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\rss\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\rss\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedhtml\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedscript, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\flare\icons, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\images, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\rss, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\radioWrapper, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\search\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\thirdparty, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews\html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedhtml, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\foreground, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\uninstall, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews\css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\generic, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\weather, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\background, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\alert, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\flare, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\search\html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\link, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\rss, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\window, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\search, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\adapter, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native\libs, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\_metadata, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\icons, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FKFCMEOEPJHCLGLAFBPPMEIDJJOLCGID, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\META-INF, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\chrome, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\EXTENSIONS\_1GMEMBERS_@WWW.INBOXACE.COM, Quarantined, [846], [443664],1.0.3037 File: 302 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\InboxAce_1g\{ptb2}.sqlite, Quarantined, [260], [240302],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\InboxAceTooltab\TooltabExtension.dll, Delete-on-Reboot, [846], [356944],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [319354],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\PREFS.JS, Replaced, [846], [356946],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Removal Failed, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Preferences, Replaced, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fkfcmeoepjhclglafbppmeidjjolcgid\000003.log, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fkfcmeoepjhclglafbppmeidjjolcgid\CURRENT, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fkfcmeoepjhclglafbppmeidjjolcgid\LOCK, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fkfcmeoepjhclglafbppmeidjjolcgid\LOG, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fkfcmeoepjhclglafbppmeidjjolcgid\MANIFEST-000001, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FKFCMEOEPJHCLGLAFBPPMEIDJJOLCGID\12.703.12.2371_0\MANIFEST.JSON, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\adapter\adapterUtil.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\adapter\widget-adapter.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\alert\background\alertButton.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\flare\background\FlareWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\flare\icons\Thumbs.db, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\generic\background\GenericWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\link\background\linkButton.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\background\menuButton.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\css\menuframe.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\html\menuframe.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\images\right_arrow.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\images\right_arrow_white.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\js\menuframe.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\js\query-string.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\menu\README.txt, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\rss\background\RssWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\components\weather\background\weatherButton.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\bs.30.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\common.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\dynamic.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\enableDetect.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\eventListening.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\global.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\jquery-1.7.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\list-interaction.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\messageEventListener.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\navRedirector.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\paramReplacer.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\PartnerId.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\set.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\underscore-1.3.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\underscore-1.5.2.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\js\unifiedLogging.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\common\common.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\common\set.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test\invalid.json, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test\jquery.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test\qunit.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test\qunit.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test\resource.json, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test\resource.xml, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\common\widget-api\widget-context-1.0.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\background\ApiBasedWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\background\widget-api-impl.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\window\widgetWindow.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\api\window\widgetWindow.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\background\updateSearch.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews\css\movieReviews.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews\html\movieReviews.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\moviereviews\js\movieReviews.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\background\RadioWidget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\css\toolbar-item.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\foreground\button.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\search\background\searchBox.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\search\html\searchSuggestions.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\search\html\searchSuggestions.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\search\html\searchSuggestions.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\search\html\searchSuggestionsInit.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\css\supertab.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\html\supertab.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\js\newtabfork.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\js\reporting.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\js\srchsugg.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\js\supertab.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\js\unifiedLogging.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\components\supertab\js\__utm.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\_metadata\computed_hashes.json, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\_metadata\verified_contents.json, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\icons\arrowSprite.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\icons\icon128.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\icons\icon16.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\icons\icon19disabled.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\icons\icon19on.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\icons\icon48.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755070.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755074.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755078.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755079.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755080.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755082.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755083.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755084.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\223755096.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\224383952.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\227590534.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\down_arrow.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\magnifying_glass.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\RadioPlayerSprite.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\search_button.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\tvf_icon_guide.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\tvf_logo.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\images\wrench.png, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\newTabInitialize.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\chromeStorage.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\chromeUtils.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\companionSWUtils.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\exeManager.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\exeManagerNMD.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\exePackageManager.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\focusManager.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\globalBlacklistManager.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\messaging.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\mutation_summary-min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\mutation_summary.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\nativeMessagingDispatcher.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\newTabInfo.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\options.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\readLocalStorage.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\recentlyClosedTabs.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\reservespacefortoolbar.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\reservespaceifenabled.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\scriptInjector.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\searchContext.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\settingsOverrides.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\toolbarCookieParser.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\toolbarPreinit.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\underscore-1.3.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\URILoaderContentScript.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\webTooltabAPI.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\Widget.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\widgetContentScriptInjectee.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\widgetFactory.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\js\widgetWindowManager.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native\libs\jquery-1.7.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native\libs\jquery-1.9.1.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native\libs\underscore-1.5.2.min.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native\cache.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native\ce.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native\debug.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\native\ss.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\activePing.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\buttonLogger.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\competitorDnsList.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\console.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\FFPreferencesPersister.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\httpTransport.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\HttpURL.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\internationalSearch.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\LocalStoragePersister.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\MindsparkGlobal.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\MindsparkGlobal.unitTest.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\MindsparkGlobalNotes.txt, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\rsvp-latest.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\searchSuggestLocale.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\testHttpTransport.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\unifiedLogger.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\unifiedLogging.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\universalConsole.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\shared\utils.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\spent2.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\bg.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\buildVars, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\buildVars.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\companionSW.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\config.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\contentScript.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\contentScript.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\debug.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\debug.jade, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\spentJ.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\spentK.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\spentK.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\startup.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\stub.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\stubby.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\superFrame.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\toolbar.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\toolbar.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\toolbarUI.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\toolbarUI.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\toolbarUI.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\url.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\urlFragmentActions.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\webtooltab.cs.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\extension_toolbar_api.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\initWidgetWindow.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\newTabContentScript.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\options.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\spent.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\spent.html, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\spent.js, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid\12.703.12.2371_0\spent2.css, Quarantined, [846], [443121],1.0.3037 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\profile.default\EXTENSIONS\_1GMEMBERS_@WWW.INBOXACE.COM\INSTALL.RDF, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\chrome\ffxtbr.jar, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\META-INF\manifest.mf, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\META-INF\mozilla.rsa, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\META-INF\mozilla.sf, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\bootstrap.js, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\chrome.manifest, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions\_1gMembers_@www.inboxace.com\chrome.manifest.restartless, Quarantined, [846], [443664],1.0.3037 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\INBOXACE.{coid1}.EXE, Quarantined, [260], [365288],1.0.3037 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
-
Removal instructions for Easy PC Optimizer
Metallica posted a topic in Malware Removal Self-Help Guides
What is Easy PC Optimizer? The Malwarebytes research team has determined that Easy PC Optimizer is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Easy PC Optimizer? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: and these tasks in your list of Scheduled Tasks: How did Easy PC Optimizer get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website. How do I remove Easy PC Optimizer? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Easy PC Optimizer? No, Malwarebytes removes Easy PC Optimizer completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Easy PC Optimizer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (WebMinds, Inc) C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe C:\Windows\System32\Tasks\Easy PC Optimizer Scheduled Scan - {username} C:\Windows\Tasks\Easy PC Optimizer Scheduled Scan - {username}.job C:\Windows\System32\Tasks\Easy PC Optimizer - Background Scanning C:\Windows\System32\Tasks\Easy PC Optimizer - Run without UAC C:\Users\{username}\Desktop\Easy PC Optimizer.lnk C:\Users\{username}\AppData\Roaming\Easy PC Optimizer C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy PC Optimizer C:\Program Files (x86)\Easy PC Optimizer Easy PC Optimizer (HKLM-x32\...\Easy PC Optimizer_is1) (Version: 1.6.1.207 - WebMinds, Inc.) Task: {80EBACE7-F5E2-4384-B5EB-E2A09E9E45D2} - System32\Tasks\Easy PC Optimizer - Run without UAC => C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe [2017-03-28] (WebMinds, Inc) Task: {81DDD0D7-BB32-4EE7-A7E5-915C3EFFF87D} - System32\Tasks\Easy PC Optimizer Scheduled Scan - {username} => C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe [2017-03-28] (WebMinds, Inc) Task: {FB616293-533A-43D8-823D-BC4B35174601} - System32\Tasks\Easy PC Optimizer - Background Scanning => C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe [2017-03-28] (WebMinds, Inc) Task: C:\Windows\Tasks\Easy PC Optimizer Scheduled Scan - {username}.job => C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Easy PC Optimizer Adds the file engine.dll"="3/28/2017 3:04 PM, 3706344 bytes, A Adds the file EpcoUninstaller.exe"="3/28/2017 3:03 PM, 4209152 bytes, A Adds the file EPIC.exe"="3/28/2017 3:04 PM, 15518696 bytes, A Adds the file Homepage.url"="10/17/2017 9:14 AM, 196 bytes, A Adds the file IgnoreList.dat"="10/17/2017 9:14 AM, 0 bytes, A Adds the file license.txt"="3/28/2017 3:00 PM, 4673 bytes, A Adds the file Res_English.xml"="3/28/2017 3:00 PM, 29391 bytes, A Adds the file Res_French.xml"="3/28/2017 3:00 PM, 31693 bytes, A Adds the file Res_Spanish.xml"="3/28/2017 3:00 PM, 29964 bytes, A Adds the file Support.url"="10/17/2017 9:14 AM, 216 bytes, A Adds the file unins000.dat"="10/17/2017 9:14 AM, 23732 bytes, A Adds the file unins000.exe"="10/17/2017 9:12 AM, 715752 bytes, A Adds the file unins000.msg"="10/17/2017 9:14 AM, 11397 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy PC Optimizer Adds the file Easy PC Optimizer.lnk"="10/17/2017 9:14 AM, 1064 bytes, A Adds the file Support.lnk"="10/17/2017 9:14 AM, 1081 bytes, A Adds the file Uninstall Easy PC Optimizer.lnk"="10/17/2017 9:14 AM, 1088 bytes, A Adds the file Visit EasyPCOptimizer.com.lnk"="10/17/2017 9:14 AM, 1088 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Easy PC Optimizer Adds the file EPCO.log"="10/17/2017 9:14 AM, 291 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Adds the file Easy PC Optimizer.lnk"="10/17/2017 9:14 AM, 1070 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file Easy PC Optimizer.lnk"="10/17/2017 9:14 AM, 1046 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Easy PC Optimizer - Background Scanning"="10/17/2017 9:14 AM, 3600 bytes, A Adds the file Easy PC Optimizer - Run without UAC"="10/17/2017 9:14 AM, 2898 bytes, A Adds the file Easy PC Optimizer Scheduled Scan - {username}"="10/17/2017 9:15 AM, 3268 bytes, A In the existing folder C:\Windows\Tasks Adds the file Easy PC Optimizer Scheduled Scan - {username}.job"="10/17/2017 9:15 AM, 392 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "Easy PC Optimizer Scheduled Scan - {username}.job"="REG_BINARY, ................................ "Easy PC Optimizer Scheduled Scan - {username}.job.fp"="REG_DWORD", -711908686 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EPIC] "AutoRepair"="REG_DWORD", 0 "AutoShutdown"="REG_DWORD", 0 "BackgroundScanning"="REG_DWORD", 1 "CachePath"="REG_SZ", "C:\ProgramData" "ContextMenu"="REG_DWORD", 0 "CurrentLanguage"="REG_SZ", "English" "DispDate"="REG_SZ", "" "FirstRun"="REG_DWORD", 0 "FirstRunAfterInstall"="REG_DWORD", 0 "InstallationTime"="REG_QWORD, .... "LastActXCln"="REG_DWORD", 0 "LastActXErr"="REG_DWORD", 21 "LastAppPathCln"="REG_DWORD", 0 "LastAppPathErr"="REG_DWORD", 0 "LastEmKeyCln"="REG_DWORD", 0 "LastEmKeyErr"="REG_DWORD", 345 "LastFACln"="REG_DWORD", 0 "LastFAErr"="REG_DWORD", 0 "LastFilePathCln"="REG_DWORD", 0 "LastFilePathErr"="REG_DWORD", 92 "LastFontCln"="REG_DWORD", 0 "LastFontErr"="REG_DWORD", 0 "LastHlpCln"="REG_DWORD", 0 "LastHlpErr"="REG_DWORD", 0 "LastScan"="REG_SZ", "17/10/2017 | 09:15:51 AM" "LastSelectedScanTypes"="REG_DWORD", 16577536 "LastSHDllCln"="REG_DWORD", 0 "LastSHDllErr"="REG_DWORD", 12 "LastShortCutCln"="REG_DWORD", 0 "LastShortCutErr"="REG_DWORD", 6 "LastStartupCln"="REG_DWORD", 0 "LastStartupErr"="REG_DWORD", 0 "LastTotalClnCnt"="REG_DWORD", 0 "LastTotalErrCnt"="REG_DWORD", 476 "LastUnCln"="REG_DWORD", 0 "LastUnErr"="REG_DWORD", 0 "Logging"="REG_DWORD", 0 "LogScanSummary"="REG_DWORD", 0 "RegKey"="REG_SZ", "" "RestorePoint"="REG_DWORD", 0 "SkipUACWarning"="REG_DWORD", 1 "SoftwareUpdate"="REG_DWORD", 0 "UserName"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Easy PC Optimizer_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe" "DisplayName"="REG_SZ", "Easy PC Optimizer" "DisplayVersion"="REG_SZ", "1.6.1.207" "EstimatedSize"="REG_DWORD", 23677 "HelpLink"="REG_SZ", "http://easypcoptimizer.com/support" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Easy PC Optimizer" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Easy PC Optimizer" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon,quicklaunchicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20171017" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Easy PC Optimizer\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 6 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "WebMinds, Inc." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Easy PC Optimizer\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Easy PC Optimizer\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://easypcoptimizer.com/" "URLUpdateInfo"="REG_SZ", "http://easypcoptimizer.com/" [HKEY_CURRENT_USER\Software\EPIC] "CurrentLanguage"="REG_SZ", "English" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/17/17 Scan Time: 11:00 AM Log File: a2e46210-b319-11e7-b26d-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.212 Update Package Version: 1.0.3029 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330063 Threats Detected: 36 Threats Quarantined: 36 Time Elapsed: 1 min, 40 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe, Quarantined, [8968], [442097],1.0.3029 Module: 2 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\engine.dll, Quarantined, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe, Quarantined, [8968], [442097],1.0.3029 Registry Key: 7 PUP.Optional.EasyPCOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Easy PC Optimizer_is1, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Easy PC Optimizer - Background Scanning, Delete-on-Reboot, [8968], [442110],1.0.3029 PUP.Optional.EasyPCOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Easy PC Optimizer - Run without UAC, Delete-on-Reboot, [8968], [442114],1.0.3029 PUP.Optional.RegistryPowerCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Easy PC Optimizer Scheduled Scan - {username}, Delete-on-Reboot, [8966], [442107],1.0.3029 PUP.Optional.EasyPCOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{80EBACE7-F5E2-4384-B5EB-E2A09E9E45D2}, Delete-on-Reboot, [8968], [442115],1.0.3029 PUP.Optional.RegistryPowerCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{81DDD0D7-BB32-4EE7-A7E5-915C3EFFF87D}, Delete-on-Reboot, [8966], [442106],1.0.3029 PUP.Optional.EasyPCOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FB616293-533A-43D8-823D-BC4B35174601}, Delete-on-Reboot, [8968], [442111],1.0.3029 Registry Value: 3 PUP.Optional.EasyPCOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{80EBACE7-F5E2-4384-B5EB-E2A09E9E45D2}|PATH, Delete-on-Reboot, [8968], [442115],1.0.3029 PUP.Optional.RegistryPowerCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{81DDD0D7-BB32-4EE7-A7E5-915C3EFFF87D}|PATH, Delete-on-Reboot, [8966], [442106],1.0.3029 PUP.Optional.EasyPCOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FB616293-533A-43D8-823D-BC4B35174601}|PATH, Delete-on-Reboot, [8968], [442111],1.0.3029 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.EasyPCOptimizer, C:\PROGRAM FILES (X86)\EASY PC OPTIMIZER, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\USERS\{username}\APPDATA\ROAMING\EASY PC OPTIMIZER, Delete-on-Reboot, [8968], [442100],1.0.3029 File: 21 PUP.Optional.EasyPCOptimizer, C:\WINDOWS\SYSTEM32\TASKS\EASY PC OPTIMIZER - BACKGROUND SCANNING, Delete-on-Reboot, [8968], [442109],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\PROGRAM FILES (X86)\EASY PC OPTIMIZER\UNINS000.DAT, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\engine.dll, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\EpcoUninstaller.exe, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\EPIC.exe, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\Homepage.url, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\IgnoreList.dat, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\license.txt, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\Res_English.xml, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\Res_French.xml, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\Res_Spanish.xml, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\Support.url, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\unins000.exe, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\Program Files (x86)\Easy PC Optimizer\unins000.msg, Delete-on-Reboot, [8968], [442097],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\EASY PC OPTIMIZER.LNK, Delete-on-Reboot, [8968], [442101],1.0.3029 PUP.Optional.RegistryPowerCleaner, C:\WINDOWS\SYSTEM32\TASKS\Easy PC Optimizer Scheduled Scan - {username}, Delete-on-Reboot, [8966], [442105],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\WINDOWS\SYSTEM32\TASKS\EASY PC OPTIMIZER - RUN WITHOUT UAC, Delete-on-Reboot, [8968], [442113],1.0.3029 PUP.Optional.RegistryPowerCleaner, C:\WINDOWS\TASKS\Easy PC Optimizer Scheduled Scan - {username}.job, Delete-on-Reboot, [8966], [442104],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\USERS\{username}\APPDATA\ROAMING\EASY PC OPTIMIZER\EPCO.LOG, Delete-on-Reboot, [8968], [442100],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\USERS\{username}\DESKTOP\EASY PC OPTIMIZER.LNK, Delete-on-Reboot, [8968], [442102],1.0.3029 PUP.Optional.EasyPCOptimizer, C:\USERS\{username}\DESKTOP\EASYPCOPTIMIZERSETUP.EXE, Delete-on-Reboot, [8968], [442117],1.0.3029 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected. -
What is PC OptiClean? The Malwarebytes research team has determined that PC OptiClean is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with PC OptiClean? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and this screens during "operations": You may see this entry in your list of installed programs: and this task in your list of Scheduled Tasks: How did PC OptiClean get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website. How do I remove PC OptiClean? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of PC OptiClean? No, Malwarebytes removes PC OptiClean completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against PC OptiClean. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (Seguro Software LLC) C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe (Seguro Software LLC) C:\Program Files (x86)\PC OptiClean\PCOptiClean.exe C:\Users\{username}\Documents\PC OptiClean C:\Windows\System32\Tasks\PC OptiClean Schedule C:\Users\{username}\AppData\Roaming\PC OptiClean C:\Users\{username}\Desktop\PC OptiClean.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean C:\Program Files (x86)\PC OptiClean PC OptiClean v4.1 (HKLM-x32\...\PC OptiClean_is1) (Version: 4.1 - Seguro Software LLC) Task: {F2205754-5038-4F3A-BEF6-CF56D96C31E6} - System32\Tasks\PC OptiClean Schedule => C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe [2016-12-14] (Seguro Software LLC) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\PC OptiClean Adds the file Animation.gif"="11/9/2016 11:55 AM, 3965 bytes, A Adds the file CookieExclusions.txt"="10/29/2015 2:56 PM, 740 bytes, A Adds the file English.ini"="12/14/2016 9:56 AM, 33263 bytes, A Adds the file file_id.diz"="9/4/2015 5:10 PM, 898 bytes, A Adds the file HomePage.url"="6/11/2015 11:10 PM, 51 bytes, A Adds the file PCOCSchedule.exe"="12/14/2016 9:28 AM, 2023016 bytes, A Adds the file PCOptiClean.chm"="6/11/2015 11:22 PM, 33098 bytes, A Adds the file PCOptiClean.exe"="12/13/2016 10:54 PM, 6337128 bytes, A Adds the file Scanning.gif"="6/25/2014 8:30 AM, 1504 bytes, A Adds the file SDesc.txt"="12/1/2016 3:17 PM, 85605 bytes, A Adds the file sqlite3.dll"="4/12/2015 8:25 PM, 673521 bytes, A Adds the file unins000.dat"="10/16/2017 8:26 AM, 61974 bytes, A Adds the file unins000.exe"="10/16/2017 8:26 AM, 1202845 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean Adds the file Check updates.lnk"="10/16/2017 8:26 AM, 1096 bytes, A Adds the file Help.lnk"="10/16/2017 8:26 AM, 1068 bytes, A Adds the file PC OptiClean on the Web.lnk"="10/16/2017 8:26 AM, 1053 bytes, A Adds the file PC OptiClean.lnk"="10/16/2017 8:26 AM, 1068 bytes, A Adds the file Uninstall PC OptiClean.lnk"="10/16/2017 8:26 AM, 1053 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\PC OptiClean\Backup Adds the folder C:\Users\{username}\AppData\Roaming\PC OptiClean\Log Adds the folder C:\Users\{username}\AppData\Roaming\PC OptiClean\Undo In the existing folder C:\Users\{username}\Desktop Adds the file PC OptiClean.lnk"="10/16/2017 8:26 AM, 1050 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file PC OptiClean Schedule"="10/16/2017 8:26 AM, 3262 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC OptiClean_is1] "DisplayName"="REG_SZ", "PC OptiClean v4.1" "DisplayVersion"="REG_SZ", "4.1" "EstimatedSize"="REG_DWORD", 10129 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\PC OptiClean" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "PC OptiClean" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20171016" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\PC OptiClean\" "MajorVersion"="REG_DWORD", 4 "MinorVersion"="REG_DWORD", 1 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Seguro Software LLC" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\PC OptiClean\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\PC OptiClean\unins000.exe"" "VersionMajor"="REG_DWORD", 4 "VersionMinor"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\{username}\Desktop\PCOptiClean_Setup.exe"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\PC OptiClean] "AfterInstallURL"="REG_SZ", "http://www.pcopticlean.com/after-install.php" "AntivirusNotifier"="REG_DWORD", 1 "AppStart"="REG_DWORD", 1 "BuildID"="REG_SZ", "BZDV_PCSM4T_ML_PCOPTICLEAN_BUNDLE" "CacheNotifier"="REG_DWORD", 1 "CompilerVersion"="REG_SZ", "Dec2016" "CrashNotifier"="REG_DWORD", 1 "DiskNotifier"="REG_DWORD", 1 "DisplayName"="REG_SZ", "PC OptiClean" "HideAfterInstallURL"="REG_DWORD", 0 "InstallationDate"="REG_BINARY, .... "InstallName"="REG_SZ", "C:\Users\{username}\Desktop\PCOptiClean_Setup.exe" "IStatSent"="REG_DWORD", 1 "ItemsCleaned"="REG_DWORD", 0 "ItemsFixed"="REG_DWORD", 0 "ItemsToClean"="REG_DWORD", 1318 "ItemsToFix"="REG_DWORD", 97 "ItemsToPrivacyScan"="REG_SZ", "1111" "ItemsToRecoveryScan"="REG_SZ", "1111" "ItemsToRegistryScan"="REG_SZ", "1111111111" "JunkFiles"="REG_DWORD", 422 "JunkFilesCleaned"="REG_DWORD", 0 "Language"="REG_DWORD", 1 "LastNotificationTime"="REG_BINARY, .... "LastScanChecked"="REG_SZ", "1111011" "LastScanDate"="REG_BINARY, .... "LastScanFound"="REG_DWORD", 97 "LastUpdateChecking"="REG_BINARY, .... "LogDir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\PC OptiClean\Log" "MemoryNotifier"="REG_DWORD", 1 "MinFreeDiskSpace"="REG_DWORD", 10 "MinFreeMemory"="REG_DWORD", 10 "NewAppNotifier"="REG_DWORD", 1 "NewToolbarNotifier"="REG_DWORD", 1 "Phone"="REG_DWORD", 1 "Reminder"="REG_DWORD", 1 "s_Enable"="REG_DWORD", 0 "s_SmartDate"="REG_BINARY, .... "s_SmartEnabled"="REG_DWORD", 1 "s_SmartMode"="REG_DWORD", 0 "s_SmartScan"="REG_DWORD", 1 "s_Time"="REG_BINARY, .... "ShowRebootMessage"="REG_DWORD", 1 "ShowRecycleBin"="REG_DWORD", 1 "SizeToClean"="REG_SZ", "623.96 MB" "SlowScan"="REG_DWORD", 1 "StartupNotifier"="REG_DWORD", 1 "StartWithWindows"="REG_DWORD", 0 "UndoDir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\PC OptiClean\Undo" "UpdateReminderDisabled"="REG_DWORD", 0 "UpgradeID"="REG_SZ", "BZDV_PCSM_ML_PCOPTICLEAN" "UseExclusions"="REG_DWORD", 1 "Version"="REG_SZ", "4.1" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/16/17 Scan Time: 8:39 AM Log File: ba8ff646-b23c-11e7-9ab0-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.3020 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 324517 Threats Detected: 33 Threats Quarantined: 33 Time Elapsed: 2 min, 11 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe, Quarantined, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOptiClean.exe, Quarantined, [4109], [445649],1.0.3020 Module: 3 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe, Quarantined, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOptiClean.exe, Quarantined, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\sqlite3.dll, Quarantined, [4109], [445649],1.0.3020 Registry Key: 2 PUP.Optional.PCOptiClean, HKCU\SOFTWARE\PC OptiClean, Delete-on-Reboot, [4109], [445662],1.0.3020 PUP.Optional.PCOptiClean, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC OptiClean_is1, Delete-on-Reboot, [4109], [445660],1.0.3020 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 6 PUP.Optional.PCOptiClean, C:\PROGRAM FILES (X86)\PC OPTICLEAN, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC OPTICLEAN, Delete-on-Reboot, [4109], [445651],1.0.3020 PUP.Optional.PCOptiClean, C:\Users\{username}\AppData\Roaming\PC OptiClean\Backup, Delete-on-Reboot, [4109], [445654],1.0.3020 PUP.Optional.PCOptiClean, C:\Users\{username}\AppData\Roaming\PC OptiClean\Undo, Delete-on-Reboot, [4109], [445654],1.0.3020 PUP.Optional.PCOptiClean, C:\Users\{username}\AppData\Roaming\PC OptiClean\Log, Delete-on-Reboot, [4109], [445654],1.0.3020 PUP.Optional.PCOptiClean, C:\USERS\{username}\APPDATA\ROAMING\PC OPTICLEAN, Delete-on-Reboot, [4109], [445654],1.0.3020 File: 20 PUP.Optional.PCOptiClean, C:\WINDOWS\SYSTEM32\TASKS\PC OptiClean Schedule, Delete-on-Reboot, [4109], [445658],1.0.3020 PUP.Optional.PCOptiClean, C:\USERS\{username}\DESKTOP\PC OPTICLEAN.LNK, Delete-on-Reboot, [4109], [445657],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\Animation.gif, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\CookieExclusions.txt, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\English.ini, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\file_id.diz, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\HomePage.url, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOptiClean.chm, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOptiClean.exe, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\Scanning.gif, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\SDesc.txt, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\sqlite3.dll, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\unins000.dat, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\unins000.exe, Delete-on-Reboot, [4109], [445649],1.0.3020 PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\Check updates.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020 PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\Help.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020 PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\PC OptiClean on the Web.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020 PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\PC OptiClean.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020 PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\Uninstall PC OptiClean.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
-
Removal instructions for GetFormsOnline
Metallica posted a topic in Malware Removal Self-Help Guides
What is GetFormsOnline? The Malwarebytes research team has determined that GetFormsOnline is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. GetFormsOnline is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by GetFormsOnline? You may see this browser extensions/add-ons: these warnings during install: You may see this entry in your list of installed software: and this new homepage in the affected browsers: How did GetFormsOnline get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove GetFormsOnline? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GetFormsOnline? If you are using Chrome, you may have to remove the Extension manually under Tools > More Tools > Extensions. Click on the bin behind the GetFormsOnline entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the GetFormsOnline hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/getformsonline/S22907/index.html?n=C05D9F5&p2=%5EBX2%5Expu150%5ES22914%5Enl&ptb=5D1BF817-2DC0-4C43-BCF8-112D52A74C82&si=1088453&coid=d0562ac05d044860aad0c75867bf7bcf FF Homepage: hxxp://hp.myway.com/getformsonline/S22907/index.html?coId=a3f6276cc45d47ef950e892927293263&subId&ln=en&n=783a8341&ptb=B6F49412-F555-4EDC-94DE-47C4ECA0E293&st&p2=%5EBX2%5Efoxyyy%5ES22911%5Enl&si FF Extension: GetFormsOnline - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\Extensions\_dbMembers_@free.getformsonline.com [2017-10-06] CHR Extension: (GetFormsOnline) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl [2017-10-06] C:\Users\{username}\AppData\Local\GetFormsOnlineTooltab GetFormsOnline Internet Explorer Homepage and New Tab (HKCU\...\GetFormsOnlineTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/6/17 Scan Time: 9:55 AM Log File: c4ae16cc-aa6b-11e7-b751-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2960 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 323100 Threats Detected: 389 Threats Quarantined: 389 Time Elapsed: 1 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GetFormsOnlineTooltab\TooltabExtension.dll, Quarantined, [838], [356944],1.0.2960 Registry Key: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GetFormsOnlineTooltab Uninstall Internet Explorer, Delete-on-Reboot, [838], [356944],1.0.2960 Registry Value: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GetFormsOnlineTooltab Uninstall Internet Explorer|PUBLISHER, Delete-on-Reboot, [259], [352442],1.0.2960 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [259], [293497],1.0.2960 Data Stream: 0 (No malicious items detected) Folder: 89 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GetFormsOnlineTooltab, Delete-on-Reboot, [838], [356944],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\abstractbutton\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedscript\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\thirdparty\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\uninstall\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedhtml\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\weather\css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\topapps\css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\weather\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\weather\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\topapps\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\generic\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio\css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedscript\html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\alert\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\flare\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\topapps, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\link\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\weather, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\abstractbutton, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedhtml\html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedscript\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\common, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\rss\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\rss\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedhtml\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedscript, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\flare\icons, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\images, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\rss, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\radioWrapper, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\search\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\thirdparty, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews\html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedhtml, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\foreground, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\uninstall, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews\css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\generic, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\weather, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\background, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\alert, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\flare, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\search\html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\link, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\rss, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\window, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\search, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\adapter, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native\libs, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\_metadata, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\icons, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KLEGPJOABNDJFNAKOIGGFNFODDEJHGCL, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\META-INF, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\chrome, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\_DBMEMBERS_@FREE.GETFORMSONLINE.COM, Delete-on-Reboot, [259], [302304],1.0.2960 File: 296 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GetFormsOnlineTooltab\TooltabExtension.dll, Delete-on-Reboot, [838], [356944],1.0.2960 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KLEGPJOABNDJFNAKOIGGFNFODDEJHGCL\12.703.11.56376_0\MANIFEST.JSON, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\adapter\adapterUtil.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\adapter\widget-adapter.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\abstractbutton\background\abstractButton.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\alert\background\alertButton.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedhtml\background\embedHtmlWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedhtml\html\embedHtmlTemplate.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedhtml\js\embedHtmlUI.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedscript\background\embedScriptWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedscript\html\embedScriptTemplate.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\embedscript\js\embedScriptUI.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\flare\background\FlareWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\flare\icons\Icon_Flare_blue.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\flare\icons\Icon_Flare_pink.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\flare\icons\Thumbs.db, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\generic\background\GenericWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\link\background\linkButton.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\background\menuButton.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\css\menuframe.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\html\menuframe.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\images\right_arrow.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\images\right_arrow_white.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\js\jquery-1.7.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\js\menuframe.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\js\query-string.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\js\underscore-1.3.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\menu\README.txt, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\rss\background\RssWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\thirdparty\background\thirdPartyWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\uninstall\background\uninstallButton.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\components\weather\background\weatherButton.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\bs.30.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\common.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\dynamic.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\enableDetect.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\eventListening.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\global.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\jquery-1.7.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\list-interaction.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\messageEventListener.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\navRedirector.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\paramReplacer.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\PartnerId.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\set.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\underscore-1.3.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\underscore-1.5.2.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\js\unifiedLogging.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\common\common.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\common\eventListening.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\common\list-interaction.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\common\set.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio\css\radio-widget.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio\js\radio-custom.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio\js\radio-parser.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio\js\radio-widget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\radio\radio-widget.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\rss\js\rss-widget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\rss\rssWidget.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test\invalid.json, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test\jquery.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test\qunit.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test\qunit.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test\resource.json, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test\resource.xml, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test\testWidget.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\test\testWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\topapps\css\widget.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\topapps\js\topapps-config.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\topapps\js\widget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\topapps\widget.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\weather\css\weatherButton.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\weather\js\weather.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widgets\weather\weatherButton.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\common\widget-api\widget-context-1.0.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\background\ApiBasedWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\background\widget-api-impl.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\window\hiddenWidgetWindow.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\window\hiddenWidgetWindow.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\window\hiddenWidgetWindowInit.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\window\widgetWindow.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\api\window\widgetWindow.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\background\updateSearch.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\background\updateSearchPromptBg.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\07_buttons2.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\08_buttons2.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\defaultSearchModal.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\tvf_btn_ok.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\tvf_restart_icon.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews\background\MovieReviewsWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews\css\movieReviews.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews\html\movieReviews.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\moviereviews\js\movieReviews.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\background\RadioWidget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\css\toolbar-item.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\foreground\button.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\radioWrapper\radioWrapper.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\radio\radioWrapper\radioWrapper.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\search\background\searchBox.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\search\html\searchSuggestions.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\search\html\searchSuggestions.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\search\html\searchSuggestions.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\search\html\searchSuggestionsInit.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\css\supertab.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\html\supertab.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\js\newtabfork.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\js\reporting.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\js\srchsugg.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\js\supertab.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\js\unifiedLogging.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\components\supertab\js\__utm.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\_metadata\computed_hashes.json, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\_metadata\verified_contents.json, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\icons\arrowSprite.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\icons\icon128.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\icons\icon16.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\icons\icon19disabled.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\icons\icon19on.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\icons\icon48.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\icons\tb_icon_search_disappearing_ask.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099316.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099329.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099351.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099352.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099353.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099354.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099355.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099356.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099357.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099358.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099359.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099389.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224099406.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224143527.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\224143528.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\down_arrow.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\IDR_PRODUCT_LOGO_16.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\IDR_WEBSTORE_ICON.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\magnifying_glass.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\RadioPlayerSprite.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\search_button.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\tvf_icon_guide.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\tvf_logo.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\images\wrench.png, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\newTabInitialize.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\chromeStorage.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\chromeUtils.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\companionSWUtils.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\exeManager.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\exeManagerNMD.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\exePackageManager.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\focusManager.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\globalBlacklistManager.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\messaging.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\mutation_summary-min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\mutation_summary.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\nativeMessagingDispatcher.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\newTabInfo.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\options.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\readLocalStorage.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\recentlyClosedTabs.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\reservespacefortoolbar.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\reservespaceifenabled.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\scriptInjector.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\searchContext.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\settingsOverrides.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\toolbarCookieParser.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\toolbarPreinit.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\underscore-1.3.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\URILoaderContentScript.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\webTooltabAPI.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\Widget.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\widgetContentScriptInjectee.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\widgetFactory.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\js\widgetWindowManager.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native\libs\jquery-1.7.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native\libs\jquery-1.9.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native\libs\underscore-1.5.2.min.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native\cache.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native\ce.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native\debug.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\native\ss.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\activePing.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\buttonLogger.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\competitorDnsList.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\console.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\FFPreferencesPersister.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\httpTransport.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\HttpURL.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\internationalSearch.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\LocalStoragePersister.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\MindsparkGlobal.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\MindsparkGlobal.unitTest.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\MindsparkGlobalNotes.txt, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\rsvp-latest.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\searchSuggestLocale.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\testHttpTransport.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\unifiedLogger.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\unifiedLogging.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\universalConsole.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\shared\utils.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\spent2.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\bg.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\buildVars, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\buildVars.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\companionSW.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\config.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\contentScript.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\contentScript.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\debug.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\debug.jade, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\spentJ.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\spentK.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\spentK.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\startup.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\stub.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\stubby.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\superFrame.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\toolbar.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\toolbar.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\toolbarUI.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\toolbarUI.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\toolbarUI.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\url.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\urlFragmentActions.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\webtooltab.cs.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\extension_toolbar_api.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\initWidgetWindow.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\newTabContentScript.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\options.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\spent.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\spent.html, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\spent.js, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\klegpjoabndjfnakoiggfnfoddejhgcl\12.703.11.56376_0\spent2.css, Delete-on-Reboot, [259], [301932],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [838], [319354],1.0.2960 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\_DBMEMBERS_@FREE.GETFORMSONLINE.COM\INSTALL.RDF, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\chrome\ffxtbr.jar, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\META-INF\manifest.mf, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\META-INF\mozilla.rsa, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\META-INF\mozilla.sf, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\bootstrap.js, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\chrome.manifest, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\_dbMembers_@free.getformsonline.com\chrome.manifest.restartless, Delete-on-Reboot, [259], [302304],1.0.2960 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\GETFORMSONLINE.D0562AC05D044860AAD0C75867BF7BCF.EXE, Delete-on-Reboot, [259], [365288],1.0.2960 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected. -
What is Iremow? The Malwarebytes research team has determined that Iremow is a forced extension. How do I know if my computer is affected by Iremow? You may see this entry in your list of installed Chrome extensions: and these warnings during install: How did Iremow get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was a forced Chrome extension. But it was also available in the webstore at the time of writing. How do I remove Iremow? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Iremow? No, Malwarebytes removes Iremow completely. You may have to remove the Chrome Extension manually under Tools > More Tools > Extensions. Click on the bin behind the Iremow entry and confirm Remove in the prompt. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. We protect our customers from forced extensions by blocking the sites that spread them: Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://iremow.com/?keyword={searchTerms} CHR DefaultSearchKeyword: Default -> http://iremow.com/ CHR Extension: (Search wan) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm [2017-10-04] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0 Adds the file manifest.json"="10/4/2017 12:53 PM, 1867 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\_metadata Adds the file computed_hashes.json"="10/4/2017 12:53 PM, 2619 bytes, A Adds the file verified_contents.json"="10/4/2017 10:04 AM, 1656 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\images\icons Adds the file iremow.png"="10/4/2017 12:53 PM, 178 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\js Adds the file background.js"="10/4/2017 10:04 AM, 196699 bytes, A Adds the file content.js"="10/4/2017 10:04 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ahhieokidmbliacgdlkikblhplplkijm Adds the file 000003.log"="10/4/2017 12:53 PM, 0 bytes, A Adds the file CURRENT"="10/4/2017 12:53 PM, 16 bytes, A Adds the file LOCK"="10/4/2017 12:53 PM, 0 bytes, A Adds the file LOG"="10/4/2017 12:53 PM, 0 bytes, A Adds the file MANIFEST-000001"="10/4/2017 12:53 PM, 41 bytes, A Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/5/17 Scan Time: 10:05 AM Log File: f3d4089e-a9a3-11e7-b751-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2954 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 322857 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 1 min, 39 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 6 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\images\icons, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\_metadata, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\images, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\js, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AHHIEOKIDMBLIACGDLKIKBLHPLPLKIJM, Delete-on-Reboot, [625], [442229],1.0.2954 File: 6 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\images\icons\iremow.png, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\js\background.js, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\js\content.js, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\_metadata\computed_hashes.json, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\_metadata\verified_contents.json, Delete-on-Reboot, [625], [442229],1.0.2954 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhieokidmbliacgdlkikblhplplkijm\1.2.3_0\manifest.json, Delete-on-Reboot, [625], [442229],1.0.2954 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
-
Removal instructions for Tweakerbit Registry Optimizer
Metallica posted a topic in Malware Removal Self-Help Guides
What is Tweakerbit Registry Optimizer? The Malwarebytes research team has determined that Tweakerbit Registry Optimizer is a fake registry cleaner. These so-called "registry cleaners" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Tweakerbit Registry Optimizer? This is how the main screen of the registry cleaning application looks: You will find these icons in your taskbar and on your desktop: And see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: and this task in your Task Scheduler: How did Tweakerbit Registry Optimizer get on my computer? These so-called registry cleaners use different methods of getting installed. This particular one was downloaded from their website. How do I remove Tweakerbit Registry Optimizer? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Tweakerbit Registry Optimizer? No, Malwarebytes removes Tweakerbit Registry Optimizer completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this registry cleaner. As you can see below the full version of Malwarebytes would have protected you against the Tweakerbit Registry Optimizer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts You may see these entries in FRST logs: () C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.exe C:\Program Files (x86)\Tweakerbit Registry Optimizer C:\Windows\System32\Tasks\Tweakerbit Registry Optimizer C:\Users\Public\Desktop\Tweakerbit Registry Optimizer.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweakerbit Registry Optimizer Tweakerbit Registry Optimizer version 1.0 (HKLM-x32\...\{6406DF9F-E9C8-4C2E-AB48-80352BDF1471}_is1) (Version: 1.0 - Tweakerbit Registry Optimizer) Task: {6CB2D7B7-39B1-47C1-83D7-C681EDDF5991} - System32\Tasks\Tweakerbit Registry Optimizer => C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.exe [2017-03-28] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Tweakerbit Registry Optimizer Adds the file details.dll.xml"="10/4/2017 9:29 AM, 97284 bytes, A Adds the file error.dll.xml"="4/28/2014 10:44 PM, 55340 bytes, A Adds the file favicon.ico"="3/22/2017 11:20 AM, 9662 bytes, A Adds the file log.txt"="10/8/2016 12:39 PM, 0 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="6/3/2014 1:08 AM, 171008 bytes, A Adds the file Scanlog.xml"="10/4/2017 9:30 AM, 20692 bytes, A Adds the file Sys_auth.dll.xml"="10/27/2016 5:52 PM, 62 bytes, A Adds the file System.Windows.Controls.Input.Toolkit.dll"="3/2/2010 11:09 AM, 109400 bytes, A Adds the file System.Windows.Controls.Layout.Toolkit.dll"="3/2/2010 11:09 AM, 95064 bytes, A Adds the file Tweakerbit_Registry_Optimizer.exe"="3/28/2017 12:59 PM, 2814136 bytes, A Adds the file Tweakerbit_Registry_Optimizer.exe.config"="3/24/2017 12:20 PM, 4077 bytes, A Adds the file Tweakerbit_Registry_Optimizer.pdb"="3/28/2017 12:59 PM, 738816 bytes, A Adds the file Tweakerbit_Registry_Optimizer.vshost.exe"="3/28/2017 12:59 PM, 22472 bytes, A Adds the file Tweakerbit_Registry_Optimizer.vshost.exe.config"="3/24/2017 12:20 PM, 4077 bytes, A Adds the file Tweakerbit_Registry_Optimizer.vshost.exe.manifest"="1/1/2015 8:25 PM, 2672 bytes, A Adds the file Tweakerbit_Uninstaller.exe"="3/28/2017 1:08 PM, 553144 bytes, A Adds the file unins000.dat"="10/4/2017 9:28 AM, 30388 bytes, A Adds the file unins000.exe"="10/4/2017 9:26 AM, 718520 bytes, A Adds the file unins000.msg"="10/4/2017 9:28 AM, 11397 bytes, A Adds the file WpfAnimatedGif.dll"="8/7/2013 11:30 AM, 28160 bytes, A Adds the file WpfPageTransitions.dll"="8/29/2014 5:24 PM, 19456 bytes, A Adds the file WPFToolkit.dll"="3/2/2010 11:09 AM, 467288 bytes, A Adds the folder C:\Program Files (x86)\Tweakerbit Registry Optimizer\de Adds the file AAMP_Uninstaller.resources.dll"="10/27/2016 1:30 PM, 4608 bytes, A Adds the file Regprocleaner.resources.dll"="11/9/2016 4:33 PM, 18944 bytes, A Adds the file Tweakerbit_Registry_Optimizer.resources.dll"="3/28/2017 12:59 PM, 19456 bytes, A Adds the file UltraRegistryCare.resources.dll"="11/22/2016 4:46 PM, 19456 bytes, A Adds the folder C:\Program Files (x86)\Tweakerbit Registry Optimizer\en Adds the file AAMP_Uninstaller.resources.dll"="10/27/2016 1:30 PM, 4608 bytes, A Adds the file Regprocleaner.resources.dll"="11/9/2016 4:33 PM, 17920 bytes, A Adds the file Tweakerbit_Registry_Optimizer.resources.dll"="3/28/2017 12:59 PM, 18432 bytes, A Adds the file UltraRegistryCare.resources.dll"="11/22/2016 4:46 PM, 18432 bytes, A Adds the folder C:\Program Files (x86)\Tweakerbit Registry Optimizer\es Adds the file AAMP_Uninstaller.resources.dll"="10/27/2016 1:30 PM, 4608 bytes, A Adds the folder C:\Program Files (x86)\Tweakerbit Registry Optimizer\fr Adds the folder C:\Program Files (x86)\Tweakerbit Registry Optimizer\ja Adds the file AAMP_Uninstaller.resources.dll"="10/27/2016 1:30 PM, 4608 bytes, A Adds the file Regprocleaner.resources.dll"="11/9/2016 4:33 PM, 20992 bytes, A Adds the file Tweakerbit_Registry_Optimizer.resources.dll"="3/28/2017 12:59 PM, 21504 bytes, A Adds the file UltraRegistryCare.resources.dll"="11/22/2016 4:46 PM, 21504 bytes, A Adds the folder C:\Program Files (x86)\Tweakerbit Registry Optimizer\Sounds Adds the file Issues.wav"="4/30/2014 4:45 AM, 380240 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweakerbit Registry Optimizer Adds the file Tweakerbit Registry Optimizer.lnk"="10/4/2017 9:28 AM, 1427 bytes, A Adds the file Uninstall Tweakerbit Registry Optimizer.lnk"="10/4/2017 9:28 AM, 1322 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Tweakerbit Registry Optimizer.lnk"="10/4/2017 9:28 AM, 1409 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Tweakerbit Registry Optimizer"="10/4/2017 9:28 AM, 3298 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Tweakerbit Registry Optimizer\Activation] "Insdate"="REG_SZ", "04-Oct-2017 09:28:26 AM" "Prog_Name"="REG_SZ", "Tweakerbit Registry Optimizer_v2M" [HKEY_LOCAL_MACHINE\SOFTWARE\Tweakerbit Registry Optimizer\Error_Details] "activex_error"="REG_SZ", "55" "deep_error"="REG_SZ", "27" "font_error"="REG_SZ", "6" "help_error"="REG_SZ", "7" "his_error"="REG_SZ", "1" "ins_error"="REG_SZ", "22" "Last_Scan"="REG_SZ", "04-Oct-2017 09:29:08 AM" "lib_error"="REG_SZ", "15" "mru_error"="REG_SZ", "37" "soft_error"="REG_SZ", "154" "sound_error"="REG_SZ", "3" "stup_error"="REG_SZ", "0" "Time_Elapsed"="REG_SZ", "00:00:38" "Tot_error"="REG_SZ", "349" "user_error"="REG_SZ", "18" "vir_error"="REG_SZ", "4" [HKEY_LOCAL_MACHINE\SOFTWARE\Tweakerbit Registry Optimizer\Settings] "auto_regbackup"="REG_SZ", "1" "auto_update_type"="REG_SZ", "1" "culanguage"="REG_SZ", "en" "culanguageindex"="REG_SZ", "0" "notice_tray"="REG_SZ", "1" "scan_notice"="REG_SZ", "1" "sch_date"="REG_SZ", "0" "sch_day"="REG_SZ", "0" "sch_run_type"="REG_SZ", "1" "sch_start_time"="REG_SZ", "0" "sys_tray"="REG_SZ", "1" "trans_level"="REG_SZ", "1" "update_notice"="REG_SZ", "1" "version"="REG_SZ", "1.0" "win_startup"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6406DF9F-E9C8-4C2E-AB48-80352BDF1471}_is1] "Comments"="REG_SZ", "Tweakerbit Registry Optimizer" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Tweakerbit Registry Optimizer\favicon.ico" "DisplayName"="REG_SZ", "Tweakerbit Registry Optimizer version 1.0" "DisplayVersion"="REG_SZ", "1.0" "EstimatedSize"="REG_DWORD", 6258 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Tweakerbit Registry Optimizer" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Tweakerbit Registry Optimizer" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20171004" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Tweakerbit Registry Optimizer\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Tweakerbit Registry Optimizer" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Tweakerbit Registry Optimizer\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Tweakerbit Registry Optimizer\unins000.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/4/17 Scan Time: 9:48 AM Log File: 7480a67c-a8d8-11e7-b751-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2945 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 322675 Threats Detected: 48 Threats Quarantined: 48 Time Elapsed: 2 min, 4 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.exe, Quarantined, [8950], [441748],1.0.2945 Module: 1 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.exe, Quarantined, [8950], [441748],1.0.2945 Registry Key: 2 PUP.Optional.TweakerbitRegistryOptimizer, HKLM\SOFTWARE\Tweakerbit Registry Optimizer, Delete-on-Reboot, [8950], [441754],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6406DF9F-E9C8-4C2E-AB48-80352BDF1471}_is1, Delete-on-Reboot, [8950], [441748],1.0.2945 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Sounds, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\de, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\en, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\es, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\fr, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\ja, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TWEAKERBIT REGISTRY OPTIMIZER, Delete-on-Reboot, [8950], [441750],1.0.2945 File: 37 PUP.Optional.TweakerbitRegistryOptimizer, C:\USERS\PUBLIC\DESKTOP\TWEAKERBIT REGISTRY OPTIMIZER.LNK, Delete-on-Reboot, [8950], [441751],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\WINDOWS\SYSTEM32\TASKS\TWEAKERBIT REGISTRY OPTIMIZER, Delete-on-Reboot, [8950], [441752],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\de\AAMP_Uninstaller.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\de\Regprocleaner.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\de\Tweakerbit_Registry_Optimizer.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\de\UltraRegistryCare.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\en\AAMP_Uninstaller.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\en\Regprocleaner.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\en\Tweakerbit_Registry_Optimizer.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\en\UltraRegistryCare.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\es\AAMP_Uninstaller.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\ja\AAMP_Uninstaller.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\ja\Regprocleaner.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\ja\Tweakerbit_Registry_Optimizer.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\ja\UltraRegistryCare.resources.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Sounds\Issues.wav, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.pdb, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\details.dll.xml, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\error.dll.xml, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\favicon.ico, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\log.txt, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Scanlog.xml, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Sys_auth.dll.xml, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.exe, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.exe.config, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.vshost.exe.config, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Registry_Optimizer.vshost.exe.manifest, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\Tweakerbit_Uninstaller.exe, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\unins000.dat, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\unins000.exe, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\unins000.msg, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\WpfAnimatedGif.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\Program Files (x86)\Tweakerbit Registry Optimizer\WpfPageTransitions.dll, Delete-on-Reboot, [8950], [441748],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweakerbit Registry Optimizer\Tweakerbit Registry Optimizer.lnk, Delete-on-Reboot, [8950], [441750],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweakerbit Registry Optimizer\Uninstall Tweakerbit Registry Optimizer.lnk, Delete-on-Reboot, [8950], [441750],1.0.2945 PUP.Optional.TweakerbitRegistryOptimizer, C:\USERS\{username}\DESKTOP\TWEAKERBIT REGISTRY OPTIMIZER.EXE, Delete-on-Reboot, [8950], [441758],1.0.2945 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected. -
Removal instructions for UpdateMyDrivers
Metallica posted a topic in Malware Removal Self-Help Guides
What is UpdateMyDrivers? The Malwarebytes research team has determined that UpdateMyDrivers is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with UpdateMyDrivers? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: How did UpdateMyDrivers get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website. How do I remove UpdateMyDrivers? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of UpdateMyDrivers? No, Malwarebytes removes UpdateMyDrivers completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the UpdateMyDrivers installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: () C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe HKCU\...\Run: [UpdateMyDrivers] => C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe [2387064 2014-05-26] () C:\Users\{username}\Desktop\UpdateMyDrivers.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software C:\Program Files (x86)\SmartTweak UpdateMyDrivers (HKLM-x32\...\UpdateMyDrivers) (Version: 38.1 - SmartTweak Software) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\SmartTweak\UpdateMyDrivers Adds the file uninst.exe"="10/3/2017 11:30 AM, 107277 bytes, A Adds the file UpdateMyDrivers.exe"="5/26/2014 12:53 PM, 2387064 bytes, A Adds the file UpdateMyDrivers.url"="10/3/2017 11:30 AM, 50 bytes, A Adds the folder C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\Fonts Adds the file segoeui.ttf"="7/15/2011 1:00 AM, 743324 bytes, A Adds the file segoeuib.ttf"="7/15/2011 1:00 AM, 757596 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software\UpdateMyDrivers Adds the file Uninstall.lnk"="10/3/2017 11:30 AM, 1006 bytes, A Adds the file UpdateMyDrivers.lnk"="10/3/2017 11:30 AM, 1278 bytes, A Adds the file Website.lnk"="10/3/2017 11:30 AM, 1278 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UpdateMyDrivers.exe] "(Default)"="REG_SZ", "C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UpdateMyDrivers] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe" "DisplayName"="REG_SZ", "UpdateMyDrivers" "DisplayVersion"="REG_SZ", "38.1" "NSIS:Language"="REG_SZ", "1033" "Publisher"="REG_SZ", "SmartTweak Software" "UninstallString"="REG_SZ", "C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\uninst.exe" "URLInfoAbout"="REG_SZ", "http://www.smarttweak.us" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "UpdateMyDrivers"="REG_SZ", "C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss" [HKEY_CURRENT_USER\Software\SmartTweak\UpdateMyDrivers] "Activated"="REG_DWORD", 0 "AutoRun"="REG_DWORD", 1 "CloseToTray"="REG_DWORD", 1 "IDLang"="REG_DWORD", 0 "IsSysUpdated"="REG_DWORD", 0 "LastScanDataRecv"="REG_SZ", "" "LastScanDataSend"="REG_SZ", "" "LastScanDatei"="REG_BINARY, .... "LastScanSendDatei"="REG_BINARY, .... "MTag"="REG_DWORD", 0 "odDrivers"="REG_DWORD", 0 "Partner"="REG_SZ", "" "ProxyHost"="REG_SZ", "" "ProxyLogin"="REG_SZ", "" "ProxyPassw"="REG_SZ", "" "ProxyPort"="REG_SZ", "" "SerialNum"="REG_SZ", "" "tDrivers"="REG_DWORD", 0 "udDrivers"="REG_DWORD", 0 "UseProxy"="REG_DWORD", 0 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/3/17 Scan Time: 11:41 AM Log File: 03911c94-a81f-11e7-b751-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2938 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 322226 Threats Detected: 17 Threats Quarantined: 17 Time Elapsed: 2 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.SmartTweak, C:\PROGRAM FILES (X86)\SMARTTWEAK\UPDATEMYDRIVERS\UPDATEMYDRIVERS.EXE, Quarantined, [406], [438806],1.0.2938 Module: 1 PUP.Optional.SmartTweak, C:\PROGRAM FILES (X86)\SMARTTWEAK\UPDATEMYDRIVERS\UPDATEMYDRIVERS.EXE, Quarantined, [406], [438806],1.0.2938 Registry Key: 4 PUP.Optional.SmartTweak, HKCU\SOFTWARE\SMARTTWEAK\UpdateMyDrivers, Quarantined, [406], [438807],1.0.2938 PUP.Optional.SmartTweak, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UpdateMyDrivers.exe, Quarantined, [406], [438804],1.0.2938 PUP.Optional.SmartTweak, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UpdateMyDrivers.exe, Quarantined, [406], [438804],1.0.2938 PUP.Optional.SmartTweak, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UpdateMyDrivers, Quarantined, [406], [438805],1.0.2938 Registry Value: 1 PUP.Optional.SmartTweak, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|UPDATEMYDRIVERS, Quarantined, [406], [438806],1.0.2938 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SmartTweak, C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\Fonts, Quarantined, [406], [438801],1.0.2938 PUP.Optional.SmartTweak, C:\PROGRAM FILES (X86)\SMARTTWEAK\UPDATEMYDRIVERS, Quarantined, [406], [438801],1.0.2938 File: 7 PUP.Optional.SmartTweak, C:\PROGRAM FILES (X86)\SMARTTWEAK\UPDATEMYDRIVERS\UPDATEMYDRIVERS.EXE, Quarantined, [406], [438806],1.0.2938 PUP.Optional.SmartTweak, C:\USERS\{username}\DESKTOP\UPDATEMYDRIVERS.LNK, Quarantined, [406], [438803],1.0.2938 PUP.Optional.SmartTweak, C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\Fonts\segoeui.ttf, Quarantined, [406], [438801],1.0.2938 PUP.Optional.SmartTweak, C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\Fonts\segoeuib.ttf, Quarantined, [406], [438801],1.0.2938 PUP.Optional.SmartTweak, C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\uninst.exe, Quarantined, [406], [438801],1.0.2938 PUP.Optional.SmartTweak, C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.url, Quarantined, [406], [438801],1.0.2938 PUP.Optional.SmartTweak, C:\USERS\{username}\DESKTOP\UPDATEMYDRIVERS_V9.0.EXE, Quarantined, [406], [438809],1.0.2938 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected. -
Removal instructions for WMPlayer TSS
Metallica replied to Metallica's topic in Malware Removal Self-Help Guides
Same filename and same method, just displaying a different phone-number: 18008570982 -
Removal instructions for filmsNet Search
Metallica posted a topic in Malware Removal Self-Help Guides
What is filmsNet Search? The Malwarebytes research team has determined that filmsNet Search is adware. These adware applications display advertisements not originating from the sites you are browsing. The installer also bundles several other PUPs and adware programs. How do I know if my computer is affected by filmsNet Search? You may see these warnings and additional offers during install: You may see this new entry in your list of installed Chrome extensions: How did filmsNet Search get on my computer? Adware applications use different methods for distributing themselves. This particular one was downloaded from the webstore after several redirects promising free movies. How do I remove filmsNet Search? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of filmsNet Search? No, Malwarebytes removes filmsNet Search completely. You may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the filmsNet Search entry and confirm Remove in the prompt. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. The web protection module also blocks their domain and the redirect sites: Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://movie.eanswers.com/go/?category=web&s=fnds&vert=movies&q={searchTerms} CHR DefaultSearchKeyword: Default -> filmsNet CHR DefaultSuggestURL: Default -> hxxp://sug.eanswers.com/search/index_sg.php?q={searchTerms} CHR Extension: (filmsNet Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa [2017-10-02] Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0 Adds the file manifest.json"="10/2/2017 9:08 AM, 2157 bytes, A Adds the file popup.html"="2/19/2017 5:26 PM, 4841 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\_metadata Adds the file computed_hashes.json"="10/2/2017 9:08 AM, 15961 bytes, A Adds the file verified_contents.json"="6/29/2017 3:04 PM, 4401 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css Adds the file style.css"="2/19/2017 5:26 PM, 4085 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts Adds the file material-icons.css"="2/19/2017 5:26 PM, 1037 bytes, A Adds the file MaterialIcons-Regular.eot"="2/19/2017 5:26 PM, 143258 bytes, A Adds the file MaterialIcons-Regular.ijmap"="2/19/2017 5:26 PM, 28416 bytes, A Adds the file MaterialIcons-Regular.svg"="2/19/2017 5:26 PM, 284031 bytes, A Adds the file MaterialIcons-Regular.ttf"="2/19/2017 5:26 PM, 128180 bytes, A Adds the file MaterialIcons-Regular.woff"="2/19/2017 5:26 PM, 78776 bytes, A Adds the file MaterialIcons-Regular.woff2"="2/19/2017 5:26 PM, 42304 bytes, A Adds the file RobotoCondensed-Light.ttf"="2/19/2017 5:26 PM, 126168 bytes, A Adds the file RobotoCondensed-Regular.ttf"="2/19/2017 5:26 PM, 125332 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\images Adds the file icon128.png"="10/2/2017 9:08 AM, 5063 bytes, A Adds the file icon16.png"="10/2/2017 9:08 AM, 632 bytes, A Adds the file icon38.png"="10/2/2017 9:08 AM, 1757 bytes, A Adds the file icon50.png"="6/28/2017 1:47 AM, 3299 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js Adds the file base.js"="6/29/2017 3:10 PM, 17781 bytes, A Adds the file init.js"="2/19/2017 5:26 PM, 329 bytes, A Adds the file main.js"="5/23/2017 3:03 PM, 3863 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js\official Adds the file bootstrap.min.js"="2/19/2017 5:26 PM, 36874 bytes, A Adds the file jquery.min.js"="2/19/2017 5:26 PM, 85660 bytes, A Adds the file material.min.js"="2/19/2017 5:26 PM, 62359 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\vertical Adds the file 440x280.jpg"="6/28/2017 1:47 AM, 35216 bytes, A Adds the file init.js"="2/19/2017 5:26 PM, 605 bytes, A Adds the file pop.js"="2/19/2017 5:26 PM, 2563 bytes, A Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/2/17 Scan Time: 9:25 AM Log File: e51259c2-a742-11e7-b751-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2930 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 322062 Threats Detected: 36 Threats Quarantined: 36 Time Elapsed: 1 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js\official, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\_metadata, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\vertical, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\images, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGDGOEMJEJBPCGJAGNBKCPMIBDIJOEAA, Quarantined, [8690], [415241],1.0.2930 File: 27 PUP.Optional.MediaNetNow.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGDGOEMJEJBPCGJAGNBKCPMIBDIJOEAA\1.0.0_0\MANIFEST.JSON, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\material-icons.css, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\MaterialIcons-Regular.eot, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\MaterialIcons-Regular.ijmap, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\MaterialIcons-Regular.svg, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\MaterialIcons-Regular.ttf, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\MaterialIcons-Regular.woff, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\MaterialIcons-Regular.woff2, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\RobotoCondensed-Light.ttf, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\fonts\RobotoCondensed-Regular.ttf, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\css\style.css, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\images\icon128.png, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\images\icon16.png, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\images\icon38.png, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\images\icon50.png, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js\official\bootstrap.min.js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js\official\jquery.min.js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js\official\material.min.js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js\base.js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js\init.js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\js\main.js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\vertical\440x280.jpg, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\vertical\init.js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\vertical\pop.js, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\_metadata\computed_hashes.json, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\_metadata\verified_contents.json, Quarantined, [8690], [415241],1.0.2930 PUP.Optional.MediaNetNow.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngdgoemjejbpcgjagnbkcpmibdijoeaa\1.0.0_0\popup.html, Quarantined, [8690], [415241],1.0.2930 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected. -
Removal instructions for Master PC Cleaner
Metallica posted a topic in Malware Removal Self-Help Guides
What is Master PC Cleaner? The Malwarebytes research team has determined that Master PC Cleaner is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Master PC Cleaner? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see this warning during install: and these screens during "operations": You may see this entry in your list of installed programs: and this task in your list of Scheduled Tasks: How did Master PC Cleaner get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website. How do I remove Master PC Cleaner? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Master PC Cleaner? No, Malwarebytes removes Master PC Cleaner completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Master PC Cleaner installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain. Technical details for experts You may see these entries in FRST logs: () C:\Program Files\Master PC Cleaner on {computername}\mpc.exe C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername} C:\Windows\System32\Tasks\Master PC Cleaner_Logon C:\Users\Public\Desktop\Master PC Cleaner.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PC Cleaner on {computername} C:\ProgramData\Master PC Cleaner on {computername} C:\Program Files\Master PC Cleaner on {computername} Master PC Cleaner (HKLM\...\{A00DA73E-1842-4E5A-91A5-EFEE1186C744}_is1) (Version: 1.0.0.38701 - ) Task: {987D5555-0E87-4CF2-9765-524CFD68DE7B} - System32\Tasks\Master PC Cleaner_Logon => C:\Program Files\Master PC Cleaner on {computername}\mpc.exe [2017-09-27] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Master PC Cleaner on {computername} Adds the file AppRes.dll"="9/27/2017 7:49 PM, 630648 bytes, A Adds the file HtmlRenderer.dll"="9/27/2017 7:49 PM, 228216 bytes, A Adds the file HtmlRenderer.WinForms.dll"="9/27/2017 7:49 PM, 66936 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="9/27/2017 7:49 PM, 55672 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="9/27/2017 7:49 PM, 177528 bytes, A Adds the file mpc.exe"="9/27/2017 7:49 PM, 2898296 bytes, A Adds the file mpc.exe.config"="9/27/2017 7:49 PM, 4681 bytes, A Adds the file NAudio.dll"="9/27/2017 7:49 PM, 477560 bytes, A Adds the file System.Data.SQLite.DLL"="9/27/2017 7:49 PM, 297336 bytes, A Adds the file TAFactory.IconPack.dll"="9/27/2017 7:49 PM, 43384 bytes, A Adds the file TaskScheduler.dll"="9/27/2017 7:49 PM, 47480 bytes, A Adds the file unins000.dat"="9/29/2017 9:08 AM, 73649 bytes, A Adds the file unins000.exe"="9/29/2017 9:05 AM, 1235320 bytes, A Adds the file unins000.msg"="9/29/2017 9:08 AM, 22701 bytes, A Adds the folder C:\Program Files\Master PC Cleaner on {computername}\langs Adds the file danish_apc_da.ini"="9/27/2017 12:21 PM, 46052 bytes, A Adds the file Dutch_apc_nl.ini"="9/27/2017 12:22 PM, 46648 bytes, A Adds the file english_apc_en.ini"="9/27/2017 12:13 PM, 47138 bytes, A Adds the file finish_apc_fi.ini"="9/27/2017 12:23 PM, 46306 bytes, A Adds the file French_apc_fr.ini"="9/27/2017 12:13 PM, 50332 bytes, A Adds the file german_apc_de.ini"="9/26/2017 3:52 PM, 48052 bytes, A Adds the file italian_apc_it.ini"="9/27/2017 12:23 PM, 48552 bytes, A Adds the file japanese_apc_ja.ini"="9/26/2017 3:53 PM, 33632 bytes, A Adds the file norwegian_apc_no.ini"="9/27/2017 12:24 PM, 45432 bytes, A Adds the file portuguese_apc_ptbr.ini"="9/27/2017 12:24 PM, 48008 bytes, A Adds the file russian_apc_ru.ini"="9/26/2017 3:55 PM, 49896 bytes, A Adds the file spanish_apc_es.ini"="9/27/2017 12:24 PM, 50860 bytes, A Adds the file swedish_apc_sv.ini"="9/27/2017 12:25 PM, 45040 bytes, A Adds the folder C:\Program Files\Master PC Cleaner on {computername}\x64 Adds the file SQLite.Interop.dll"="9/27/2017 7:49 PM, 1182072 bytes, A Adds the folder C:\Program Files\Master PC Cleaner on {computername}\x86 Adds the file SQLite.Interop.dll"="9/27/2017 7:49 PM, 861048 bytes, A Adds the folder C:\ProgramData\Master PC Cleaner on {computername} Adds the file mpc.db"="9/25/2017 5:48 PM, 835584 bytes, A Adds the file mpcstartrepair_en.mp3"="9/25/2017 5:48 PM, 183442 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PC Cleaner on {computername} Adds the file Buy Master PC Cleaner.lnk"="9/29/2017 9:08 AM, 986 bytes, A Adds the file Master PC Cleaner.lnk"="9/29/2017 9:08 AM, 974 bytes, A Adds the file Uninstall Master PC Cleaner.lnk"="9/29/2017 9:08 AM, 1005 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername} Adds the file Errorlog.txt"="9/29/2017 9:10 AM, 7362 bytes, A Adds the file exlist.bin"="9/29/2017 9:08 AM, 258259 bytes, A Adds the file param.ini"="9/29/2017 9:08 AM, 376 bytes, A Adds the file res.xml"="9/29/2017 9:10 AM, 14295 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\smico In the existing folder C:\Users\Public\Desktop Adds the file Master PC Cleaner.lnk"="9/29/2017 9:08 AM, 956 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Master PC Cleaner_Logon"="9/29/2017 9:08 AM, 3078 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\aHR0cDovL3d3dy5tYXN0ZXJwY2NsZWFuZXIuY29tLw==\TWFzdGVyIFBDIENsZWFuZXI=\ACT] "data"="REG_BINARY, .................................................................................................................................................................................................................................................................................................................................................... [HKEY_LOCAL_MACHINE\SOFTWARE\Master PC Cleaner on {computername}] "affired"="REG_DWORD"", 1 "afterInstallUrl"="REG_SZ"", "http://ins.masterpccleaner.com/install/mpcl/?" "btnid"="REG_SZ"", "" "cbkpoff"="REG_DWORD"", 1 "country"="REG_SZ"", "" "cta"="REG_DWORD"", 0 "delay"="REG_DWORD"", 0 "dlllist"="REG_SZ"", "PSMACHINE_64.DLL,MSSPELLCHECKINGFACILITY.DLL" "efosetting"="REG_DWORD"", 1 "EmailURL"="REG_SZ"", "support" "expired"="REG_DWORD"", 0 "fpxl"="REG_DWORD"", 1 "hdata"="REG_BINARY, ........................................................................................................................................................................................................................................................................................... "Installstring"="REG_SZ"", "C:\Program Files\Master PC Cleaner on {computername}" "islswc"="REG_DWORD"", 0 "isphone"="REG_DWORD"", 0 "issilent"="REG_DWORD"", 0 "LangCode"="REG_SZ"", "en" "lpid"="REG_SZ"", "" "lstregscancount"="REG_DWORD"", 31 "lstscandate"="REG_SZ"", "9/29/2017 9:10:58 AM" "lstscanstat"="REG_DWORD"", 2 "lstsecscancount"="REG_DWORD"", 0 "lsttotalscancount"="REG_DWORD"", 31 "msl"="REG_DWORD"", 1 "ovoffdis"="REG_DWORD"", 0 "phone"="REG_SZ"", "" "Phone_at"="REG_SZ"", "+43 (0)720 902 309" "Phone_au"="REG_SZ"", "(61)280-733403" "Phone_ch"="REG_SZ"", "+41 (0)44 508 70 37" "Phone_de"="REG_SZ"", "0800 1822 974" "Phone_fr"="REG_SZ"", "05 82 84 04 06" "Phone_gb"="REG_SZ"", "0800-031-5066" "Phone_ja"="REG_SZ"", "0120-993-506" "Phone_jp"="REG_SZ"", "0120-993-506" "Phone_lu"="REG_SZ"", "0800 1822 974" "Phone_uk"="REG_SZ"", "0800-031-5066" "Phone_us"="REG_SZ"", "(855)-332-0124" "playsound"="REG_DWORD"", 0 "prereg"="REG_DWORD"", 0 "PurchaseURL"="REG_SZ"", "https://esafemart.com/mpc/price?" "pxl"="REG_SZ"", "WAD2233_WAD2187_RUNT" "referurl"="REG_SZ"", "" "reg"="REG_DWORD"", 0 "RenewURL"="REG_SZ"", "https://esafemart.com/mpc/renewal?" "runcam"="REG_DWORD"", 1 "runpixel"="REG_DWORD"", 1 "runsrc"="REG_DWORD"", 1 "showefo"="REG_DWORD"", 0 "showtn"="REG_DWORD"", 0 "showudurec"="REG_DWORD"", 1 "showunins"="REG_DWORD"", 0 "supporturl"="REG_SZ"", "http://www.masterpccleaner.com/help/" "utm_campaign"="REG_SZ"", "wadsphere" "utm_medium"="REG_SZ"", "" "utm_pubid"="REG_SZ"", "1d92a736-cecd-4fbd-9f74-ef26d8616e82" "utm_source"="REG_SZ"", "wadsphere" "WebURL"="REG_SZ"", "http://www.masterpccleaner.com/" "x-at"="REG_SZ"", "64787" "x-ccode"="REG_SZ"", "nl" "x-context"="REG_SZ"", "d5SF3SLMVVAIMPI8104KQ4C8" "x-plt"="REG_SZ"", "" "x-var1"="REG_SZ"", "" "x-var2"="REG_SZ"", "" "x-var3"="REG_SZ"", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A00DA73E-1842-4E5A-91A5-EFEE1186C744}_is1] "DisplayIcon"="REG_SZ"", "C:\Program Files\Master PC Cleaner on {computername}\mpc.exe" "DisplayName"="REG_SZ"", "Master PC Cleaner" "DisplayVersion"="REG_SZ"", "1.0.0.38701" "EstimatedSize"="REG_DWORD"", 9646 "Inno Setup: App Path"="REG_SZ"", "C:\Program Files\Master PC Cleaner on {computername}" "Inno Setup: Icon Group"="REG_SZ"", "Master PC Cleaner on {computername}" "Inno Setup: Language"="REG_SZ"", "en" "Inno Setup: Setup Version"="REG_SZ"", "5.5.8 (u)" "Inno Setup: User"="REG_SZ"", "{username}" "InstallDate"="REG_SZ"", "20170929" "InstallLocation"="REG_SZ"", "C:\Program Files\Master PC Cleaner on {computername}\" "MajorVersion"="REG_DWORD"", 1 "MinorVersion"="REG_DWORD"", 0 "NoModify"="REG_DWORD"", 1 "NoRepair"="REG_DWORD"", 1 "QuietUninstallString"="REG_SZ"", ""C:\Program Files\Master PC Cleaner on {computername}\unins000.exe" /SILENT" "UninstallString"="REG_SZ"", ""C:\Program Files\Master PC Cleaner on {computername}\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\mpc-pr] "affiliateid"="REG_SZ"", "" "btnid"="REG_SZ"", "" "country"="REG_SZ"", "" "LangCode"="REG_SZ"", "en" "lpid"="REG_SZ"", "" "phone"="REG_SZ"", "" "pxl"="REG_SZ"", "WAD2233_WAD2187_RUNT" "referurl"="REG_SZ"", "" "utm_campaign"="REG_SZ"", "wadsphere" "utm_medium"="REG_SZ"", "" "utm_pubid"="REG_SZ"", "1d92a736-cecd-4fbd-9f74-ef26d8616e82" "utm_source"="REG_SZ"", "wadsphere" "x-at"="REG_SZ"", "64787" "x-context"="REG_SZ"", "d5SF3SLMVVAIMPI8104KQ4C8" "x-var2"="REG_SZ"", "" "x-var3"="REG_SZ"", "" [HKEY_CURRENT_USER\Software\Master PC Cleaner on {computername}] "btnid"="REG_SZ"", "" "Installstring"="REG_SZ"", "C:\Program Files\Master PC Cleaner on {computername}" "LangCode"="REG_SZ"", "en" "lpid"="REG_SZ"", "" "pxl"="REG_SZ"", "WAD2233_WAD2187_RUNT" "referurl"="REG_SZ"", "" "utm_campaign"="REG_SZ"", "wadsphere" "utm_medium"="REG_SZ"", "" "utm_pubid"="REG_SZ"", "1d92a736-cecd-4fbd-9f74-ef26d8616e82" "utm_source"="REG_SZ"", "wadsphere" "x-at"="REG_SZ"", "64787" "x-context"="REG_SZ"", "d5SF3SLMVVAIMPI8104KQ4C8" "x-datetime"="REG_SZ"", "09-29-2017 07:08:21 AM" "x-fetch"="REG_SZ"", "1" "x-ip"="REG_SZ"", "" "x-plt"="REG_SZ"", "" "x-var1"="REG_SZ"", "" "x-var2"="REG_SZ"", "" "x-var3"="REG_SZ"", "" [HKEY_CURRENT_USER\Software\Master PC Cleaner on {computername}\1.0.0.38701] Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/29/17 Scan Time: 9:37 AM Log File: 0cf8bcda-a4e9-11e7-b751-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2912 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 321918 Threats Detected: 64 Threats Quarantined: 64 Time Elapsed: 5 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\mpc.exe, Quarantined, [7134], [440068],1.0.2912 Module: 7 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x64\SQLite.Interop.dll, Quarantined, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\mpc.exe, Quarantined, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\NAudio.dll, Quarantined, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\System.Data.SQLite.DLL, Quarantined, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\TAFactory.IconPack.dll, Quarantined, [7134], [440068],1.0.2912 Registry Key: 4 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A00DA73E-1842-4E5A-91A5-EFEE1186C744}_is1, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\MPC-PR, Delete-on-Reboot, [7134], [440065],1.0.2912 PUP.Optional.MasterPCCleaner, HKCU\SOFTWARE\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440063],1.0.2912 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440067],1.0.2912 Registry Value: 4 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\MPC-PR|PHONE, Delete-on-Reboot, [7134], [440065],1.0.2912 PUP.Optional.MasterPCCleaner, HKCU\SOFTWARE\Master PC Cleaner on {computername}|INSTALLSTRING, Delete-on-Reboot, [7134], [440063],1.0.2912 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\Master PC Cleaner on {computername}|PHONE_US, Delete-on-Reboot, [7134], [440067],1.0.2912 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A00DA73E-1842-4E5A-91A5-EFEE1186C744}_is1|DISPLAYICON, Delete-on-Reboot, [7134], [440066],1.0.2912 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MasterPCCleaner, C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\smico, Delete-on-Reboot, [7134], [440069],1.0.2912 PUP.Optional.MasterPCCleaner, C:\USERS\{username}\APPDATA\ROAMING\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440069],1.0.2912 PUP.Optional.MasterPCCleaner, C:\PROGRAMDATA\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440061],1.0.2912 PUP.Optional.MasterPCCleaner, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440070],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x64, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x86, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\PROGRAM FILES\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440068],1.0.2912 File: 40 PUP.Optional.MasterPCCleaner, C:\USERS\{username}\APPDATA\ROAMING\Master PC Cleaner on {computername}\Errorlog.txt, Delete-on-Reboot, [7134], [440069],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\exlist.bin, Delete-on-Reboot, [7134], [440069],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\param.ini, Delete-on-Reboot, [7134], [440069],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\res.xml, Delete-on-Reboot, [7134], [440069],1.0.2912 PUP.Optional.MasterPCCleaner, C:\PROGRAMDATA\Master PC Cleaner on {computername}\mpc.db, Delete-on-Reboot, [7134], [440061],1.0.2912 PUP.Optional.MasterPCCleaner, C:\ProgramData\Master PC Cleaner on {computername}\mpcstartrepair_en.mp3, Delete-on-Reboot, [7134], [440061],1.0.2912 PUP.Optional.MasterPCCleaner, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Master PC Cleaner on {computername}\Master PC Cleaner.lnk, Delete-on-Reboot, [7134], [440070],1.0.2912 PUP.Optional.MasterPCCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PC Cleaner on {computername}\Buy Master PC Cleaner.lnk, Delete-on-Reboot, [7134], [440070],1.0.2912 PUP.Optional.MasterPCCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PC Cleaner on {computername}\Uninstall Master PC Cleaner.lnk, Delete-on-Reboot, [7134], [440070],1.0.2912 PUP.Optional.MasterPCCleaner, C:\USERS\PUBLIC\DESKTOP\MASTER PC CLEANER.LNK, Delete-on-Reboot, [7134], [440071],1.0.2912 PUP.Optional.MasterPCCleaner, C:\PROGRAM FILES\Master PC Cleaner on {computername}\mpc.exe.config, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\danish_apc_da.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\Dutch_apc_nl.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\english_apc_en.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\finish_apc_fi.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\French_apc_fr.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\german_apc_de.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\italian_apc_it.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\japanese_apc_ja.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\norwegian_apc_no.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\portuguese_apc_ptbr.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\russian_apc_ru.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\spanish_apc_es.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\swedish_apc_sv.ini, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x64\SQLite.Interop.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x86\SQLite.Interop.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\AppRes.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\HtmlRenderer.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\HtmlRenderer.WinForms.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\mpc.exe, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\NAudio.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\System.Data.SQLite.DLL, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\TAFactory.IconPack.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\TaskScheduler.dll, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\unins000.dat, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\unins000.exe, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\unins000.msg, Delete-on-Reboot, [7134], [440068],1.0.2912 PUP.Optional.MasterPCCleaner, C:\USERS\{username}\DESKTOP\MPCLSETUP.EXE, Delete-on-Reboot, [7134], [440060],1.0.2912 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected. -
What is DigiSmirkz? The Malwarebytes research team has determined that DigiSmirkz is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. DigiSmirkz is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by DigiSmirkz? You may see this browser extensions/add-ons: these warnings during install: You may see this entry in your list of installed software: and this new homepage in the affected browsers: How did DigiSmirkz get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove DigiSmirkz? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of DigiSmirkz? If you are using Chrome, you may have to remove the Extension manually under Tools > More Tools > Extensions. Click on the bin behind the DigiSmirkz entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the DigiSmirkz hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/digismirkz/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}&coid={coid1} FF Homepage: hxxp://hp.myway.com/digismirkz/ttab02/index.html?coId={coid2}&subId&ln=en&n={n1}&ptb={ptb2}&st&p2={p22}&si FF Extension: DigiSmirkz - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_i7Members_@free.digismirkz.com [2017-09-28] CHR Extension: (DigiSmirkz) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof [2017-09-28] C:\Users\{username}\AppData\Local\DigiSmirkzTooltab DigiSmirkz Internet Explorer Homepage and New Tab (HKCU\...\DigiSmirkzTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/28/17 Scan Time: 10:49 AM Log File: fc49955e-a429-11e7-b751-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2903 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 321655 Threats Detected: 406 Threats Quarantined: 406 Time Elapsed: 1 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DigiSmirkzTooltab\TooltabExtension.dll, Quarantined, [838], [356944],1.0.2903 Registry Key: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DigiSmirkzTooltab Uninstall Internet Explorer, Delete-on-Reboot, [838], [356944],1.0.2903 Registry Value: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DigiSmirkzTooltab Uninstall Internet Explorer|PUBLISHER, Delete-on-Reboot, [259], [352442],1.0.2903 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [259], [293497],1.0.2903 Data Stream: 0 (No malicious items detected) Folder: 89 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DigiSmirkzTooltab, Delete-on-Reboot, [838], [356944],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\abstractbutton\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedscript\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\thirdparty\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\uninstall\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedhtml\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\weather\css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\topapps\css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\weather\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\weather\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\topapps\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\generic\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio\css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedscript\html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\alert\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\flare\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\topapps, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\link\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\weather, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\abstractbutton, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedhtml\html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedscript\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\common, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\rss\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\rss\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedhtml\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedscript, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\flare\icons, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\images, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\rss, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\radioWrapper, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\search\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\thirdparty, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews\html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedhtml, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\foreground, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\uninstall, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews\css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\generic, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\weather, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\background, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\alert, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\flare, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\search\html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\link, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\rss, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\window, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\search, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\adapter, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native\libs, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\_metadata, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\icons, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FHIBENOOMGNPPDHBJAEPHEPHKDDNOKOF, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\META-INF, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\chrome, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_I7MEMBERS_@FREE.DIGISMIRKZ.COM, Delete-on-Reboot, [259], [302304],1.0.2903 File: 313 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DigiSmirkzTooltab\TooltabExtension.dll, Delete-on-Reboot, [838], [356944],1.0.2903 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FHIBENOOMGNPPDHBJAEPHEPHKDDNOKOF\12.702.11.34209_0\MANIFEST.JSON, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\adapter\adapterUtil.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\adapter\widget-adapter.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\abstractbutton\background\abstractButton.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\alert\background\alertButton.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedhtml\background\embedHtmlWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedhtml\html\embedHtmlTemplate.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedhtml\js\embedHtmlUI.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedscript\background\embedScriptWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedscript\html\embedScriptTemplate.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\embedscript\js\embedScriptUI.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\flare\background\FlareWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\flare\icons\Icon_Flare_blue.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\flare\icons\Icon_Flare_pink.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\flare\icons\Thumbs.db, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\generic\background\GenericWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\link\background\linkButton.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\background\menuButton.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\css\menuframe.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\html\menuframe.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\images\right_arrow.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\images\right_arrow_white.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\js\jquery-1.7.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\js\menuframe.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\js\query-string.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\js\underscore-1.3.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\menu\README.txt, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\rss\background\RssWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\thirdparty\background\thirdPartyWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\uninstall\background\uninstallButton.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\components\weather\background\weatherButton.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\bs.30.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\common.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\dynamic.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\enableDetect.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\eventListening.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\global.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\jquery-1.7.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\list-interaction.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\messageEventListener.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\navRedirector.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\paramReplacer.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\PartnerId.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\set.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\underscore-1.3.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\underscore-1.5.2.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\js\unifiedLogging.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\common\common.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\common\eventListening.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\common\list-interaction.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\common\set.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio\css\radio-widget.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio\js\radio-custom.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio\js\radio-parser.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio\js\radio-widget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\radio\radio-widget.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\rss\js\rss-widget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\rss\rssWidget.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test\invalid.json, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test\jquery.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test\qunit.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test\qunit.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test\resource.json, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test\resource.xml, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test\testWidget.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\test\testWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\topapps\css\widget.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\topapps\js\topapps-config.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\topapps\js\widget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\topapps\widget.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\weather\css\weatherButton.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\weather\js\weather.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widgets\weather\weatherButton.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\common\widget-api\widget-context-1.0.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\background\ApiBasedWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\background\widget-api-impl.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\window\hiddenWidgetWindow.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\window\hiddenWidgetWindow.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\window\hiddenWidgetWindowInit.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\window\widgetWindow.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\api\window\widgetWindow.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\background\updateSearch.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\background\updateSearchPromptBg.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\07_buttons2.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\08_buttons2.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\defaultSearchModal.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\tvf_btn_ok.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\tvf_restart_icon.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews\background\MovieReviewsWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews\css\movieReviews.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews\html\movieReviews.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\moviereviews\js\movieReviews.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\background\RadioWidget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\css\toolbar-item.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\foreground\button.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\radioWrapper\radioWrapper.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\radio\radioWrapper\radioWrapper.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\search\background\searchBox.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\search\html\searchSuggestions.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\search\html\searchSuggestions.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\search\html\searchSuggestions.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\search\html\searchSuggestionsInit.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\css\supertab.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\html\supertab.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\js\newtabfork.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\js\reporting.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\js\srchsugg.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\js\supertab.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\js\unifiedLogging.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\components\supertab\js\__utm.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\_metadata\computed_hashes.json, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\_metadata\verified_contents.json, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\icons\arrowSprite.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\icons\icon128.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\icons\icon16.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\icons\icon19disabled.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\icons\icon19on.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\icons\icon48.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\icons\tb_icon_search_disappearing_ask.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766924.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230700203.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230700267.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230700284.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230746606.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766915.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766916.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766917.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766918.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766919.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766920.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766921.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766922.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766923.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\down_arrow.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\IDR_PRODUCT_LOGO_16.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\IDR_WEBSTORE_ICON.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\magnifying_glass.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\RadioPlayerSprite.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\search_button.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\tvf_icon_guide.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\tvf_logo.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\wrench.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766925.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766926.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766927.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766928.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766929.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766930.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766931.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766933.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766934.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766935.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766936.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766937.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766938.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766939.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766940.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766941.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\images\230766942.png, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\newTabInitialize.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\chromeStorage.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\chromeUtils.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\companionSWUtils.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\exeManager.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\exeManagerNMD.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\exePackageManager.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\focusManager.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\globalBlacklistManager.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\messaging.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\mutation_summary-min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\mutation_summary.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\nativeMessagingDispatcher.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\newTabInfo.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\options.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\readLocalStorage.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\recentlyClosedTabs.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\reservespacefortoolbar.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\reservespaceifenabled.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\scriptInjector.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\searchContext.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\settingsOverrides.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\toolbarCookieParser.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\toolbarPreinit.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\underscore-1.3.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\URILoaderContentScript.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\webTooltabAPI.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\Widget.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\widgetContentScriptInjectee.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\widgetFactory.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\js\widgetWindowManager.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native\libs\jquery-1.7.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native\libs\jquery-1.9.1.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native\libs\underscore-1.5.2.min.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native\cache.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native\ce.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native\debug.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\native\ss.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\activePing.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\buttonLogger.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\competitorDnsList.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\console.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\FFPreferencesPersister.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\httpTransport.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\HttpURL.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\internationalSearch.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\LocalStoragePersister.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\MindsparkGlobal.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\MindsparkGlobal.unitTest.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\MindsparkGlobalNotes.txt, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\rsvp-latest.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\searchSuggestLocale.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\testHttpTransport.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\unifiedLogger.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\unifiedLogging.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\universalConsole.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\shared\utils.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\spent2.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\bg.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\buildVars, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\buildVars.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\companionSW.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\config.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\contentScript.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\contentScript.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\debug.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\debug.jade, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\spentJ.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\spentK.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\spentK.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\startup.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\stub.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\stubby.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\superFrame.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\toolbar.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\toolbar.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\toolbarUI.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\toolbarUI.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\toolbarUI.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\url.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\urlFragmentActions.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\webtooltab.cs.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\extension_toolbar_api.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\initWidgetWindow.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\newTabContentScript.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\options.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\spent.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\spent.html, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\spent.js, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhibenoomgnppdhbjaephephkddnokof\12.702.11.34209_0\spent2.css, Delete-on-Reboot, [259], [301932],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [319354],1.0.2903 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [838], [356946],1.0.2903 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_I7MEMBERS_@FREE.DIGISMIRKZ.COM\INSTALL.RDF, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\chrome\ffxtbr.jar, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\META-INF\manifest.mf, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\META-INF\mozilla.rsa, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\META-INF\mozilla.sf, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\bootstrap.js, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\chrome.manifest, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_i7Members_@free.digismirkz.com\chrome.manifest.restartless, Delete-on-Reboot, [259], [302304],1.0.2903 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\DIGISMIRKZ.{coid1}.EXE, Delete-on-Reboot, [259], [365288],1.0.2903 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
-
What is EnjoyWiFi? The Malwarebytes research team has determined that EnjoyWiFi is adware. These adware applications display advertisements not originating from the sites you are browsing. The installer also bundles several other PUPs and adware programs. How do I know if my computer is affected by EnjoyWiFi? This is the main screen of the application: You may see this type of warning: and this icon in your startmenu and on your desktop: You may see this new entry in your list of installed programs and features: How did EnjoyWiFi get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove EnjoyWiFi? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of EnjoyWiFi? No, Malwarebytes removes EnjoyWiFi completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the EnjoyWiFi adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks some of the connection it tries to make: Technical details for experts Possible signs in FRST logs: C:\Users\Public\Desktop\EnjoyWiFi.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnjoyWiFi C:\Program Files (x86)\EnjoyWiFi C:\Windows\system32\Drivers\wfcre.sys EnjoyWiFi (HKLM-x32\...\{8948C1BE-92B8-4276-8803-DC71CC78203A}) (Version: - ) Significant changes made by the kinstaller: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\EnjoyWiFi Adds the file EnjoyWiFi.exe"="7/6/2017 8:53 AM, 838016 bytes, A Adds the file enjoywifi.ssf"="6/15/2017 12:03 PM, 125598 bytes, A Adds the file inst.db"="9/27/2017 8:55 AM, 5 bytes, A Adds the file uninst.exe"="9/15/2017 3:43 AM, 172376 bytes, A Adds the file wfcrecf.dll"="6/15/2017 12:11 PM, 149888 bytes, A Adds the file wftinst.dll"="9/15/2017 3:43 AM, 616832 bytes, A Adds the file zlib.dll"="6/13/2016 8:47 AM, 75264 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnjoyWiFi Adds the file EnjoyWiFi.lnk"="9/27/2017 8:55 AM, 1037 bytes, A Adds the file uninstall EnjoyWiFi.lnk"="9/27/2017 8:55 AM, 1020 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file EnjoyWiFi.lnk"="9/27/2017 8:55 AM, 1019 bytes, A In the existing folder C:\Windows\System32\drivers Adds the file wfcre.sys"="9/15/2017 3:40 AM, 132992 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\32945AA97C2B893D926915802B4B6DAD0F5B86B2] "Blob"="REG_BINARY, ............................................................\....... ............................................................................................................................................................................................................................................................................................................................................................................................................... "Ver"="REG_DWORD", 3026 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Fetcher] "01"="REG_BINARY, ................. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8948C1BE-92B8-4276-8803-DC71CC78203A}] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe" "DisplayName"="REG_SZ", "EnjoyWiFi" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\EnjoyWiFi" "UninstallString"="REG_SZ", "C:\Program Files (x86)\EnjoyWiFi\uninst.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\upm] "ewf"="REG_BINARY, ............................. "IsInst"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wfcre] "Description"="REG_SZ", "wfcre" "DisplayName"="REG_SZ", "wfcre" "ErrorControl"="REG_DWORD", 1 "Group"="REG_SZ", "PNP_TDI" "ImagePath"="REG_EXPAND_SZ, "system32\drivers\wfcre.sys" "Start"="REG_DWORD", 1 "Type"="REG_DWORD", 1 "WOW64"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wfcre\Enum] "0"="REG_SZ", "Root\LEGACY_WFCRE\0000" "Count"="REG_DWORD", 1 "NextInstance"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wfcre\Parameters] "374335773"="REG_BINARY, ................................ Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/27/17 Scan Time: 10:38 AM Log File: 36880759-a35f-11e7-bf1d-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2896 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 321581 Threats Detected: 23 Threats Quarantined: 23 Time Elapsed: 1 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Quarantined, [8686], [417507],1.0.2896 Module: 4 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Quarantined, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\sciter32.dll, Quarantined, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wfcrecf.dll, Quarantined, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\zlib.dll, Quarantined, [8686], [417507],1.0.2896 Registry Key: 2 PUP.Optional.EnjoyWiFi, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8948C1BE-92B8-4276-8803-DC71CC78203A}, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.ChinAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wfcre, Delete-on-Reboot, [96], [417524],1.0.2896 Registry Value: 1 PUP.Optional.EnjoyWiFi, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8948C1BE-92B8-4276-8803-DC71CC78203A}|DISPLAYNAME, Delete-on-Reboot, [8686], [417521],1.0.2896 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.EnjoyWiFi, C:\PROGRAM FILES (X86)\ENJOYWIFI, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ENJOYWIFI, Delete-on-Reboot, [8686], [417508],1.0.2896 File: 13 PUP.Optional.EnjoyWiFi, C:\USERS\PUBLIC\DESKTOP\ENJOYWIFI.LNK, Delete-on-Reboot, [8686], [417518],1.0.2896 PUP.Optional.EnjoyWiFi, C:\PROGRAM FILES (X86)\ENJOYWIFI\ENJOYWIFI.SSF, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\EnjoyWiFi.exe, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\inst.db, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\sciter32.dll, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\uninst.exe, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wfcrecf.dll, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\wftinst.dll, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\Program Files (x86)\EnjoyWiFi\zlib.dll, Delete-on-Reboot, [8686], [417507],1.0.2896 PUP.Optional.EnjoyWiFi, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ENJOYWIFI\ENJOYWIFI.LNK, Delete-on-Reboot, [8686], [417508],1.0.2896 PUP.Optional.EnjoyWiFi, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnjoyWiFi\uninstall EnjoyWiFi.lnk, Delete-on-Reboot, [8686], [417508],1.0.2896 PUP.Optional.ChinAd, C:\WINDOWS\SYSTEM32\DRIVERS\WFCRE.SYS, Delete-on-Reboot, [96], [417524],1.0.2896 PUP.Optional.EnjoyWiFi, C:\USERS\{username}\DESKTOP\SETUP.4.22.EXE, Delete-on-Reboot, [8686], [417533],1.0.2896 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
-
What is Toothy? The Malwarebytes research team has determined that Toothy is a forced extension. How do I know if my computer is affected by Toothy? You may see this entry in your list of installed Chrome extensions: with these properties: and these warnings during install: How did Toothy get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was a forced Chrome extension. But it was also available in the webstore at the time of writing. How do I remove Toothy? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Toothy? No, Malwarebytes removes Toothy completely. You may have to remove the Chrome Extension manually under Tools > More Tools > Extensions. Click on the bin behind the Toothy entry and confirm Remove in the prompt. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. We protect our customers from forced extensions by blocking the sites that spread them: Technical details for experts Possible signs in FRST logs: CHR Extension: (Toothy) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp [2017-09-26] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0 Adds the file 1506323501957.html"="9/25/2017 10:21 AM, 526 bytes, A Adds the file 1506323501957.js"="9/25/2017 7:12 AM, 293399 bytes, A Adds the file 1506323501957_128.png"="9/26/2017 9:27 AM, 4306 bytes, A Adds the file 1506323501957_16.png"="9/26/2017 9:27 AM, 520 bytes, A Adds the file 1506323501957_48.png"="9/26/2017 9:27 AM, 2736 bytes, A Adds the file 1506323501957_512.png"="9/25/2017 7:12 AM, 59428 bytes, A Adds the file manifest.json"="9/26/2017 9:27 AM, 1350 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\_locales\en Adds the file messages.json"="9/26/2017 9:27 AM, 153 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\_metadata Adds the file computed_hashes.json"="9/26/2017 9:27 AM, 4361 bytes, A Adds the file verified_contents.json"="9/25/2017 10:19 AM, 2151 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpohflomnaifbkibmjdappdifjmojgcp Adds the file 000003.log"="9/26/2017 9:27 AM, 0 bytes, A Adds the file CURRENT"="9/26/2017 9:27 AM, 16 bytes, A Adds the file LOCK"="9/26/2017 9:27 AM, 0 bytes, A Adds the file LOG"="9/26/2017 9:27 AM, 0 bytes, A Adds the file MANIFEST-000001"="9/26/2017 9:27 AM, 41 bytes, A Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/26/17 Scan Time: 9:38 AM Log File: a3be5516-a28d-11e7-b751-080027750297.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2887 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 321298 Threats Detected: 15 Threats Quarantined: 15 Time Elapsed: 2 min, 4 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\_locales\en, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\_metadata, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\_locales, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KPOHFLOMNAIFBKIBMJDAPPDIFJMOJGCP, Quarantined, [625], [439099],1.0.2887 File: 10 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\_locales\en\messages.json, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\_metadata\computed_hashes.json, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\_metadata\verified_contents.json, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\1506323501957.html, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\1506323501957.js, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\1506323501957_128.png, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\1506323501957_16.png, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\1506323501957_48.png, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\1506323501957_512.png, Quarantined, [625], [439099],1.0.2887 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpohflomnaifbkibmjdappdifjmojgcp\4.9.354_0\manifest.json, Quarantined, [625], [439099],1.0.2887 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
