Metallica

Staff

View profile See their activity

Content count
1,883
Joined
April 21, 2008
Last visited
December 16, 2016

About Metallica

Rank
Master of PUPs
Birthday 05/19/1963

Profile Information

Location
Netherlands

Recent Profile Visitors

155,675 profile views

Amesam

July 17
cooper_cooper

July 4
Juliet

June 20
Gt-truth

May 18
LukeP3

May 11
l3386490

May 1
Aura

April 19
roger_m

April 14
fr33tux

April 6
msherwood

March 15
rhabdomantist

February 24

Removal instructions for SpeedItupFree

Metallica posted a topic in Malware Removal Self-Help Guides

What is SpeedItupFree? The Malwarebytes research team has determined that SpeedItupFree is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with SpeedItupFree? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see this warning during install: and these screens during "operations": You may see this entry in your list of installed programs: and advertisements like these: How did SpeedItupFree get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove SpeedItupFree? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SpeedItupFree? No, Malwarebytes removes SpeedItupFree completely. The shortcut called $1 PC Tech Support on the desktop can be deleted. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the SpeedItupFree installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts You may see these entries in FRST logs: () C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe (RJL Software, Inc.) C:\Program Files (x86)\Display Offer\delayexec.exe (MicroSmarts LLC.) C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe HKCU\...\Run: [SpeedItupFree] => C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe [7948448 2017-07-21] (MicroSmarts LLC.) R2 spdfrmon; C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe [921680 2013-11-01] () C:\Program Files (x86)\Display Offer C:\Program Files (x86)\SpeedItup Free C:\Windows\SpeedItup Free Setup Log.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedItup Free.lnk C:\ProgramData\Microsoft\Windows\Start Menu\SpeedItup Free.lnk C:\Users\Public\Desktop\SpeedItup Free.lnk C:\Windows\SpeedItup Free C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedItup Free C:\ProgramData\spds90.txt C:\Users\{username}\AppData\Local\Temp\spuad0.exe C:\Users\{username}\AppData\Local\Temp\spuad1.exe SpeeditupFree (HKLM-x32\...\SpeeditupFree) (Version: 11.20 - MicroSmarts LLC) <==== ATTENTION Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Display Offer Adds the file delayexec.exe"="7/20/2013 6:23 PM, 174640 bytes, A Adds the file ThankYou"="7/21/2017 1:01 PM, 11168 bytes, A Adds the file wait.exe"="8/14/2014 2:33 AM, 1847272 bytes, A Adds the folder C:\Program Files (x86)\SpeedItup Free Adds the file Checkup.dat"="9/1/2011 3:13 AM, 1366016 bytes, A Adds the file delayexec.exe"="3/22/2016 6:32 PM, 174752 bytes, A Adds the file Ext.dll"="7/20/2011 6:55 AM, 66048 bytes, A Adds the file IRIMG1.JPG"="7/21/2017 12:32 PM, 2362 bytes, A Adds the file IRIMG2.JPG"="7/21/2017 12:32 PM, 41278 bytes, A Adds the file IRIMG3.JPG"="7/21/2017 12:32 PM, 29054 bytes, A Adds the file irunin.dat"="7/21/2017 12:32 PM, 93816 bytes, A Adds the file irunin.xml"="7/21/2017 12:32 PM, 16049 bytes, A Adds the file order.ini"="7/17/2016 6:34 PM, 33 bytes, A Adds the file spdfrmon.exe"="11/1/2013 9:26 PM, 921680 bytes, A Adds the file speeditupfree.exe"="7/21/2017 1:00 PM, 7948448 bytes, A Adds the file speeditupfree.exe_"="7/21/2017 1:00 PM, 7948448 bytes, A Adds the file ThankYou"="7/21/2017 12:32 PM, 52975 bytes, A Adds the file upgradepath.ini"="9/12/2015 12:03 AM, 26 bytes, A Adds the folder C:\Program Files (x86)\SpeedItup Free\Help Adds the file index.html"="9/1/2011 4:06 AM, 6217 bytes, A Adds the folder C:\Program Files (x86)\SpeedItup Free\Help\Images Adds the file copyright.gif"="3/23/2007 7:58 AM, 517 bytes, A Adds the file forhelpfile.jpg"="9/1/2011 4:05 AM, 76941 bytes, A Adds the file index_01.gif"="6/8/2011 4:46 AM, 15342 bytes, A Adds the file index_02.gif"="6/29/2005 5:00 PM, 5066 bytes, A Adds the file index_03.gif"="6/29/2005 5:00 PM, 1611 bytes, A Adds the file index_04.gif"="6/29/2005 5:00 PM, 1215 bytes, A Adds the file index_05.gif"="6/29/2005 5:00 PM, 393 bytes, A Adds the file index_06.gif"="6/29/2005 5:00 PM, 2293 bytes, A Adds the file index_07.gif"="6/29/2005 5:00 PM, 936 bytes, A Adds the file index_08.gif"="7/2/2005 3:41 PM, 2714 bytes, A Adds the file index_09.gif"="6/29/2005 5:00 PM, 1252 bytes, A Adds the file index_10.gif"="6/29/2005 5:00 PM, 1457 bytes, A Adds the file index_11.gif"="6/29/2005 5:00 PM, 104 bytes, A Adds the file index_12.gif"="6/29/2005 5:00 PM, 162 bytes, A Adds the file index_13.gif"="6/29/2005 5:00 PM, 3529 bytes, A Adds the file index_14.gif"="6/29/2005 5:00 PM, 499 bytes, A Adds the file index_15.gif"="6/29/2005 5:00 PM, 471 bytes, A Adds the file index_16.gif"="6/29/2005 5:00 PM, 538 bytes, A Adds the file index_17.gif"="6/29/2005 5:00 PM, 236 bytes, A Adds the file index_18.gif"="6/29/2005 5:00 PM, 543 bytes, A Adds the file index_19.gif"="6/29/2005 5:00 PM, 1492 bytes, A Adds the file index_20.gif"="6/29/2005 5:00 PM, 506 bytes, A Adds the file index_21.gif"="6/29/2005 5:00 PM, 1449 bytes, A Adds the file index_22.gif"="6/29/2005 5:00 PM, 436 bytes, A Adds the file index_23.gif"="6/29/2005 5:00 PM, 4084 bytes, A Adds the file index_24.gif"="6/29/2005 5:00 PM, 476 bytes, A Adds the file index_25.gif"="6/29/2005 5:00 PM, 119 bytes, A Adds the file spacer.gif"="6/29/2005 5:00 PM, 43 bytes, A In the existing folder C:\ProgramData Adds the file spds90.txt"="7/21/2017 12:32 PM, 0 bytes, A In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu Adds the file SpeedItup Free.lnk"="7/21/2017 12:32 PM, 1980 bytes, A In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs Adds the file SpeedItup Free.lnk"="7/21/2017 12:32 PM, 1986 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedItup Free Adds the file SpeedItup Free.lnk"="7/21/2017 12:32 PM, 1992 bytes, A Adds the file Uninstall SpeedItup Free.lnk"="7/21/2017 12:32 PM, 1956 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Adds the file SpeedItup Free.lnk"="7/21/2017 12:32 PM, 1998 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file SpeedItup Free.lnk"="7/21/2017 12:32 PM, 1974 bytes, A In the existing folder C:\Windows Adds the file SpeedItup Free Setup Log.txt"="7/21/2017 12:32 PM, 15146 bytes, A Adds the folder C:\Windows\SpeedItup Free Adds the file lua5.1.dll"="7/21/2017 12:32 PM, 325960 bytes, A Adds the file uninstall.exe"="7/21/2017 12:32 PM, 1353056 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}] "(Default)"="REG_SZ", "spdfrmon.Gate" "AuthenticationLevel"="REG_DWORD", 1 "LocalService"="REG_SZ", "spdfrmon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}] "(Default)"="REG_SZ", "spdfrmon" "LocalService"="REG_SZ", "spdfrmon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\spdfrmon.exe] "(Default)"="REG_SZ", "" "AppID"="REG_SZ", "{A245B088-41FA-478E-8DEA-86177F1394BB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}] "(Default)"="REG_SZ", "ISyncEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}\TypeLib] "(Default)"="REG_SZ", "{A1011E88-B997-11CF-2222-0080C7B2D6BB}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}] "(Default)"="REG_SZ", "ISyncAPI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}\TypeLib] "(Default)"="REG_SZ", "{A1011E88-B997-11CF-2222-0080C7B2D6BB}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}] "(Default)"="REG_SZ", "_IMySyncEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020420-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}\TypeLib] "(Default)"="REG_SZ", "{A1011E88-B997-11CF-2222-0080C7B2D6BB}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spdfrmon.Gate] "(Default)"="REG_SZ", "spdfrmon.Gate" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spdfrmon.Gate\CLSID] "(Default)"="REG_SZ", "{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spdfrmon.Gate\CurVer] "(Default)"="REG_SZ", "spdfrmon.Gate.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spdfrmon.Gate.1] "(Default)"="REG_SZ", "spdfrmon.Gate" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spdfrmon.Gate.1\CLSID] "(Default)"="REG_SZ", "{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1011E88-B997-11CF-2222-0080C7B2D6BB}\1.0] "(Default)"="REG_SZ", "SpeedItup Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1011E88-B997-11CF-2222-0080C7B2D6BB}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1011E88-B997-11CF-2222-0080C7B2D6BB}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A1011E88-B997-11CF-2222-0080C7B2D6BB}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files (x86)\SpeedItup Free" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}] "(Default)"="REG_SZ", "spdfrmon.Gate" "AppID"="REG_SZ", "{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}\LocalServer32] "(Default)"="REG_SZ", "C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}\ProgID] "(Default)"="REG_SZ", "spdfrmon.Gate.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}\TypeLib] "(Default)"="REG_SZ", "{A1011E88-B997-11CF-2222-0080C7B2D6BB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}\VersionIndependentProgID] "(Default)"="REG_SZ", "spdfrmon.Gate" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}] "(Default)"="REG_SZ", "ISyncEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}\TypeLib] "(Default)"="REG_SZ", "{A1011E88-B997-11CF-2222-0080C7B2D6BB}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}] "(Default)"="REG_SZ", "ISyncAPI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}\TypeLib] "(Default)"="REG_SZ", "{A1011E88-B997-11CF-2222-0080C7B2D6BB}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}] "(Default)"="REG_SZ", "_IMySyncEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020420-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}\TypeLib] "(Default)"="REG_SZ", "{A1011E88-B997-11CF-2222-0080C7B2D6BB}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeeditupFree] "Contact"="REG_SZ", "MicroSmarts LLC Support Department" "DisplayIcon"="REG_SZ", ""C:\Windows\SpeedItup Free\uninstall.exe"" "DisplayName"="REG_SZ", "SpeeditupFree" "DisplayVersion"="REG_SZ", "11.20" "HelpLink"="REG_SZ", "http://www.speeditupfree.com" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\SpeedItup Free" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "MicroSmarts LLC" "UninstallString"="REG_SZ", ""C:\Windows\SpeedItup Free\uninstall.exe" "/U:C:\Program Files (x86)\SpeedItup Free\irunin.xml"" "URLInfoAbout"="REG_SZ", "http://www.speeditupfree.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spdfrmon] "DisplayName"="REG_SZ", "spdfrmon" "ErrorControl"="REG_DWORD", 1 "Group"="REG_SZ", "UIGroup" "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedItupFree"="REG_SZ", ""C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/21/17 Scan Time: 1:21 PM Log File: mbamSpeedItUpFree.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2409 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 338965 Threats Detected: 96 Threats Quarantined: 96 Time Elapsed: 2 min, 12 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 3 PUP.Optional.SpeedItUp, C:\PROGRAM FILES (X86)\SPEEDITUP FREE\SPDFRMON.EXE, Quarantined, [1201], [329424],1.0.2409 PUP.Optional.PCOptimizerPro, C:\Program Files (x86)\Display Offer\delayexec.exe, Quarantined, [202], [329412],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe, Quarantined, [1201], [329448],1.0.2409 Module: 3 PUP.Optional.SpeedItUp, C:\PROGRAM FILES (X86)\SPEEDITUP FREE\SPDFRMON.EXE, Quarantined, [1201], [329424],1.0.2409 PUP.Optional.PCOptimizerPro, C:\Program Files (x86)\Display Offer\delayexec.exe, Quarantined, [202], [329412],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe, Quarantined, [1201], [329448],1.0.2409 Registry Key: 24 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\TYPELIB\{A1011E88-B997-11CF-2222-0080C7B2D6BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\INTERFACE\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0142D788-C4FC-4ED8-2222-D654E27AF7F8}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1843388-EFC2-49C9-2222-FC0C403B0EBB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1D87888-DEAA-4971-2222-5D5046F2B3BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A1011E88-B997-11CF-2222-0080C7B2D6BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A1011E88-B997-11CF-2222-0080C7B2D6BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\spdfrmon, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\spdfrmon.Gate, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\spdfrmon.Gate.1, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\APPID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A19F8F88-F91E-4E49-2222-BD21AB39D1BB}, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\APPID\SPDFRMON.EXE, Delete-on-Reboot, [1201], [329818],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SpeeditupFree, Delete-on-Reboot, [1201], [329420],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SPDFRMON.EXE, Delete-on-Reboot, [1201], [329818],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\SPDFRMON.EXE, Delete-on-Reboot, [1201], [329818],1.0.2409 Registry Value: 4 PUP.Optional.SpeedItUp, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpeedItupFree, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\APPID\SPDFRMON.EXE|APPID, Delete-on-Reboot, [1201], [329818],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SPDFRMON.EXE|APPID, Delete-on-Reboot, [1201], [329818],1.0.2409 PUP.Optional.SpeedItUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\SPDFRMON.EXE|APPID, Delete-on-Reboot, [1201], [329818],1.0.2409 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 6 PUP.Optional.PCOptimizerPro, C:\PROGRAM FILES (X86)\DISPLAY OFFER, Delete-on-Reboot, [202], [329412],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\PROGRAM FILES (X86)\SPEEDITUP FREE, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPEEDITUP FREE, Delete-on-Reboot, [1201], [329450],1.0.2409 PUP.Optional.SpeedItUp, C:\WINDOWS\SPEEDITUP FREE, Delete-on-Reboot, [1201], [329420],1.0.2409 File: 56 PUP.Optional.SpeedItUp, C:\PROGRAM FILES (X86)\SPEEDITUP FREE\SPDFRMON.EXE, Delete-on-Reboot, [1201], [329424],1.0.2409 PUP.Optional.SpeedItUp, C:\PROGRAMDATA\SPDS90.TXT, Delete-on-Reboot, [1201], [329815],1.0.2409 PUP.Optional.SpeedItUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\SPEEDITUP FREE.LNK, Delete-on-Reboot, [1201], [329814],1.0.2409 PUP.Optional.SpeedItUp, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SPEEDITUP FREE.LNK, Delete-on-Reboot, [1201], [329817],1.0.2409 PUP.Optional.SpeedItUp, C:\USERS\PUBLIC\DESKTOP\SPEEDITUP FREE.LNK, Delete-on-Reboot, [1201], [329418],1.0.2409 PUP.Optional.PCOptimizerPro, C:\PROGRAM FILES (X86)\DISPLAY OFFER\THANKYOU, Delete-on-Reboot, [202], [329412],1.0.2409 PUP.Optional.PCOptimizerPro, C:\Program Files (x86)\Display Offer\delayexec.exe, Delete-on-Reboot, [202], [329412],1.0.2409 PUP.Optional.PCOptimizerPro, C:\Program Files (x86)\Display Offer\wait.exe, Delete-on-Reboot, [202], [329412],1.0.2409 PUP.Optional.SpeedItUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPEEDITUP FREE.LNK, Delete-on-Reboot, [1201], [329449],1.0.2409 PUP.Optional.SpeedItUp, C:\PROGRAM FILES (X86)\SPEEDITUP FREE\CHECKUP.DAT, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\copyright.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\forhelpfile.jpg, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_01.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_02.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_03.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_04.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_05.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_06.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_07.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_08.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_09.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_10.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_11.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_12.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_13.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_14.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_15.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_16.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_17.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_18.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_19.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_20.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_21.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_22.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_23.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_24.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\index_25.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\Images\spacer.gif, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Help\index.html, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\delayexec.exe, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\Ext.dll, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\IRIMG1.JPG, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\IRIMG2.JPG, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\IRIMG3.JPG, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\irunin.dat, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\irunin.xml, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\order.ini, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe_, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\ThankYou, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\Program Files (x86)\SpeedItup Free\upgradepath.ini, Delete-on-Reboot, [1201], [329448],1.0.2409 PUP.Optional.SpeedItUp, C:\WINDOWS\SPEEDITUP FREE SETUP LOG.TXT, Delete-on-Reboot, [1201], [329422],1.0.2409 PUP.Optional.SpeedItUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPEEDITUP FREE\SPEEDITUP FREE.LNK, Delete-on-Reboot, [1201], [329450],1.0.2409 PUP.Optional.SpeedItUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedItup Free\Uninstall SpeedItup Free.lnk, Delete-on-Reboot, [1201], [329450],1.0.2409 PUP.Optional.SpeedItUp, C:\WINDOWS\SPEEDITUP FREE\UNINSTALL.EXE, Delete-on-Reboot, [1201], [329420],1.0.2409 PUP.Optional.SpeedItUp, C:\Windows\SpeedItup Free\lua5.1.dll, Delete-on-Reboot, [1201], [329420],1.0.2409 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Friday at 04:06 PM
- - pup.optional.speeditup
  - 1-877-90-geeks
  - (and 2 more)
    Tagged with:
    
    pup.optional.speeditup
    
    1-877-90-geeks
    
    pup.optional.pcoptimizerpro
    
    1-877-904-3357
Removal instructions for dazzled

Metallica posted a topic in Malware Removal Self-Help Guides

How did dazzled get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was a forced Chrome extension. How do I remove dazzled? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of dazzled? No, Malwarebytes removes dazzled completely. You may have to remove the Chrome Extension manually under Tools > More Tools > Extensions. Click on the bin behind the dazzled entry and confirm Remove in the prompt. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. We try to protect our customers from forced Extension by blocking the sites that spread them. Technical details for experts Possible signs in FRST logs: CHR Extension: (dazzled) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab [2017-07-20] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0 Adds the file bgixder.png"="7/20/2017 8:57 AM, 178 bytes, A Adds the file bgixder.src.min.js"="7/9/2017 8:22 PM, 6445 bytes, A Adds the file manifest.json"="7/20/2017 8:57 AM, 1020 bytes, A Adds the file options.html"="7/4/2017 4:28 PM, 890 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\_metadata Adds the file computed_hashes.json"="7/20/2017 8:57 AM, 2388 bytes, A Adds the file verified_contents.json"="7/9/2017 8:22 PM, 2288 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\css Adds the file srchoff.png"="7/4/2017 4:28 PM, 18015 bytes, A Adds the file srchon.png"="7/4/2017 4:28 PM, 15590 bytes, A Adds the file style.css"="7/4/2017 4:28 PM, 8748 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\js Adds the file jq.js"="7/4/2017 4:28 PM, 94022 bytes, A Adds the file script.js"="7/4/2017 4:28 PM, 1041 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\akacaahohfbbdgglkahhnobeigdeciab Adds the file 000003.log"="7/20/2017 8:57 AM, 0 bytes, A Adds the file CURRENT"="7/20/2017 8:57 AM, 16 bytes, A Adds the file LOCK"="7/20/2017 8:57 AM, 0 bytes, A Adds the file LOG"="7/20/2017 8:57 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/20/2017 8:57 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "akacaahohfbbdgglkahhnobeigdeciab"="REG_SZ", "EE39881D8032D8450A47A521172758DB03BCB435D8AB353DE3D85653C6EF1E38" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/20/17 Scan Time: 9:09 AM Log File: mbamdazzled.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2402 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 338775 Threats Detected: 16 Threats Quarantined: 16 Time Elapsed: 1 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\_metadata, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\css, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\js, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AKACAAHOHFBBDGGLKAHHNOBEIGDECIAB, Quarantined, [812], [418002],1.0.2402 File: 11 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\css\srchoff.png, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\css\srchon.png, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\css\style.css, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\js\jq.js, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\js\script.js, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\_metadata\computed_hashes.json, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\_metadata\verified_contents.json, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\bgixder.png, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\bgixder.src.min.js, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\manifest.json, Quarantined, [812], [418002],1.0.2402 Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akacaahohfbbdgglkahhnobeigdeciab\0.3.0_0\options.html, Quarantined, [812], [418002],1.0.2402 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Thursday at 08:16 AM
- - rogue.forcedextension
  - akacaahohfbbdgglkahhnobeigdeciab
  - (and 1 more)
    Tagged with:
    
    rogue.forcedextension
    
    akacaahohfbbdgglkahhnobeigdeciab
    
    dazzled.download
Removal instructions for SystemTools

Metallica posted a topic in Malware Removal Self-Help Guides

What is SystemTools? The Malwarebytes research team has determined that SystemTools is an adfraud tool. These adfraud applications earn money by connecting affected machines to websites in a way that makes the advertiser think you viewed their ads, when in reality you didn't. Even though you may feel there is no harm in it for you, these trojans may compromise your security and use your resources. For example these are some of the connections this trojan.clicker makes: How do I know if my computer is affected by SystemTools? You may see this entry in your list of installed programs and features: this entry in your startmenu: and this warning during install: How did SystemTools get on my computer? Adfraud tools use different methods for distributing themselves. This particular one was bundled with other software. How do I remove SystemTools? Our program Malwarebytes can detect and remove this trojan.clicker. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SystemTools? No, Malwarebytes removes SystemTools completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this trojan.clicker. As you can see below the full version of Malwarebytes would have protected you against the SystemTools adfraud tool. It would have warned you before the adfraud tool could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks some of the connections the installer tries to make: Technical details for experts Possible signs in FRST logs: () C:\Program Files (x86)\System Tools 9.0.0\SystemTools.exe HKCU\...\Run: [SystemTools] => C:\Program Files (x86)\System Tools 9.0.0\SystemTools.exe [462336 2017-04-30] () C:\Users\{username}\Desktop\System Tools 9.0.0 Setup 9.0.0 - Changes.txt C:\Users\{username}\AppData\Roaming\System Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 9.0.0 C:\Program Files (x86)\System Tools 9.0.0 System Tools 9.0.0 version 9.0.0 (HKLM-x32\...\{FFB1E223-2052-49F4-B500-2F9A2DDBA756}}_is1) (Version: 9.0.0 - SystemTools, Inc.) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\System Tools 9.0.0 Adds the file SystemTools.exe"="4/30/2017 7:24 AM, 462336 bytes, A Adds the file unins000.dat"="7/19/2017 9:33 AM, 1365 bytes, A Adds the file unins000.exe"="7/19/2017 9:33 AM, 721573 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 9.0.0 Adds the file System Tools 9.0.0.lnk"="7/19/2017 9:33 AM, 1112 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\System Tools Adds the file config.bin"="7/19/2017 9:34 AM, 17 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFB1E223-2052-49F4-B500-2F9A2DDBA756}}_is1] "DisplayName"="REG_SZ", "System Tools 9.0.0 version 9.0.0" "DisplayVersion"="REG_SZ", "9.0.0" "EstimatedSize"="REG_DWORD", 1145 "HelpLink"="REG_SZ", "http://systemtools.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\System Tools 9.0.0" "Inno Setup: Icon Group"="REG_SZ", "System Tools 9.0.0" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170719" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\System Tools 9.0.0\" "MajorVersion"="REG_DWORD", 9 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "SystemTools, Inc." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\System Tools 9.0.0\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\System Tools 9.0.0\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://systemtools.com/" "URLUpdateInfo"="REG_SZ", "http://systemtools.com/" "VersionMajor"="REG_DWORD", 9 "VersionMinor"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SystemTools"="REG_SZ", ""C:\Program Files (x86)\System Tools 9.0.0\SystemTools.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/19/17 Scan Time: 1:20 PM Log File: mbamSystemTools9.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2398 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 338692 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 1 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Trojan.Clicker, C:\Program Files (x86)\System Tools 9.0.0\SystemTools.exe, Quarantined, [26], [417827],1.0.2398 Module: 1 Trojan.Clicker, C:\Program Files (x86)\System Tools 9.0.0\SystemTools.exe, Quarantined, [26], [417827],1.0.2398 Registry Key: 1 Trojan.Clicker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FFB1E223-2052-49F4-B500-2F9A2DDBA756}}_is1, Delete-on-Reboot, [26], [417827],1.0.2398 Registry Value: 1 Trojan.Clicker, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SystemTools, Delete-on-Reboot, [26], [417827],1.0.2398 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Trojan.Clicker, C:\PROGRAM FILES (X86)\SYSTEM TOOLS 9.0.0, Delete-on-Reboot, [26], [417827],1.0.2398 Trojan.Clicker, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM TOOLS 9.0.0, Delete-on-Reboot, [26], [417828],1.0.2398 File: 6 Trojan.Clicker, C:\USERS\{username}\APPDATA\ROAMING\SYSTEM TOOLS\CONFIG.BIN, Delete-on-Reboot, [26], [417829],1.0.2398 Trojan.Clicker, C:\USERS\{username}\DESKTOP\SYSTEMTOOLS.EXE, Delete-on-Reboot, [26], [417832],1.0.2398 Trojan.Clicker, C:\PROGRAM FILES (X86)\SYSTEM TOOLS 9.0.0\UNINS000.DAT, Delete-on-Reboot, [26], [417827],1.0.2398 Trojan.Clicker, C:\Program Files (x86)\System Tools 9.0.0\SystemTools.exe, Delete-on-Reboot, [26], [417827],1.0.2398 Trojan.Clicker, C:\Program Files (x86)\System Tools 9.0.0\unins000.exe, Delete-on-Reboot, [26], [417827],1.0.2398 Trojan.Clicker, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM TOOLS 9.0.0\SYSTEM TOOLS 9.0.0.LNK, Delete-on-Reboot, [26], [417828],1.0.2398 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Wednesday at 12:13 PM
- - trojan.clicker
  - system tools 9.0.0
Removal instructions for GenlT

Metallica posted a topic in Malware Removal Self-Help Guides

What is GenlT? The Malwarebytes research team has determined that GenlT is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by GenlT? You may see this entry in your list of installed programs and features: How did GenlT get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove GenlT? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GenlT? No, Malwarebytes removes GenlT completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the GenlT adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks some of the connections the installer tries to make: Technical details for experts Possible signs in FRST logs: (Exundancy Co.) C:\Program Files (x86)\GenlTybros\GenlT.exe (Exundancy Co.) C:\Program Files (x86)\GenlTybros\GenlTybros_.exe (Exundancy Co.) C:\Program Files (x86)\GenlTybros\GenlTybros.exe R2 GenlT; C:\Program Files (x86)\GenlTybros\GenlT.exe [110080 2017-06-21] (Exundancy Co.) [File not signed] C:\Program Files (x86)\GenlTybros Genl Tybie Trossachs (HKLM-x32\...\Genl Tybie Trossachs) (Version: 2.17 - Exundancy Co.) () C:\Program Files (x86)\GenlTybros\libcef.dll Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\GenlTybros Adds the file cef.pak"="5/12/2017 8:36 AM, 6078416 bytes, A Adds the file cef_100_percent.pak"="5/12/2017 8:36 AM, 277660 bytes, A Adds the file cef_200_percent.pak"="5/12/2017 8:36 AM, 383531 bytes, A Adds the file cef_extensions.pak"="5/12/2017 8:36 AM, 3502851 bytes, A Adds the file chrome_elf.dll"="5/12/2017 8:36 AM, 433664 bytes, A Adds the file d3dcompiler_43.dll"="5/12/2017 8:36 AM, 2106216 bytes, A Adds the file d3dcompiler_47.dll"="5/12/2017 8:36 AM, 3747512 bytes, A Adds the file devtools_resources.pak"="5/12/2017 8:36 AM, 6775482 bytes, A Adds the file GenlT.exe"="6/21/2017 11:57 AM, 110080 bytes, A Adds the file GenlTybros.exe"="6/21/2017 11:56 AM, 575488 bytes, A Adds the file GenlTybros_.exe"="6/21/2017 11:56 AM, 575488 bytes, A Adds the file icudtl.dat"="5/12/2017 8:36 AM, 10166816 bytes, A Adds the file libcef.dll"="5/12/2017 8:36 AM, 68189184 bytes, A Adds the file libcurl.dll"="11/29/2016 11:08 AM, 270848 bytes, A Adds the file libEGL.dll"="5/12/2017 8:36 AM, 80384 bytes, A Adds the file libGLESv2.dll"="5/12/2017 8:36 AM, 2918912 bytes, A Adds the file msvcp120.dll"="11/24/2014 9:23 AM, 455328 bytes, A Adds the file msvcr120.dll"="11/24/2014 9:23 AM, 970912 bytes, A Adds the file natives_blob.bin"="5/12/2017 8:36 AM, 262947 bytes, A Adds the file snapshot_blob.bin"="5/12/2017 8:36 AM, 1098960 bytes, A Adds the file Uninstall.exe"="7/18/2017 8:59 AM, 189135 bytes, A Adds the file widevinecdmadapter.dll"="5/12/2017 8:36 AM, 216576 bytes, A Adds the folder C:\Program Files (x86)\GenlTybros\locales Adds the file am.pak"="5/12/2017 7:27 AM, 377175 bytes, A Adds the file ar.pak"="5/12/2017 7:27 AM, 373225 bytes, A Adds the file bg.pak"="5/12/2017 7:27 AM, 448877 bytes, A Adds the file bn.pak"="5/12/2017 7:27 AM, 573174 bytes, A Adds the file ca.pak"="5/12/2017 7:27 AM, 272413 bytes, A Adds the file cs.pak"="5/12/2017 7:27 AM, 275570 bytes, A Adds the file da.pak"="5/12/2017 7:27 AM, 246994 bytes, A Adds the file de.pak"="5/12/2017 7:27 AM, 268487 bytes, A Adds the file el.pak"="5/12/2017 7:27 AM, 481523 bytes, A Adds the file en-GB.pak"="5/12/2017 7:27 AM, 220675 bytes, A Adds the file en-US.pak"="5/12/2017 7:27 AM, 220630 bytes, A Adds the file es.pak"="5/12/2017 7:27 AM, 274226 bytes, A Adds the file es-419.pak"="5/12/2017 7:27 AM, 269225 bytes, A Adds the file et.pak"="5/12/2017 7:27 AM, 239274 bytes, A Adds the file fa.pak"="5/12/2017 7:27 AM, 384289 bytes, A Adds the file fi.pak"="5/12/2017 7:27 AM, 253954 bytes, A Adds the file fil.pak"="5/12/2017 7:27 AM, 275102 bytes, A Adds the file fr.pak"="5/12/2017 7:27 AM, 290897 bytes, A Adds the file gu.pak"="5/12/2017 7:27 AM, 538857 bytes, A Adds the file he.pak"="5/12/2017 7:27 AM, 317383 bytes, A Adds the file hi.pak"="5/12/2017 7:27 AM, 549805 bytes, A Adds the file hr.pak"="5/12/2017 7:27 AM, 258120 bytes, A Adds the file hu.pak"="5/12/2017 7:27 AM, 285777 bytes, A Adds the file id.pak"="5/12/2017 7:27 AM, 239143 bytes, A Adds the file it.pak"="5/12/2017 7:27 AM, 264329 bytes, A Adds the file ja.pak"="5/12/2017 7:27 AM, 323196 bytes, A Adds the file kn.pak"="5/12/2017 7:27 AM, 620868 bytes, A Adds the file ko.pak"="5/12/2017 7:27 AM, 273906 bytes, A Adds the file lt.pak"="5/12/2017 7:27 AM, 277839 bytes, A Adds the file lv.pak"="5/12/2017 7:27 AM, 277722 bytes, A Adds the file ml.pak"="5/12/2017 7:27 AM, 679840 bytes, A Adds the file mr.pak"="5/12/2017 7:27 AM, 544588 bytes, A Adds the file ms.pak"="5/12/2017 7:27 AM, 246724 bytes, A Adds the file nb.pak"="5/12/2017 7:27 AM, 244416 bytes, A Adds the file nl.pak"="5/12/2017 7:27 AM, 258454 bytes, A Adds the file pl.pak"="5/12/2017 7:27 AM, 267595 bytes, A Adds the file pt-BR.pak"="5/12/2017 7:27 AM, 263745 bytes, A Adds the file pt-PT.pak"="5/12/2017 7:27 AM, 266933 bytes, A Adds the file ro.pak"="5/12/2017 7:27 AM, 274526 bytes, A Adds the file ru.pak"="5/12/2017 7:27 AM, 418198 bytes, A Adds the file sk.pak"="5/12/2017 7:27 AM, 282109 bytes, A Adds the file sl.pak"="5/12/2017 7:27 AM, 258509 bytes, A Adds the file sr.pak"="5/12/2017 7:27 AM, 411137 bytes, A Adds the file sv.pak"="5/12/2017 7:27 AM, 245913 bytes, A Adds the file sw.pak"="5/12/2017 7:27 AM, 249652 bytes, A Adds the file ta.pak"="5/12/2017 7:27 AM, 630775 bytes, A Adds the file te.pak"="5/12/2017 7:27 AM, 603152 bytes, A Adds the file th.pak"="5/12/2017 7:27 AM, 525359 bytes, A Adds the file tr.pak"="5/12/2017 7:27 AM, 265482 bytes, A Adds the file uk.pak"="5/12/2017 7:27 AM, 427059 bytes, A Adds the file vi.pak"="5/12/2017 7:27 AM, 301766 bytes, A Adds the file zh-CN.pak"="5/12/2017 7:27 AM, 224301 bytes, A Adds the file zh-TW.pak"="5/12/2017 7:27 AM, 225598 bytes, A Adds the folder C:\Program Files (x86)\GenlTybros\Update Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\GenlT] "ID"="REG_SZ", "9B3A3F1B-2B28-444B-A963-D464A4D17CF9" "InstallAMID"="REG_SZ", "" "InstallSID"="REG_SZ", "" "Version"="REG_SZ", "217" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GenlT] "ID"="REG_SZ", "9B3A3F1B-2B28-444B-A963-D464A4D17CF9" "InstallAMID"="REG_SZ", "0" "InstallDate"="REG_SZ", "18.07.2017 8:59" "InstallSID"="REG_SZ", "" "Success"="REG_SZ", "1" "Version"="REG_SZ", "217" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GenlTybros] "Success"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Genl Tybie Trossachs] "DisplayName"="REG_SZ", "Genl Tybie Trossachs" "DisplayVersion"="REG_SZ", "2.17" "EstimatedSize"="REG_DWORD", 94777 "InstallDate"="REG_SZ", "20160718" "Publisher"="REG_SZ", "Exundancy Co." "UninstallString"="REG_SZ", ""C:\Program Files (x86)\GenlTybros\uninstall.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\GenlT] "DisplayName"="REG_SZ", "Genl Tybie Trossachs" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\GenlTybros\GenlT.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/18/17 Scan Time: 12:08 PM Log File: mbamGenlT2.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2390 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 338427 Threats Detected: 100 Threats Quarantined: 100 Time Elapsed: 1 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 5 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLT.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Quarantined, [1181], [411529],1.0.2390 Module: 17 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLT.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Quarantined, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Quarantined, [1181], [411529],1.0.2390 Registry Key: 3 Adware.Mewishid, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GenlT, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Genl Tybie Trossachs, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, HKLM\SOFTWARE\GenlT, Delete-on-Reboot, [1181], [411537],1.0.2390 Registry Value: 1 Adware.Mewishid, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GENLT|IMAGEPATH, Delete-on-Reboot, [1181], [411540],1.0.2390 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\Update, Delete-on-Reboot, [1181], [411529],1.0.2390 File: 72 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLT.EXE, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\hi.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\am.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ar.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\bg.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\bn.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ca.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\cs.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\da.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\de.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\el.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\en-GB.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\en-US.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\es-419.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\es.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\et.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\fa.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\fi.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\fil.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\fr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\gu.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\he.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\hr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\hu.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\id.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\it.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ja.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\kn.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ko.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\lt.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\lv.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ml.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\mr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ms.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\nb.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\nl.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\pl.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\pt-BR.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\pt-PT.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ro.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ru.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sk.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sl.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sv.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sw.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ta.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\te.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\th.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\tr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\uk.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\vi.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\zh-CN.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\zh-TW.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\cef.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\cef_100_percent.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\cef_200_percent.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\cef_extensions.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\devtools_resources.pak, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\icudtl.dat, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libEGL.dll, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libGLESv2.dll, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\natives_blob.bin, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\snapshot_blob.bin, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\Uninstall.exe, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid, C:\Program Files (x86)\GenlTybros\widevinecdmadapter.dll, Delete-on-Reboot, [1181], [411529],1.0.2390 Adware.Mewishid.Generic, C:\USERS\{username}\DESKTOP\INSTALLP.EXE, Delete-on-Reboot, [9520], [410362],1.0.2390 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Tuesday at 10:46 AM
- - adware.mewishid
  - exundancy
  - (and 1 more)
    Tagged with:
    
    adware.mewishid
    
    exundancy
    
    genltybros
Removal instructions for MergeDocsOnline

Metallica posted a topic in Malware Removal Self-Help Guides

What is MergeDocsOnline? The Malwarebytes research team has determined that MergeDocsOnline is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. MergeDocsOnline is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by MergeDocsOnline? You may see this browser extensions/add-ons: these warnings during install: You may see this entry in your list of installed software: and this new homepage in the affected browsers: How did MergeDocsOnline get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove MergeDocsOnline? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MergeDocsOnline? If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the MergeDocsOnline hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/mergedocsonline/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}&coid={coid1} FF Homepage: hxxp://hp.myway.com/mergedocsonline/ttab02/index.html?coId={coid2}&subId&ln=en&n={n2}&ptb={ptb2}&st&p2={p21}&si FF Extension: MergeDocsOnline - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\Extensions\_ewMembers_@free.mergedocsonline.com [2017-07-17] MergeDocsOnline Internet Explorer Homepage and New Tab (HKCU\...\MergeDocsOnlineTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION The most significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\MergeDocsOnlineTooltab Adds the file TooltabExtension.dll"="10/19/2016 6:26 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com Adds the file bootstrap.js"="7/17/2017 2:04 PM, 24987 bytes, A Adds the file chrome.manifest"="7/17/2017 2:04 PM, 135 bytes, A Adds the file chrome.manifest.restartless"="7/17/2017 2:04 PM, 135 bytes, A Adds the file install.rdf"="7/17/2017 2:04 PM, 1375 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\chrome Adds the file ffxtbr.jar"="7/17/2017 2:04 PM, 345719 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\META-INF Adds the file manifest.mf"="7/17/2017 2:04 PM, 680 bytes, A Adds the file mozilla.rsa"="7/17/2017 2:04 PM, 4194 bytes, A Adds the file mozilla.sf"="7/17/2017 2:04 PM, 121 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\MergeDocsOnline_ew Adds the file {ptb2}.sqlite"="7/17/2017 2:04 PM, 98304 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\MergeDocsOnline] "Start Page"="REG_SZ", "http://hp.myway.com/mergedocsonline/ttab02/index.html?n={n1}&p2=^BYS^xdm130^TTAB02^nl&ptb={ptb1}&coid={coid1}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FHYM%3Fc%3D{ptb1}%26ptb%3D^BYS^xdm1" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/mergedocsonline/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}&coid={coid1}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MergeDocsOnlineTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "MergeDocsOnline Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\MergeDocsOnlineTooltab\TooltabExtension.dll" U uninstall:MergeDocsOnline" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/17/17 Scan Time: 2:18 PM Log File: mbamMergeDocsOnline.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2382 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 338391 Threats Detected: 65 Threats Quarantined: 65 Time Elapsed: 1 min, 43 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\MERGEDOCSONLINETOOLTAB\TOOLTABEXTENSION.DLL, Quarantined, [284], [301125],1.0.2382 Registry Key: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MergeDocsOnlineTooltab Uninstall Internet Explorer, Delete-on-Reboot, [284], [301125],1.0.2382 Registry Value: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MergeDocsOnlineTooltab Uninstall Internet Explorer|PUBLISHER, Delete-on-Reboot, [284], [352442],1.0.2382 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [284], [293497],1.0.2382 Data Stream: 0 (No malicious items detected) Folder: 5 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\MergeDocsOnline_ew, Delete-on-Reboot, [284], [240302],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\META-INF, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\chrome, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\EXTENSIONS\_EWMEMBERS_@FREE.MERGEDOCSONLINE.COM, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MergeDocsOnlineTooltab, Delete-on-Reboot, [875], [356944],1.0.2382 File: 56 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\MERGEDOCSONLINETOOLTAB\TOOLTABEXTENSION.DLL, Delete-on-Reboot, [284], [301125],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [319354],1.0.2382 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\PREFS.JS, Replaced, [875], [356946],1.0.2382 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\MERGEDOCSONLINE.070779E1ADB149AC8EE0A526D5423376.EXE, Delete-on-Reboot, [284], [365288],1.0.2382 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\MergeDocsOnline_ew\{ptb2}.sqlite, Delete-on-Reboot, [284], [240302],1.0.2382 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_mergedocsonline.dl.myway.com_0.localstorage, Delete-on-Reboot, [284], [240305],1.0.2382 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_mergedocsonline.dl.myway.com_0.localstorage-journal, Delete-on-Reboot, [284], [240305],1.0.2382 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\(profile).default\EXTENSIONS\_EWMEMBERS_@FREE.MERGEDOCSONLINE.COM\INSTALL.RDF, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\chrome\ffxtbr.jar, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\META-INF\manifest.mf, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\META-INF\mozilla.rsa, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\META-INF\mozilla.sf, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\bootstrap.js, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\chrome.manifest, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\(profile).default\extensions\_ewMembers_@free.mergedocsonline.com\chrome.manifest.restartless, Delete-on-Reboot, [284], [302304],1.0.2382 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_mergedocsonline.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [284], [240306],1.0.2382 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_mergedocsonline.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [284], [240306],1.0.2382 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 17
- - pup.optional.mindspark
  - myway
  - (and 1 more)
    Tagged with:
    
    pup.optional.mindspark
    
    myway
    
    mindspark/iac
Removal instructions for Photor

Metallica posted a topic in Malware Removal Self-Help Guides

What is Photor? The Malwarebytes research team has determined that Photor is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one is a Chrome extension. How do I know if my computer is affected by Photor? You may see these warnings during install: this browser extension: and you will see this newtab page: How did Photor get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was installed form the Google Playstore. and advertized as a background changer: How do I remove Photor? Our program Malwarebytes can detect and remove this potentially unwanted program. It is however preferred to remove the extension manually before performing the scan. You can find the extensions in Chrome under Tools > More Tools > Extensions. Click on the bin behind the extension and confirm the dialog to Remove. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Photor? No, Malwarebytes removes Photor completely. You will have to remove the Extension manually under Tools > More Tools > Extensions. Click on the bin behind the Photor entry and confirm Remove in the prompt. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Photor hijacker. It would have blocked the connection to their site. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://search.photorext.net/?q={searchTerms} CHR DefaultSearchKeyword: Default -> keyword.photor CHR Extension: (Photor) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago [2017-07-14] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0 Adds the file manifest.json"="7/14/2017 10:48 AM, 1664 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\_metadata Adds the file computed_hashes.json"="7/14/2017 10:48 AM, 31490 bytes, A Adds the file verified_contents.json"="6/30/2017 11:20 AM, 10991 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\css Adds the file font-awesome.min.css"="12/22/2016 3:50 PM, 31000 bytes, A Adds the file newTab.css"="6/30/2017 11:00 AM, 2194 bytes, A Adds the file weather.css"="5/16/2017 9:24 AM, 11571 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\data Adds the file background.jpg"="5/17/2017 1:28 PM, 105934 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts Adds the file FontAwesome.otf"="12/22/2016 3:50 PM, 134808 bytes, A Adds the file fontawesome-webfont.eot"="12/22/2016 3:50 PM, 165742 bytes, A Adds the file fontawesome-webfont.svg"="12/22/2016 3:50 PM, 444379 bytes, A Adds the file fontawesome-webfont.ttf"="12/22/2016 3:50 PM, 165548 bytes, A Adds the file fontawesome-webfont.woff"="12/22/2016 3:50 PM, 98024 bytes, A Adds the file fontawesome-webfont.woff2"="12/22/2016 3:50 PM, 77160 bytes, A Adds the file OpenSans-Bold.ttf"="4/21/2017 2:54 PM, 224592 bytes, A Adds the file OpenSans-Light.ttf"="4/21/2017 2:54 PM, 222412 bytes, A Adds the file OpenSans-Regular.ttf"="4/21/2017 2:54 PM, 217360 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\html Adds the file newTab.html"="6/30/2017 10:59 AM, 6392 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\js Adds the file background.js"="6/30/2017 11:05 AM, 8764 bytes, A Adds the file ga.js"="6/19/2017 9:41 AM, 1026 bytes, A Adds the file jquery.min.js"="5/5/2017 11:36 AM, 86659 bytes, A Adds the file newTab.js"="6/30/2017 11:02 AM, 17586 bytes, A Adds the file tmpl.min.js"="2/17/2017 8:13 AM, 1072 bytes, A Adds the file weatherDataParsers.js"="6/19/2017 9:37 AM, 1844 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\icons Adds the file 128.png"="7/14/2017 10:48 AM, 392 bytes, A Adds the file 16.png"="7/14/2017 10:48 AM, 86 bytes, A Adds the file 32.png"="7/14/2017 10:48 AM, 106 bytes, A Adds the file 48.png"="7/14/2017 10:48 AM, 140 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images Adds the file arrow-bottom.png"="5/11/2017 2:26 PM, 136 bytes, A Adds the file arrow-top.png"="5/11/2017 2:26 PM, 139 bytes, A Adds the file search-frst.png"="6/30/2017 10:49 AM, 11849 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps Adds the file facebook.png"="5/11/2017 2:27 PM, 725 bytes, A Adds the file google-drive.png"="5/11/2017 2:27 PM, 1898 bytes, A Adds the file instagram.png"="5/11/2017 2:27 PM, 5579 bytes, A Adds the file linkedin.png"="5/11/2017 2:27 PM, 1663 bytes, A Adds the file pinterest.png"="5/11/2017 2:27 PM, 4232 bytes, A Adds the file twitter.png"="5/11/2017 2:27 PM, 1457 bytes, A Adds the file youtube.png"="5/11/2017 2:27 PM, 1189 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\weather-widget Adds the file humidity@2x.png"="5/11/2017 2:10 PM, 1195 bytes, A Adds the file pressure@2x.png"="5/11/2017 2:11 PM, 2400 bytes, A Adds the file sunrise@2x.png"="5/11/2017 2:12 PM, 1416 bytes, A Adds the file sunset@2x.png"="5/11/2017 2:12 PM, 1044 bytes, A Adds the file wind-sock.png"="5/11/2017 2:11 PM, 1115 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w Adds the file 01d-32px.png"="5/8/2017 2:46 PM, 2859 bytes, A Adds the file 01d-48px.png"="5/8/2017 2:46 PM, 2859 bytes, A Adds the file 01n-32px.png"="5/8/2017 2:46 PM, 2817 bytes, A Adds the file 01n-48px.png"="5/8/2017 2:46 PM, 2817 bytes, A Adds the file 02d-32px.png"="5/8/2017 2:46 PM, 2969 bytes, A Adds the file 02d-48px.png"="5/8/2017 2:46 PM, 2969 bytes, A Adds the file 02n-32px.png"="5/8/2017 2:46 PM, 2922 bytes, A Adds the file 02n-48px.png"="5/8/2017 2:46 PM, 2922 bytes, A Adds the file 03d-32px.png"="5/8/2017 2:46 PM, 2565 bytes, A Adds the file 03d-48px.png"="5/8/2017 2:46 PM, 2565 bytes, A Adds the file 03n-32px.png"="5/8/2017 2:46 PM, 2565 bytes, A Adds the file 03n-48px.png"="5/8/2017 2:46 PM, 2565 bytes, A Adds the file 04d-32px.png"="5/8/2017 2:46 PM, 2773 bytes, A Adds the file 04d-48px.png"="5/8/2017 2:46 PM, 2773 bytes, A Adds the file 04n-32px.png"="5/8/2017 2:46 PM, 2773 bytes, A Adds the file 04n-48px.png"="5/8/2017 2:46 PM, 2773 bytes, A Adds the file 09d-32px.png"="5/8/2017 2:46 PM, 3818 bytes, A Adds the file 09d-48px.png"="5/8/2017 2:46 PM, 3818 bytes, A Adds the file 09n-32px.png"="5/8/2017 2:46 PM, 3818 bytes, A Adds the file 09n-48px.png"="5/8/2017 2:46 PM, 3818 bytes, A Adds the file 10d-32px.png"="5/8/2017 2:46 PM, 3793 bytes, A Adds the file 10d-48px.png"="5/8/2017 2:46 PM, 3793 bytes, A Adds the file 10n-32px.png"="5/8/2017 2:46 PM, 3801 bytes, A Adds the file 10n-48px.png"="5/8/2017 2:46 PM, 3801 bytes, A Adds the file 11d-32px.png"="5/8/2017 2:46 PM, 3777 bytes, A Adds the file 11d-48px.png"="5/8/2017 2:46 PM, 3777 bytes, A Adds the file 11n-32px.png"="5/8/2017 2:46 PM, 3777 bytes, A Adds the file 11n-48px.png"="5/8/2017 2:46 PM, 3777 bytes, A Adds the file 13d-32px.png"="5/8/2017 2:46 PM, 3901 bytes, A Adds the file 13d-48px.png"="5/8/2017 2:46 PM, 3901 bytes, A Adds the file 13n-32px.png"="5/8/2017 2:46 PM, 3901 bytes, A Adds the file 13n-48px.png"="5/8/2017 2:46 PM, 3901 bytes, A Adds the file 50d-32px.png"="5/8/2017 2:46 PM, 3328 bytes, A Adds the file 50d-48px.png"="5/8/2017 2:46 PM, 3328 bytes, A Adds the file 50n-32px.png"="5/8/2017 2:47 PM, 3328 bytes, A Adds the file 50n-48px.png"="5/8/2017 2:47 PM, 3328 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jndegkabfmfeaiddoinfcmbdndcdaago Adds the file 000003.log"="7/14/2017 10:48 AM, 126174 bytes, A Adds the file CURRENT"="7/14/2017 10:48 AM, 16 bytes, A Adds the file LOCK"="7/14/2017 10:48 AM, 0 bytes, A Adds the file LOG"="7/14/2017 10:48 AM, 185 bytes, A Adds the file MANIFEST-000001"="7/14/2017 10:48 AM, 41 bytes, A Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/14/17 Scan Time: 11:05 AM Log File: mbamPhotor.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2359 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 338018 Threats Detected: 92 Threats Quarantined: 92 Time Elapsed: 1 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 14 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\weather-widget, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\icons, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\_metadata, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\data, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\html, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\css, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\js, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JNDEGKABFMFEAIDDOINFCMBDNDCDAAGO, Quarantined, [9532], [416193],1.0.2359 File: 78 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\css\font-awesome.min.css, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\css\newTab.css, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\css\weather.css, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\data\background.jpg, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\fontawesome-webfont.eot, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\fontawesome-webfont.svg, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\fontawesome-webfont.ttf, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\fontawesome-webfont.woff, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\fontawesome-webfont.woff2, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\FontAwesome.otf, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\OpenSans-Bold.ttf, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\OpenSans-Light.ttf, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\fonts\OpenSans-Regular.ttf, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\html\newTab.html, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\js\background.js, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\js\ga.js, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\js\jquery.min.js, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\js\newTab.js, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\js\tmpl.min.js, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\js\weatherDataParsers.js, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\icons\128.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\icons\16.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\icons\32.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\icons\48.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps\facebook.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps\google-drive.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps\instagram.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps\linkedin.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps\pinterest.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps\twitter.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\apps\youtube.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\weather-widget\humidity@2x.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\weather-widget\pressure@2x.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\weather-widget\sunrise@2x.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\weather-widget\sunset@2x.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\weather-widget\wind-sock.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\arrow-bottom.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\arrow-top.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\images\search-frst.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\09d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\01d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\01d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\01n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\01n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\02d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\02d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\02n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\02n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\03d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\03d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\03n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\03n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\04d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\04d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\04n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\04n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\09d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\09n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\09n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\10d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\10d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\10n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\10n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\11d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\11d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\11n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\11n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\13d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\13d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\13n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\13n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\50d-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\50d-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\50n-32px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\resources\w\50n-48px.png, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\_metadata\computed_hashes.json, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\_metadata\verified_contents.json, Quarantined, [9532], [416193],1.0.2359 PUP.Optional.Photor, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndegkabfmfeaiddoinfcmbdndcdaago\1.0.7_0\manifest.json, Quarantined, [9532], [416193],1.0.2359 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 14
- - pup.optional.photor
  - photorext.net
  - (and 1 more)
    Tagged with:
    
    pup.optional.photor
    
    photorext.net
    
    jndegkabfmfeaiddoinfcmbdndcdaago
Removal instructions for Super Optimizer

Metallica posted a topic in Malware Removal Self-Help Guides

What is Super Optimizer? The Malwarebytes research team has determined that Super Optimizer is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Super Optimizer? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and these screens when you try to fix the found issues: You may see this entry in your list of installed programs: and this task in your list of Scheduled Tasks: How did Super Optimizer get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Super Optimizer? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Super Optimizer? No, Malwarebytes removes Super Optimizer completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Super Optimizer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domains: Technical details for experts You may see these entries in FRST logs: () C:\Program Files (x86)\Super Optimizer\SuperOptimizer.exe HKCU\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [675488 2015-12-30] () C:\Windows\System32\Tasks\Super Optimizer Schedule C:\Users\{username}\Documents\Super Optimizer C:\Users\{username}\AppData\Roaming\Super Optimizer C:\Users\{username}\Desktop\Super Optimizer.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer C:\Program Files (x86)\Super Optimizer C:\Users\{username}\AppData\Local\Temp\supoptsetup.exe Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION Task: {BD62A773-E750-4B3B-871B-1FEAB0D39955} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-12-30] () <==== ATTENTION () C:\Program Files (x86)\Super Optimizer\SuperOptimizer.exe () C:\Program Files (x86)\Super Optimizer\sqlite3.dll Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Super Optimizer Adds the file bg_new_en.bmp"="4/15/2015 12:05 PM, 69776 bytes, A Adds the file bg_new_es.bmp"="4/15/2015 2:49 PM, 76568 bytes, A Adds the file bg_new_fr.bmp"="4/15/2015 2:51 PM, 77468 bytes, A Adds the file bg_new_it.bmp"="4/15/2015 2:46 PM, 70560 bytes, A Adds the file bg_new4.bmp"="8/19/2015 1:44 PM, 84380 bytes, A Adds the file bg_new5.bmp"="10/12/2015 4:46 PM, 289068 bytes, A Adds the file cancel.bmp"="9/9/2014 3:52 PM, 20360 bytes, A Adds the file CookiesException.txt"="12/11/2012 4:14 PM, 712 bytes, A Adds the file English.ini"="2/20/2014 8:50 AM, 22270 bytes, A Adds the file file_id.diz"="2/25/2014 8:46 AM, 909 bytes, A Adds the file HomePage.url"="1/29/2015 11:08 AM, 127 bytes, A Adds the file idp.dll"="1/13/2015 2:48 PM, 233472 bytes, A Adds the file itdownload.dll"="10/15/2008 3:44 PM, 205312 bytes, A Adds the file QuickCheckout.exe"="12/30/2015 10:58 AM, 435360 bytes, A Adds the file scan.gif"="3/4/2014 12:45 PM, 11862 bytes, A Adds the file sqlite3.dll"="9/29/2013 1:11 PM, 520234 bytes, A Adds the file StartupList.txt"="8/29/2013 2:08 PM, 95336 bytes, A Adds the file SuperOptimizer.chm"="4/15/2014 2:44 PM, 30112 bytes, A Adds the file SuperOptimizer.exe"="12/30/2015 10:58 AM, 4460704 bytes, A Adds the file SupOptGuard.exe"="12/30/2015 10:58 AM, 1417888 bytes, A Adds the file SupOptHelper.dll"="8/19/2015 2:38 PM, 1296896 bytes, A Adds the file SupOptLauncher.exe"="12/30/2015 10:58 AM, 675488 bytes, A Adds the file SupOptReminder.exe"="12/30/2015 10:58 AM, 1425056 bytes, A Adds the file SupOptSchedule.exe"="12/30/2015 10:58 AM, 947360 bytes, A Adds the file SupOptSmartScan.exe"="12/30/2015 10:58 AM, 950432 bytes, A Adds the file SupOptStart.exe"="12/30/2015 10:58 AM, 1182880 bytes, A Adds the file SupOptUninstaller.exe"="12/30/2015 10:58 AM, 1071776 bytes, A Adds the file unins000.dat"="7/13/2017 9:30 AM, 141909 bytes, A Adds the file unins000.exe"="7/13/2017 9:29 AM, 1281016 bytes, A Adds the file unins000.msg"="7/13/2017 9:30 AM, 22701 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer Adds the file Check updates.lnk"="7/13/2017 9:30 AM, 1132 bytes, A Adds the file Help.lnk"="7/13/2017 9:30 AM, 1104 bytes, A Adds the file Super Optimizer on the Web.lnk"="7/13/2017 9:30 AM, 1074 bytes, A Adds the file Super Optimizer.lnk"="7/13/2017 9:30 AM, 1104 bytes, A Adds the file Uninstall Super Optimizer.lnk"="7/13/2017 9:30 AM, 1100 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Super Optimizer\Backup Adds the folder C:\Users\{username}\AppData\Roaming\Super Optimizer\Log Adds the folder C:\Users\{username}\AppData\Roaming\Super Optimizer\Undo In the existing folder C:\Users\{username}\Desktop Adds the file Super Optimizer.lnk"="7/13/2017 9:30 AM, 1086 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Super Optimizer Schedule"="7/13/2017 9:36 AM, 3272 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "QuickCheckout.exe"="REG_DWORD", 11000 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe" "DisplayName"="REG_SZ", "Super Optimizer v3.2" "DisplayVersion"="REG_SZ", "3.2.0.1" "EstimatedSize"="REG_DWORD", 16556 "HelpLink"="REG_SZ", "http://www.superpctools.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Super Optimizer" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Super Optimizer" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.3 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170713" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Super Optimizer\" "MajorVersion"="REG_DWORD", 3 "MinorVersion"="REG_DWORD", 2 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Super PC Tools ltd" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Super Optimizer\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Super Optimizer\unins000.exe" /VERYSILENT" "URLInfoAbout"="REG_SZ", "http://www.superpctools.com/" "URLUpdateInfo"="REG_SZ", "http://www.superpctools.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "QuickCheckout.exe"="REG_DWORD", 11000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Super Optimizer"="REG_SZ", "C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe" [HKEY_CURRENT_USER\Software\Super Optimizer] "AdsBuyNowURL"="REG_SZ", "http://supc55.superpctools.revenuewire.net/spu/register?{code}_{clsid}" "AdsDownloadURL"="REG_SZ", "http://dl.superpcdownload.net/{code}/SuperUpdaterSetup.exe" "AdsHost"="REG_SZ", "dl.superpcdownload.net" "AppStart"="REG_DWORD", 1 "BtnFixPressed"="REG_DWORD", 1 "BuyNowURL"="REG_SZ", "https://safecart.com/superpctools/.spo/purchase?tid={code}6-US-094_{clsid}" "CBM"="REG_DWORD", 1 "cufValue"="REG_SZ", "CUF=0" "DelayedStart"="REG_SZ", "5" "DisplayName"="REG_SZ", "Super Optimizer" "HomePageURL"="REG_SZ", "http://www.superpctools.com" "IA"="REG_SZ", "C:\Program Files (x86)\Super Optimizer\QuickCheckout.exe" "InstallDate"="REG_BINARY, .... "InstallStat"="REG_DWORD", 1 "IR"="REG_SZ", "1" "ItemsCleaned"="REG_DWORD", 0 "ItemsToClean"="REG_DWORD", 627 "ItemsToFix"="REG_DWORD", 136 "ItemsToScan"="REG_SZ", "1111111111" "Language"="REG_DWORD", 1 "LastScanChecked"="REG_SZ", "1111011" "LastScanFound"="REG_DWORD", 763 "LastVersionChecking"="REG_BINARY, .... "LogDir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Super Optimizer\Log" "ProblemsFixed"="REG_DWORD", 0 "Querry"="REG_SZ", "http://bi.superpcdownload.net/t/i/sp?sid=211002116-NL-094&dt=%dt%&gid={clsid}&tz=%tz%&ln=%ln%&lc=%lc%&bis=%bis%&bief=%bief%&biefx=%biefx%&bif=%bif%&os=%os%&f=(id)" "QuerryDate"="REG_BINARY, .... "Reminder"="REG_DWORD", 1 "ResidualFilesCleaned"="REG_DWORD", 0 "RunDate"="REG_BINARY, .... "s_Enable"="REG_DWORD", 0 "s_SmartExec"="REG_DWORD", 0 "s_SmartMode"="REG_DWORD", 0 "s_SmartScan"="REG_DWORD", 1 "s_Time"="REG_BINARY, .... "SC"="REG_SZ", "https://safecart.com/superpctools/.spo/purchase?tid={code}-US-094_{clsid}" "ScanAtStartup"="REG_DWORD", 1 "SessionID"="REG_SZ", "{clsid}" "SetupName"="REG_SZ", "C:\Users\{username}\Desktop\SuperOptimizer.exe" "ShowRebootMessage"="REG_DWORD", 1 "SpeedGuard"="REG_DWORD", 0 "Stat1a"="REG_DWORD", 99 "SupportURL"="REG_SZ", "http://superpctools.com/support/" "UndoDir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Super Optimizer\Undo" "UninstallURL"="REG_SZ", "https://safecart.com/superpctools/.spo-special/purchase?sid={code}-NL-094" "UpgradeID"="REG_SZ", "BZDV_PCSM_ML_PCUP_SUPEROPTIMIZER_RED" "UseAds"="REG_DWORD", 1 "UseExceptionList"="REG_DWORD", 1 "Version"="REG_SZ", "3.2" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/13/17 Scan Time: 9:57 AM Log File: mbamSuperOptimizer.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2352 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337905 Threats Detected: 56 Threats Quarantined: 56 Time Elapsed: 1 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.OptimizerPro, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPEROPTIMIZER.EXE, Quarantined, [847], [69876],1.0.2352 Module: 2 PUP.Optional.OptimizerPro, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPEROPTIMIZER.EXE, Quarantined, [847], [69876],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\sqlite3.dll, Quarantined, [2658], [243664],1.0.2352 Registry Key: 3 PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Super Optimizer_is1, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, HKCU\SOFTWARE\SUPER OPTIMIZER, Delete-on-Reboot, [2658], [243670],1.0.2352 PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Optimizer Schedule, Delete-on-Reboot, [2658], [186768],1.0.2352 Registry Value: 3 PUP.Optional.SpeedingUpMyPC, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Super Optimizer, Delete-on-Reboot, [942], [363543],1.0.2352 PUP.Optional.SuperOptimizer, HKCU\SOFTWARE\SUPER OPTIMIZER|SETUPNAME, Delete-on-Reboot, [2658], [243670],1.0.2352 PUP.Optional.SuperOptimizer, HKCU\SOFTWARE\SUPER OPTIMIZER|ADSBUYNOWURL, Delete-on-Reboot, [2658], [243669],1.0.2352 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.SuperOptimizer, C:\Users\{username}\AppData\Roaming\Super Optimizer\Backup, Delete-on-Reboot, [2658], [179873],1.0.2352 PUP.Optional.SuperOptimizer, C:\Users\{username}\AppData\Roaming\Super Optimizer\Undo, Delete-on-Reboot, [2658], [179873],1.0.2352 PUP.Optional.SuperOptimizer, C:\Users\{username}\AppData\Roaming\Super Optimizer\Log, Delete-on-Reboot, [2658], [179873],1.0.2352 PUP.Optional.SuperOptimizer, C:\USERS\{username}\APPDATA\ROAMING\Super Optimizer, Delete-on-Reboot, [2658], [179873],1.0.2352 PUP.Optional.SuperOptimizer, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\USERS\{username}\DOCUMENTS\SUPER OPTIMIZER, Delete-on-Reboot, [2658], [243663],1.0.2352 PUP.Optional.SuperOptimizer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPER OPTIMIZER, Delete-on-Reboot, [2658], [243665],1.0.2352 File: 40 PUP.Optional.OptimizerPro, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPEROPTIMIZER.EXE, Delete-on-Reboot, [847], [69876],1.0.2352 PUP.Optional.SpeedingUpMyPC, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPOPTLAUNCHER.EXE, Delete-on-Reboot, [942], [363543],1.0.2352 PUP.Optional.SuperOptimizer, C:\USERS\{username}\DESKTOP\SUPER OPTIMIZER.LNK, Delete-on-Reboot, [2658], [243662],1.0.2352 PUP.Optional.SpeedingUpMyPC, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPOPTSCHEDULE.EXE, Delete-on-Reboot, [942], [363543],1.0.2352 PUP.Optional.SuperOptimizer, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\UNINS000.MSG, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new4.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new5.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_en.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_es.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_fr.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_it.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\cancel.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\CookiesException.txt, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\English.ini, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\file_id.diz, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\HomePage.url, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\idp.dll, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\itdownload.dll, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\QuickCheckout.exe, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\scan.gif, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\sqlite3.dll, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\StartupList.txt, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SuperOptimizer.chm, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptGuard.exe, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptHelper.dll, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptReminder.exe, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptStart.exe, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptUninstaller.exe, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\unins000.dat, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\unins000.exe, Delete-on-Reboot, [2658], [243664],1.0.2352 PUP.Optional.SuperOptimizer, C:\USERS\{username}\DESKTOP\SUPEROPTIMIZER.EXE, Delete-on-Reboot, [2658], [77288],1.0.2352 PUP.Optional.SuperOptimizer, C:\USERS\{username}\APPDATA\LOCAL\TEMP\SUPOPTSETUP.EXE, Delete-on-Reboot, [2658], [77287],1.0.2352 PUP.Optional.SuperOptimizer, C:\USERS\{username}\DOCUMENTS\SUPER OPTIMIZER\COOKIESEXCEPTION.TXT, Delete-on-Reboot, [2658], [243663],1.0.2352 PUP.Optional.SuperOptimizer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPER OPTIMIZER\SUPER OPTIMIZER ON THE WEB.LNK, Delete-on-Reboot, [2658], [243665],1.0.2352 PUP.Optional.SuperOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer\Check updates.lnk, Delete-on-Reboot, [2658], [243665],1.0.2352 PUP.Optional.SuperOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer\Help.lnk, Delete-on-Reboot, [2658], [243665],1.0.2352 PUP.Optional.SuperOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer\Super Optimizer.lnk, Delete-on-Reboot, [2658], [243665],1.0.2352 PUP.Optional.SuperOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer\Uninstall Super Optimizer.lnk, Delete-on-Reboot, [2658], [243665],1.0.2352 PUP.Optional.SuperOptimizer, C:\WINDOWS\SYSTEM32\TASKS\SUPER OPTIMIZER SCHEDULE, Delete-on-Reboot, [2658], [234121],1.0.2352 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 13
- - pup.optional.superoptimizer
  - pup.optional.speedingupmypc
  - (and 2 more)
    Tagged with:
    
    pup.optional.superoptimizer
    
    pup.optional.speedingupmypc
    
    supopt
    
    pup.optional.optimizerpro
Removal instructions for 115118.net

Metallica posted a topic in Malware Removal Self-Help Guides

What is 115118.net ? The Malwarebytes research team has determined that 115118.net is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is affected by 115118.net ? You may see this new homepage: which will redirect you to a Baidu startsite. You may see these search providers: and these links in your favorites: How did 115118.net get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove 115118.net ? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of 115118.net ? No, Malwarebytes removes 115118.net completely. You should have a look at our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the 115118.net hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: HKLM-x32\...\Run: [????{] => C:\Program Files (x86)\home\gho.exe [347728 2014-07-17] () HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.115118.net/?772js407 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.115118.net/?772js407 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.115118.net/?772js407 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.115118.net/?772js407 SearchScopes: HKCU -> DefaultScope {EB7D113C-C3B0-B5E3-3626-035F87FFDF45} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> Baidu URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> Google URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> {3887B59A-D1F6-4135-8247-48E1EC2C2EDD} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&ie=utf-8 SearchScopes: HKCU -> {EB7D113C-C3B0-B5E3-3626-035F87FFDF45} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 SearchScopes: HKCU -> {F5EA8C0E-C6B5-4D60-8AFD-243026ABC33F} URL = hxxp://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8 C:\Program Files (x86)\home Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\home Adds the file gho.exe"="7/17/2014 4:44 PM, 347728 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Adds the file ????.url"="3/29/2013 2:22 PM, 319 bytes, RA In the existing folder C:\Users\{username}\Favorites Adds the file 115118.net??????.url"="7/12/2017 9:22 AM, 54 bytes, A Adds the file 26176???.url"="7/12/2017 9:22 AM, 52 bytes, A Adds the file 330la?????.url"="7/12/2017 9:22 AM, 52 bytes, A Adds the file 52xp win7????.url"="7/12/2017 9:22 AM, 52 bytes, A Adds the file uc880???? ????.url"="7/12/2017 9:22 AM, 51 bytes, A Adds the file U?????.url"="7/12/2017 9:22 AM, 54 bytes, A Adds the file win860???? ???.url"="7/12/2017 9:22 AM, 53 bytes, A Adds the file win8??????.url"="7/12/2017 9:22 AM, 54 bytes, A Adds the file xtxz????????.url"="7/12/2017 9:22 AM, 52 bytes, A Adds the file ????-????.url"="7/12/2017 9:22 AM, 59 bytes, A Adds the file ???-?!???.url"="7/12/2017 9:22 AM, 62 bytes, A Adds the file ????-????.url"="7/12/2017 9:22 AM, 59 bytes, A Adds the file ????????.url"="7/12/2017 9:22 AM, 53 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\AnimExtensions] "."="REG_SZ", "dxmasf.dll,150" ".asf"="REG_SZ", "dxmasf.dll,150" ".asp"="REG_SZ", "dxmasf.dll,150" ".asx"="REG_SZ", "dxmasf.dll,150" ".nsc"="REG_SZ", "dxmasf.dll,150" ".wax"="REG_SZ", "dxmasf.dll,150" ".wm"="REG_SZ", "dxmasf.dll,150" ".wma"="REG_SZ", "dxmasf.dll,150" ".wmv"="REG_SZ", "dxmasf.dll,150" ".wmx"="REG_SZ", "dxmasf.dll,150" ".wvx"="REG_SZ", "dxmasf.dll,150" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\Extensions] ".ASF"= REG_SZ, "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".ASP"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".ASX"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".BECK"="REG_SZ", "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".IVF"="REG_SZ", "{C69E8F40-D5C8-11D0-A520-145405C10000}" ".NSC"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".WAX"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".WM"= REG_SZ, "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".WMA"= REG_SZ, "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".WMV"= REG_SZ, "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}" ".WMX"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".WVX"="REG_SZ", "{4B428940-263C-11d1-A520-000000000000}" ".xldap"="REG_SZ", "{A4E38A50-618A-4b20-ABC6-551B5C661E9F}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\ddeexec\Applicationr] "(Default)"="REG_SZ", "TencentTraveler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut] "(Default)"="REG_SZ", "Internet ????" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN] "Default_Page_URL" = REG_SZ, "http://www.115118.net/?772js407" "Start Page" = REG_SZ, "http://www.115118.net/?772js407" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "??????"="REG_SZ", "C:\Program Files (x86)\home\gho.exe" [HKEY_CURRENT_USER\Software\Classes\http] "(Default)"="REG_SZ", "URL:???????" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command] "(Default)"="REG_SZ", ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.115118.net/?772js407" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping] "{e2e2dd38-d088-4134-82b7-f2ba38496583}"="REG_DWORD", 8195 "{FA88FA88-1365-6229-3571-D50031769334}"="REG_DWORD", 8192 "{FA88FA88-6304-B590-7304-565980331160}"="REG_DWORD", 8193 "{FA88FA88-6781-6733-7451-932240182899}"="REG_DWORD", 8194 "NextId"="REG_DWORD", 8196 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="REG_SZ", "http://www.115118.net/?772js407" "Start Page" = REG_SZ, "http://www.115118.net/?772js407" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{EB7D113C-C3B0-B5E3-3626-035F87FFDF45}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] "FaviconURLFallback" = REG_SZ, "http://www.baidu.com/favicon.ico" "SuggestionsURLFallback" = REG_SZ, "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" "URL" = REG_SZ, "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3887B59A-D1F6-4135-8247-48E1EC2C2EDD}] "DisplayName"="REG_SZ", "BaiduSearch" "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB7D113C-C3B0-B5E3-3626-035F87FFDF45}] "DisplayName"="REG_SZ", "????" "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F5EA8C0E-C6B5-4D60-8AFD-243026ABC33F}] "Codepage"="REG_DWORD", 65001 "DisplayName"="REG_SZ", "??" "FaviconURL"="REG_SZ", "" "PreviewURL"="REG_SZ", "" "ShowSearchSuggestions"="REG_DWORD", 1 "SortIndex"="REG_DWORD", 1 "SuggestionsURL"="REG_SZ", "" "SuggestionsURL_JSON"="REG_SZ", "" "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Baidu] "Codepage"="REG_DWORD", 65001 "DisplayName"="REG_SZ", "????" "SortIndex"="REG_DWORD", -3 "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Google] "Codepage"="REG_DWORD", 936 "DisplayName"="REG_SZ", "????" "SortIndex"="REG_DWORD", -2 "URL"="REG_SZ", "http://www.uc880.com/ie.htm?wd={searchTerms}&ie=utf-8" [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel] "HOMEPAGE"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main] "Start Page"="REG_SZ", "http://www.115118.net/?772js407" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/12/17 Scan Time: 2:17 PM Log File: mbam115118net.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2349 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337883 Threats Detected: 38 Threats Quarantined: 38 Time Elapsed: 2 min, 10 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 9 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\Baidu, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\Google, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3887B59A-D1F6-4135-8247-48E1EC2C2EDD}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EB7D113C-C3B0-B5E3-3626-035F87FFDF45}, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F5EA8C0E-C6B5-4D60-8AFD-243026ABC33F}, Delete-on-Reboot, [115], [258339],1.0.2349 Registry Value: 9 PUP.Optional.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|??????, Delete-on-Reboot, [60], [415594],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\Baidu|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\Google|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|SUGGESTIONSURLFALLBACK, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3887B59A-D1F6-4135-8247-48E1EC2C2EDD}|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EB7D113C-C3B0-B5E3-3626-035F87FFDF45}|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.ChinAd, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F5EA8C0E-C6B5-4D60-8AFD-243026ABC33F}|URL, Delete-on-Reboot, [115], [258339],1.0.2349 PUP.Optional.StartPage, HKCU\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Delete-on-Reboot, [60], [415595],1.0.2349 Registry Data: 4 Hijack.StartPage.Gen, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [16643], [292512],1.0.2349 Hijack.StartPage.Gen, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, Replace-on-Reboot, [16643], [292512],1.0.2349 Hijack.StartPage.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, Replace-on-Reboot, [16643], [292511],1.0.2349 Hijack.StartPage.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [16643], [292511],1.0.2349 Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.StartPage, C:\PROGRAM FILES (X86)\HOME, Delete-on-Reboot, [60], [415594],1.0.2349 File: 15 PUP.Optional.StartPage.Generic, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\????.URL, Delete-on-Reboot, [625], [415584],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\330LA?????.URL, Delete-on-Reboot, [625], [415587],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\XTXZ????????.URL, Delete-on-Reboot, [625], [415592],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\UC880???? ????.URL, Delete-on-Reboot, [625], [415589],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\???-?!???.URL, Delete-on-Reboot, [625], [415589],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\U?????.URL, Delete-on-Reboot, [625], [415590],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\????-????.URL, Delete-on-Reboot, [625], [415589],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\52XP WIN7????.URL, Delete-on-Reboot, [625], [415586],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\????-????.URL, Delete-on-Reboot, [625], [415589],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\115118.NET??????.URL, Delete-on-Reboot, [625], [415585],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\WIN860???? ???.URL, Delete-on-Reboot, [625], [415591],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\????????.URL, Delete-on-Reboot, [625], [415593],1.0.2349 PUP.Optional.StartPage, C:\PROGRAM FILES (X86)\HOME\GHO.EXE, Delete-on-Reboot, [60], [415594],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\26176???.URL, Delete-on-Reboot, [625], [415588],1.0.2349 PUP.Optional.StartPage.Generic, C:\USERS\{username}\FAVORITES\WIN8??????.URL, Delete-on-Reboot, [625], [415591],1.0.2349 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 12
- - pup.optional.chinad
  - pup.optional.startpage
  - (and 2 more)
    Tagged with:
    
    pup.optional.chinad
    
    pup.optional.startpage
    
    hijack.startpage.gen
    
    pup.optional.startpage.generic
Removal instructions for My Maps XP

Metallica posted a topic in Malware Removal Self-Help Guides

What is My Maps XP? The Malwarebytes research team has determined that My Maps XP is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. My Maps XP is a member of the Spigot family as described in the blogpost Spigot browser hijackers. How do I know if my computer is affected by My Maps XP? You may see these browser extensions/add-ons: and this new default search provider: You may see this entry in your list of installed software: these warnings during install: and this new startpage in the affected browser(s): How did My Maps XP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove My Maps XP? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of My Maps XP? If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the My Maps XP entry. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the My Maps XP hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.mymapsxp.com/?source=-bb8&uid={uid}&uc={date}&ap=appfocus15&i_id=maps__1.30 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.co.uk/?gws_rd=ssl SearchScopes: HKCU -> DefaultScope {0179737B-394F-4828-AC26-EBA1D05F5CF8} URL = hxxp://search.mymapsxp.com/s?source=-bb8&uid={uid}&uc={date}&ap=appfocus15&i_id=maps__1.30&query={searchTerms} SearchScopes: HKCU -> {0179737B-394F-4828-AC26-EBA1D05F5CF8} URL = hxxp://search.mymapsxp.com/s?source=-bb8&uid={uid}&uc={date}&ap=appfocus15&i_id=maps__1.30&query={searchTerms} FF Homepage: hxxp://search.mymapsxp.com?uid={uidff}&uc={date}&ap=appfocus15&source=tt&page=homepage&implementation_id=maps_4.0.3 FF Extension: Maps - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\@Maps.xpi [2017-07-11] CHR Extension: (My Maps XP) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch [2017-07-11] C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} My Maps XP (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 2.7.0.2 - Cloud Installer) The most significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0 Adds the file background.js"="10/27/2016 10:09 AM, 13290 bytes, A Adds the file icon.png"="7/11/2017 9:52 AM, 7862 bytes, A Adds the file manifest.json"="7/11/2017 9:52 AM, 1241 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\_locales\en Adds the file messages.json"="7/11/2017 9:52 AM, 283 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\_metadata Adds the file computed_hashes.json"="7/11/2017 9:52 AM, 1066 bytes, A Adds the file verified_contents.json"="10/27/2016 10:09 AM, 2668 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\css Adds the file description.css"="10/27/2016 10:09 AM, 1008 bytes, A Adds the file popup.css"="10/27/2016 10:09 AM, 95 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\html\popup Adds the file description.html"="10/27/2016 10:09 AM, 273 bytes, A Adds the file popup.html"="10/27/2016 10:09 AM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\js Adds the file userNewTab.js"="10/27/2016 10:09 AM, 2486 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\js\popup Adds the file popup.js"="10/27/2016 10:09 AM, 789 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\newtab Adds the file newtab.html"="10/27/2016 10:09 AM, 190 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dcldppjljccdpaeoepdopkfiekikkbch Adds the file 000003.log"="7/11/2017 9:52 AM, 258 bytes, A Adds the file CURRENT"="7/11/2017 9:52 AM, 16 bytes, A Adds the file LOCK"="7/11/2017 9:52 AM, 0 bytes, A Adds the file LOG"="7/11/2017 9:52 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/11/2017 9:52 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Adds the file Uninstall.exe"="7/11/2017 9:58 AM, 264704 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file @Maps.xpi"="7/11/2017 9:55 AM, 19464 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\features\{8510f199-8c3c-44bd-9bbb-32cdc7b7e377} Adds the file followonsearch@mozilla.com.xpi"="7/11/2017 9:55 AM, 10465 bytes, A Adds the file shield-recipe-client@mozilla.org.xpi"="7/11/2017 9:55 AM, 44954 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Maps\simple-storage Adds the file store.json"="7/11/2017 9:56 AM, 319 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.mymapsxp.com/?source=-bb8&uid={uid}&uc={date}&ap=appfocus15&i_id=maps__1.30" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{0179737B-394F-4828-AC26-EBA1D05F5CF8}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0179737B-394F-4828-AC26-EBA1D05F5CF8}] "DisplayName"="REG_SZ", "Search" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.mymapsxp.com/s?source=-bb8&uid={uid}&uc={date}&ap=appfocus15&i_id=maps__1.30&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "My Maps XP" "DisplayVersion"="REG_SZ", "2.7.0.2" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\" "Publisher"="REG_SZ", "Cloud Installer" "UninstallDialog"="REG_DWORD", 1 "UninstallEngineID"="REG_SZ", "{0179737B-394F-4828-AC26-EBA1D05F5CF8}" "UninstallHomepage"="REG_SZ", "http://search.mymapsxp.com/?source=-bb8&uid={uid}&uc={date}&ap=appfocus15&i_id=maps__1.30" "UninstallImpression"="REG_SZ", "http://imp.mymapsxp.com/impression.do?source=-bb8&sub_id={date}&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=appfocus15&user_id={uid}&implementation_id=maps__1.30&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/11/17 Scan Time: 10:07 AM Log File: mbamMyDesktop.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2339 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337604 Threats Detected: 36 Threats Quarantined: 36 Time Elapsed: 3 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [669], [373878],1.0.2339 PUP.Optional.MyMapsXP, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0179737B-394F-4828-AC26-EBA1D05F5CF8}, Delete-on-Reboot, [2223], [349123],1.0.2339 Registry Value: 1 PUP.Optional.MyMapsXP, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0179737B-394F-4828-AC26-EBA1D05F5CF8}|URL, Delete-on-Reboot, [2223], [349123],1.0.2339 Registry Data: 1 PUP.Optional.MyMapsXP, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [2223], [349111],1.0.2339 Data Stream: 0 (No malicious items detected) Folder: 14 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [669], [373878],1.0.2339 PUP.Optional.Maps, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Maps\simple-storage, Delete-on-Reboot, [2100], [348731],1.0.2339 PUP.Optional.Maps, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\JETPACK\@MAPS, Delete-on-Reboot, [2100], [348731],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\_locales\en, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\html\popup, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\_metadata, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\js\popup, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\_locales, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\newtab, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\html, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\css, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\js, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DCLDPPJLJCCDPAEOEPDOPKFIEKIKKBCH, Delete-on-Reboot, [2223], [349102],1.0.2339 File: 18 PUP.Optional.Spigot, C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe, Delete-on-Reboot, [669], [373878],1.0.2339 PUP.Optional.Maps, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Maps\simple-storage\store.json, Delete-on-Reboot, [2100], [348731],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\css\description.css, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\css\popup.css, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\html\popup\description.html, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\html\popup\popup.html, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\js\popup\popup.js, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\js\userNewTab.js, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\newtab\newtab.html, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\_locales\en\messages.json, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\_metadata\computed_hashes.json, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\_metadata\verified_contents.json, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\background.js, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\icon.png, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcldppjljccdpaeoepdopkfiekikkbch\2.0_0\manifest.json, Delete-on-Reboot, [2223], [349102],1.0.2339 PUP.Optional.MyMapsXP, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [2223], [349106],1.0.2339 PUP.Optional.Spigot, C:\USERS\{username}\DESKTOP\MYMAPSXP.EXE, Delete-on-Reboot, [669], [372110],1.0.2339 PUP.Optional.Maps, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\@MAPS.XPI, Delete-on-Reboot, [2100], [348742],1.0.2339 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 11
- - pup.optional.mymapsxp
  - dcldppjljccdpaeoepdopkfiekikkbch
  - (and 2 more)
    Tagged with:
    
    pup.optional.mymapsxp
    
    dcldppjljccdpaeoepdopkfiekikkbch
    
    pup.optional.spigot
    
    pup.optional.maps
Removal instructions for Oneway

Metallica posted a topic in Malware Removal Self-Help Guides

What is Oneway? The Malwarebytes research team has determined that Oneway is a hosts file hijacker and part of an adware bundle. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Oneway? You may see these entries in your hosts file: How did Oneway get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Oneway? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Oneway? No, Malwarebytes removes Oneway completely. If you were using a custom hosts file you may want to re-install it. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the Oneway adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt () C:\Users\{username}\Desktop\oneway.exe ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2017-07-10 10:49 - 00001146 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 distribution.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 plugpackdownload.net 127.0.0.1 dscdn.pw 127.0.0.1 beautifllink.xyz Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- In the existing folder C:\Windows\System32\drivers\etc Alters the file hosts = 7/10/2017 10:49 AM, 1146 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tschmna] "state"="REG_SZ", "succed" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tsckmna] "state"="REG_SZ", "succed" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy] Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/10/17 Scan Time: 3:48 PM Log File: mbamOneway.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2333 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337571 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 2 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Adware.Tuto4PC.Generic, C:\USERS\{username}\DESKTOP\ONEWAY.ZIP, Quarantined, [1342], [414802],1.0.2333 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 10
- - adware.tuto4pc.generic
  - hosts
  - (and 1 more)
    Tagged with:
    
    adware.tuto4pc.generic
    
    hosts
    
    hijack
Removal instructions for Magic Disk

Metallica posted a topic in Malware Removal Self-Help Guides

What is Magic Disk? The Malwarebytes research team has determined that Magic Disk is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Magic Disk? You may see this entry in your list of installed programs and features: and these warnings during install: This is the main screen of the application: and you may see this icon on your desktop and in your startmenu: How did Magic Disk get on my computer? Adware applications use different methods for distributing themselves. This particular one was offered as useful software. How do I remove Magic Disk? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Magic Disk? No, Malwarebytes removes Magic Disk completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the Magic Disk adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks some of the connections the installer tries to make. Technical details for experts Possible signs in FRST logs: (Chengdu Xingju Infinite Technology Co.,Ltd.) C:\Program Files (x86)\mgdisk\mgdisk.exe HKLM-x32\...\Run: [mgdisk] => C:\Program Files (x86)\mgdisk\mgdisk.exe [854440 2017-07-04] (Chengdu Xingju Infinite Technology Co.,Ltd.) R1 cfidsk; C:\Windows\System32\drivers\cfidsk.sys [196520 2017-07-04] () C:\Program Files (x86)\mgdisk C:\Users\Public\Desktop\mgdisk.lnk C:\Users\Public\Documents\XMUpdate C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk mgdisk (HKLM-x32\...\{E4594B8F-F580-4EF7-8787-4A4FF7AE4A8A}) (Version: - ) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\mgdisk Adds the file mgdinst.dll"="7/4/2017 9:00 AM, 365480 bytes, A Adds the file mgdisk.db3"="11/7/2016 10:37 AM, 3072 bytes, A Adds the file mgdisk.exe"="7/4/2017 5:12 AM, 854440 bytes, A Adds the file mgdisk.ssf"="3/2/2017 7:50 AM, 122664 bytes, A Adds the file sqlite3.dll"="2/25/2013 7:42 AM, 605049 bytes, A Adds the file uninst.exe"="7/4/2017 9:02 AM, 168304 bytes, A Adds the file zlib.dll"="7/20/2005 12:05 PM, 75264 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk Adds the file mgdisk.lnk"="7/7/2017 10:39 AM, 997 bytes, A Adds the file uninstall mgdisk.lnk"="7/7/2017 10:39 AM, 997 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file mgdisk.lnk"="7/7/2017 10:39 AM, 979 bytes, A Adds the folder C:\Users\Public\Documents\XMUpdate Adds the file conf.db"="7/7/2017 10:39 AM, 367 bytes, A In the existing folder C:\Windows\System32\drivers Adds the file cfidsk.sys"="7/4/2017 8:24 AM, 196520 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SystemSettings\Fetcher] "01"="REG_BINARY, ................. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4594B8F-F580-4EF7-8787-4A4FF7AE4A8A}] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\mgdisk\mgdisk.exe" "DisplayName"="REG_SZ", "mgdisk" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\mgdisk" "UninstallString"="REG_SZ", "C:\Program Files (x86)\mgdisk\uninst.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cfidsk] "Description"="REG_SZ", "cfidsk" "DisplayName"="REG_SZ", "cfidsk" "ErrorControl"="REG_DWORD", 1 "Group"="REG_SZ", "PNP_TDI" "ImagePath"="REG_EXPAND_SZ, "system32\drivers\cfidsk.sys" "Start"="REG_DWORD", 1 "Type"="REG_DWORD", 1 "WOW64"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cfidsk\Enum] "0"="REG_SZ", "Root\LEGACY_CFIDSK\0000" "Count"="REG_DWORD", 1 "NextInstance"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cfidsk\Parameters] "1414805415"="REG_BINARY, ........................ Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/7/17 Scan Time: 10:53 AM Log File: mbamMagicDisk.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2309 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337337 Threats Detected: 24 Threats Quarantined: 24 Time Elapsed: 4 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.MagicDisk, C:\PROGRAM FILES (X86)\MGDISK\MGDISK.EXE, Quarantined, [8175], [403629],1.0.2309 Module: 4 PUP.Optional.MagicDisk, C:\PROGRAM FILES (X86)\MGDISK\MGDISK.EXE, Quarantined, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\sciter32.dll, Quarantined, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\sqlite3.dll, Quarantined, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\zlib.dll, Quarantined, [8175], [403629],1.0.2309 Registry Key: 2 PUP.Optional.MagicDisk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E4594B8F-F580-4EF7-8787-4A4FF7AE4A8A}, Delete-on-Reboot, [8175], [413788],1.0.2309 PUP.Optional.ChinAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cfidsk, Delete-on-Reboot, [115], [412913],1.0.2309 Registry Value: 1 PUP.Optional.MagicDisk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mgdisk, Delete-on-Reboot, [8175], [403629],1.0.2309 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MagicDisk, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MGDISK, Delete-on-Reboot, [8175], [413772],1.0.2309 PUP.Optional.MagicDisk, C:\PROGRAM FILES (X86)\MGDISK, Delete-on-Reboot, [8175], [403629],1.0.2309 File: 14 PUP.Optional.MagicDisk, C:\USERS\{username}\DESKTOP\SETUP-CFD.EXE, Delete-on-Reboot, [8175], [413788],1.0.2309 PUP.Optional.MagicDisk, C:\USERS\PUBLIC\DESKTOP\MGDISK.LNK, Delete-on-Reboot, [8175], [413774],1.0.2309 PUP.Optional.MagicDisk, C:\PROGRAM FILES (X86)\MGDISK\UNINST.EXE, Delete-on-Reboot, [8175], [413788],1.0.2309 PUP.Optional.ChinAd, C:\WINDOWS\SYSTEM32\DRIVERS\CFIDSK.SYS, Delete-on-Reboot, [115], [412913],1.0.2309 PUP.Optional.MagicDisk, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MGDISK\MGDISK.LNK, Delete-on-Reboot, [8175], [413772],1.0.2309 PUP.Optional.MagicDisk, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk\uninstall mgdisk.lnk, Delete-on-Reboot, [8175], [413772],1.0.2309 PUP.Optional.MagicDisk, C:\PROGRAM FILES (X86)\MGDISK\MGDISK.EXE, Delete-on-Reboot, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\mgdinst.dll, Delete-on-Reboot, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\mgdisk.db3, Delete-on-Reboot, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\mgdisk.ini, Delete-on-Reboot, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\mgdisk.ssf, Delete-on-Reboot, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\sciter32.dll, Delete-on-Reboot, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\sqlite3.dll, Delete-on-Reboot, [8175], [403629],1.0.2309 PUP.Optional.MagicDisk, C:\Program Files (x86)\mgdisk\zlib.dll, Delete-on-Reboot, [8175], [403629],1.0.2309 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 7
- - pup.optional.magicdisk
  - mgdisk
  - (and 1 more)
    Tagged with:
    
    pup.optional.magicdisk
    
    mgdisk
    
    pup.optional.chinad
Removal instructions for OnlineWorkSuite

Metallica posted a topic in Malware Removal Self-Help Guides

What is OnlineWorkSuite? The Malwarebytes research team has determined that OnlineWorkSuite is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. OnlineWorkSuite is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by OnlineWorkSuite? You may see this browser extension: these warnings during install: You may see this entry in your list of installed software: and this new homepage in the affected browsers: How did OnlineWorkSuite get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove OnlineWorkSuite? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of OnlineWorkSuite? If you are using Chrome, you may have to remove the Extension manually under Tools > More Tools > Extensions. Click on the bin behind the OnlineWorkSuite entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the OnlineWorkSuite hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/onlineworksuite/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}&coid={coid1} FF Homepage: hxxp://hp.myway.com/onlineworksuite/ttab02/index.html?coId={coid2}&subId&ln=en&n={n2}&ptb={ptb2}&st=tab&p2={p22}&si FF Extension: OnlineWorkSuite - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_j1Members_@free.onlineworksuite.com [2017-07-06] C:\Users\{username}\AppData\Local\OnlineWorkSuiteTooltab OnlineWorkSuite Internet Explorer Homepage and New Tab (HKCU\...\OnlineWorkSuiteTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION The most relevant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\OnlineWorkSuiteTooltab Adds the file TooltabExtension.dll"="10/19/2016 7:03 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com Adds the file bootstrap.js"="7/6/2017 8:33 AM, 24987 bytes, A Adds the file chrome.manifest"="7/6/2017 8:33 AM, 135 bytes, A Adds the file chrome.manifest.restartless"="7/6/2017 8:33 AM, 135 bytes, A Adds the file install.rdf"="7/6/2017 8:33 AM, 1485 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\chrome Adds the file ffxtbr.jar"="7/6/2017 8:33 AM, 345303 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\META-INF Adds the file manifest.mf"="7/6/2017 8:33 AM, 680 bytes, A Adds the file mozilla.rsa"="7/6/2017 8:33 AM, 4194 bytes, A Adds the file mozilla.sf"="7/6/2017 8:33 AM, 121 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\onlineworksuite_j1 Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/onlineworksuite/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}&coid={coid1}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnlineWorkSuiteTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "OnlineWorkSuite Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\OnlineWorkSuiteTooltab\TooltabExtension.dll" U uninstall:OnlineWorkSuite" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\OnlineWorkSuite] "Start Page"="REG_SZ", "http://hp.myway.com/onlineworksuite/ttab02/index.html?n={n1}&p2=^CP6^yyyyyy^TTAB02^nl&ptb={ptb1}&coid={coid1}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D{ptb1}%26ptb%3D^CP6^yyyyyy^TTAB02^nl" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/6/17 Scan Time: 9:05 AM Log File: mbamOnlineWorkSuite.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2300 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337247 Threats Detected: 63 Threats Quarantined: 63 Time Elapsed: 1 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\ONLINEWORKSUITETOOLTAB\TOOLTABEXTENSION.DLL, Quarantined, [283], [301125],1.0.2300 Registry Key: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OnlineWorkSuiteTooltab Uninstall Internet Explorer, Delete-on-Reboot, [283], [301125],1.0.2300 Registry Value: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OnlineWorkSuiteTooltab Uninstall Internet Explorer|PUBLISHER, Delete-on-Reboot, [283], [352442],1.0.2300 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [283], [293497],1.0.2300 Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\OnlineWorkSuiteTooltab, Delete-on-Reboot, [866], [356944],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\META-INF, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\chrome, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_J1MEMBERS_@FREE.ONLINEWORKSUITE.COM, Delete-on-Reboot, [866], [371671],1.0.2300 File: 55 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\ONLINEWORKSUITETOOLTAB\TOOLTABEXTENSION.DLL, Delete-on-Reboot, [283], [301125],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [319354],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [866], [356946],1.0.2300 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\ONLINEWORKSUITE.{coid1}.EXE, Delete-on-Reboot, [283], [365288],1.0.2300 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_onlineworksuite.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [283], [240306],1.0.2300 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_onlineworksuite.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [283], [240306],1.0.2300 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_J1MEMBERS_@FREE.ONLINEWORKSUITE.COM\BOOTSTRAP.JS, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\chrome\ffxtbr.jar, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\META-INF\manifest.mf, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\META-INF\mozilla.rsa, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\META-INF\mozilla.sf, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\chrome.manifest, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\chrome.manifest.restartless, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_j1Members_@free.onlineworksuite.com\install.rdf, Delete-on-Reboot, [866], [371671],1.0.2300 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_onlineworksuite.dl.myway.com_0.localstorage, Delete-on-Reboot, [283], [240305],1.0.2300 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_onlineworksuite.dl.myway.com_0.localstorage-journal, Delete-on-Reboot, [283], [240305],1.0.2300 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 6
- - pup.optional.mindspark
  - myway
  - (and 1 more)
    Tagged with:
    
    pup.optional.mindspark
    
    myway
    
    mindspark/iac
Removal instructions for SearchManager

Metallica posted a topic in Malware Removal Self-Help Guides

What is SearchManager? The Malwarebytes research team has determined that SearchManager is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one replaces your default search provider. How do I know if my computer is affected by SearchManager? You may see these warnings during install: this Chrome extension: this new newtab page: and these changed search settings: How did SearchManager get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove SearchManager? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SearchManager? No, Malwarebytes removes SearchManager completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the SearchManager hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://{cc}.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_fs_17_27&param1=1&param2={p2}{cc}os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate SearchScopes: HKCU -> DefaultScope {518b33ae-375d-712d-6742-d1fe0400268d} URL = hxxps://{cc}.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_fs_17_27&param1=1&param2={p3}{cc}os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKCU -> {518b33ae-375d-712d-6742-d1fe0400268d} URL = hxxps://{cc}.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_fs_17_27&param1=1&param2={p3}{cc}os%3DWindows%2B7%2BUltimate&p={searchTerms} FF NewTab: about:newtab FF DefaultSearchEngine: Yahoo! Powered Search FF SelectedSearchEngine: Yahoo! Powered Search FF Homepage: hxxps://{cc}.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_fs_17_27&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3D{cc}os%3DWindows%2B7%2BUltimate FF Keyword.URL: user_pref("keyword.URL", true); FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\searchplugins\yahoo! powered search.xml [2017-07-05] CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSearchKeyword: Default -> sm CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Extension: (Search Manager) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-07-05] CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKCU\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/5/17 Scan Time: 9:41 AM Log File: mbamSearchManager.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2294 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337109 Threats Detected: 101 Threats Quarantined: 101 Time Elapsed: 3 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 PUP.Optional.InstallCore, HKCU\SOFTWARE\csastats, Delete-on-Reboot, [3], [260986],1.0.2294 PUP.Optional.ProductSetup, HKCU\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [15069], [242047],1.0.2294 PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [542], [260991],1.0.2294 PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [542], [260991],1.0.2294 PUP.Optional.SearchManager, HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [542], [183362],1.0.2294 Registry Value: 1 PUP.Optional.ProductSetup, HKCU\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [15069], [242047],1.0.2294 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\icons, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\fonts, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\skin\icons, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\_metadata, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\vendor, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\skin, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [542], [331417],1.0.2294 File: 84 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\fonts\HelveticaNeue-Thin.otf, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\fonts\HelveticaNeueLT-Roman.woff, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\fonts\neue-bold.woff, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\fonts\neue.woff, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\icons\128.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\icons\16.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\icons\48.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\icons\close.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\icons\favicon.ico, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\icons\trends.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\01d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\01n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\02d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\02n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\03d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\03n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\04d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\04n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\09d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\09n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\10d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\10n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\11d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\11n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\13d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\13n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\50d.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\weather\50n.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\hero-bg.jpg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\bing.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\bing_large.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\bluesky-bg.jpg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\brush.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\bt.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\clock.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\cloud.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\cupcake-bg.jpg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\desk-bg.jpg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\doodle.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\down.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\eyeglass.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\google.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\google_large.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\just-the-box-empty.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\just-the-box.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\mountain-bg.jpg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\pointer2.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\radio-selected.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\radio-unselected.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\sea-bg.jpg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\settings.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\star-unselected.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\star.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\toggle-off.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\toggle-on.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\transparent_img.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\yahoo.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\yahoo.svg, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\images\yahoo_large.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\content\bundle.v0.0.1.min.css, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\skin\icons\16.png, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\vendor\md5.min.js, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\vendor\react-dom.min.js, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\vendor\react-with-addons.min.js, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\vendor\underscore-min.js, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\_metadata\computed_hashes.json, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\_metadata\verified_contents.json, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\background.html, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\background.v0.0.1.min.js, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\client.v0.0.1.min.js, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\common.js, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\e_.json, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\index.html, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\manifest.json, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\popupTab2.html, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\popupTab2.js, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.SearchManager, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.1.52_0\responseConfig.json, Delete-on-Reboot, [542], [331417],1.0.2294 PUP.Optional.FusionCore, C:\USERS\{username}\DESKTOP\ADVANCEDOCRFREE.EXE, Delete-on-Reboot, [982], [413201],1.0.2294 PUP.Optional.SearchManager, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Delete-on-Reboot, [542], [260990],1.0.2294 PUP.Optional.SearchManager, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage-journal, Delete-on-Reboot, [542], [260990],1.0.2294 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 5
- - pup.optional.searchmanager
  - pilplloabdedfmialnfchjomjmpjcoej
  - (and 2 more)
    Tagged with:
    
    pup.optional.searchmanager
    
    pilplloabdedfmialnfchjomjmpjcoej
    
    installcore
    
    productsetup
Removal instructions for DirAnalyze

Metallica posted a topic in Malware Removal Self-Help Guides

What is DirAnalyze? The Malwarebytes research team has determined that DirAnalyze is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with DirAnalyze? This is how the main screen of the sytem optimizer looks: The link on that GUI opens this site: You may see these and other tasks in your list of Scheduled Tasks: How did DirAnalyze get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was installed by a bundler. How do I remove DirAnalyze? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of DirAnalyze? No, Malwarebytes removes DirAnalyze completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the DirAnalyze installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain. Technical details for experts You may see these entries in FRST logs: C:\Users\{username}\Downloads\scf.db C:\Windows\System32\Tasks\DirAnalyzer C:\Windows\System32\Tasks\SDisk Finder C:\Windows\Tasks\Test Task.job C:\Users\Public\DiskCleaner C:\Program Files (x86)\SDisk Finder (DirAnalyze ) C:\Users\{username}\Downloads\scf.exe Task: {05B0FD01-1950-4A64-85D5-82AC65DA6EF1} - System32\Tasks\DirAnalyzer => C:\Users\Public\DiskCleaner\sdiskfinder.exe [2017-07-04] (DirAnalyze ) Task: {2797DCFE-8D43-439A-BD17-BF5E4F8BBDDA} - System32\Tasks\SDisk Finder => C:\Users\Public\DiskCleaner\sdiskfinder.exe [2017-07-04] (DirAnalyze ) Task: {A43C518E-E01F-4859-BA69-127862BD61EE} - System32\Tasks\Microsoft\DiskOptimizer => C:\Program Files (x86)\SDisk Finder\sdiskfinder.exe [2017-07-04] (DirAnalyze ) Task: C:\Windows\Tasks\Test Task.job => C:\Windows\System32\notepad.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\SDisk Finder Adds the file sdiskfinder.exe"="7/4/2017 10:34 AM, 4990464 bytes, A In the existing folder C:\Users\{username}\Downloads Adds the file scf.db"="7/4/2017 10:55 AM, 4096 bytes, A Adds the folder C:\Users\Public\DiskCleaner Adds the file sdiskfinder.exe"="7/4/2017 10:34 AM, 4990464 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file DirAnalyzer"="7/4/2017 10:55 AM, 3574 bytes, A Adds the file SDisk Finder"="7/4/2017 10:55 AM, 3318 bytes, A In the existing folder C:\Windows\System32\Tasks\Microsoft Adds the file DiskOptimizer"="7/4/2017 10:55 AM, 3520 bytes, A In the existing folder C:\Windows\Tasks Adds the file Test Task.job"="7/4/2017 10:55 AM, 226 bytes, A Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/4/17 Scan Time: 2:17 PM Log File: mbamDirAnalyze.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2290 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337132 Threats Detected: 16 Threats Quarantined: 16 Time Elapsed: 1 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 4 PUP.Optional.SDiskFinder, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DirAnalyzer, Delete-on-Reboot, [9446], [413145],1.0.2290 PUP.Optional.SDiskFinder, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SDisk Finder, Delete-on-Reboot, [9446], [412870],1.0.2290 PUP.Optional.SDiskFinder, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{05B0FD01-1950-4A64-85D5-82AC65DA6EF1}, Delete-on-Reboot, [9446], [413144],1.0.2290 PUP.Optional.SDiskFinder, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{501DB47D-6021-45AB-AB44-FFA0E693E46E}, Delete-on-Reboot, [9446], [412869],1.0.2290 Registry Value: 2 PUP.Optional.SDiskFinder, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{05B0FD01-1950-4A64-85D5-82AC65DA6EF1}|PATH, Delete-on-Reboot, [9446], [413144],1.0.2290 PUP.Optional.SDiskFinder, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{501DB47D-6021-45AB-AB44-FFA0E693E46E}|PATH, Delete-on-Reboot, [9446], [412869],1.0.2290 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SDiskFinder, C:\USERS\PUBLIC\DISKCLEANER, Delete-on-Reboot, [9446], [412874],1.0.2290 PUP.Optional.SDiskFinder, C:\PROGRAM FILES (X86)\SDISK FINDER, Delete-on-Reboot, [9446], [412873],1.0.2290 File: 8 PUP.Optional.SDiskFinder, C:\USERS\{username}\DESKTOP\SCF.EXE, Delete-on-Reboot, [9446], [413142],1.0.2290 PUP.Optional.SDiskFinder, C:\PROGRAM FILES (X86)\SDISK FINDER\SDISKFINDER.EXE, Delete-on-Reboot, [9446], [413142],1.0.2290 PUP.Optional.SDiskFinder, C:\USERS\{username}\DOWNLOADS\SCF.EXE, Delete-on-Reboot, [9446], [413142],1.0.2290 PUP.Optional.SDiskFinder, C:\USERS\PUBLIC\DISKCLEANER\SDISKFINDER.EXE, Delete-on-Reboot, [9446], [413142],1.0.2290 PUP.Optional.SDiskFinder, C:\WINDOWS\TASKS\TEST TASK.JOB, Delete-on-Reboot, [9446], [413151],1.0.2290 PUP.Optional.SDiskFinder, C:\WINDOWS\SYSTEM32\TASKS\DIRANALYZER, Delete-on-Reboot, [9446], [413146],1.0.2290 PUP.Optional.SDiskFinder, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\DISKOPTIMIZER, Delete-on-Reboot, [9446], [413152],1.0.2290 PUP.Optional.SDiskFinder, C:\WINDOWS\SYSTEM32\TASKS\SDISK FINDER, Delete-on-Reboot, [9446], [412871],1.0.2290 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 4
- - pup.optional.sdiskfinder
  - scanfolder.space
  - (and 1 more)
    Tagged with:
    
    pup.optional.sdiskfinder
    
    scanfolder.space
    
    diskcleaner
Removal instructions for BitOptimizer

Metallica posted a topic in Malware Removal Self-Help Guides

What is BitOptimizer? The Malwarebytes research team has determined that BitOptimizer is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with BitOptimizer? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see this warning during install: and these screens during "operations": You may see this entry in your list of installed programs: and these tasks in your list of Scheduled Tasks: How did BitOptimizer get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove BitOptimizer? Our program Malwarebytes can detect and remove this potentially unwanted application. But since this PUP uses the legitimate BitDefender engine to do it's malware scan, it is advisable to use the built-in uninstaller first. Then continue with the steps below. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of BitOptimizer? No, Malwarebytes removes BitOptimizer completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the BitOptimizer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (BitOptimizer) C:\Program Files (x86)\BitOptimizer\Bit Optimizer\bitoptimizer.exe (Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1032192 2017-05-05] (Digital Care Solutions) [File not signed] S3 scan; C:\Program Files\BDServices\scan.dll [652568 2017-05-05] (Bitdefender) R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2017-05-05] (BitDefender S.R.L.) C:\Windows\System32\Tasks\Bit Optimizer_sch_C0A3428E-5FBB-11E7-B244-080027750297 C:\Windows\System32\Tasks\Bit Optimizer Update C:\Windows\System32\Tasks\BitOptimizer Registration3 C:\Windows\System32\Tasks\Bit Optimizer Startup C:\Users\{username}\Desktop\Bit Optimizer.lnk C:\Windows\Tasks\Bit Optimizer_sch_C0A3428E-5FBB-11E7-B244-080027750297.job C:\Windows\Tasks\Bit Optimizer Startup.job C:\Windows\Tasks\Bit Optimizer Update.job C:\Windows\Tasks\BitOptimizer Registration3.job C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitOptimizer C:\Users\{username}\AppData\Roaming\BitOptimizer C:\Program Files\BDServices C:\ProgramData\BitOptimizer C:\Program Files (x86)\BitOptimizer Bit Optimizer (HKLM-x32\...\{88B14829-538E-40E9-BDBC-5EF22DFC98B8}) (Version: 3.3.29.0 - BitOptimizer) Task: {44EE4EBC-9599-4E05-9482-6DB2A9CD13A9} - System32\Tasks\Bit Optimizer_sch_C0A3428E-5FBB-11E7-B244-080027750297 => C:\Program Files (x86)\BitOptimizer\Bit Optimizer\bitoptimizer.exe [2017-05-17] (BitOptimizer) <==== ATTENTION Task: {4748BED2-F9A7-4EE0-BBAD-05D9B4731D04} - System32\Tasks\BitOptimizer Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\UUS3.dll" RunUns Task: {62B34127-D32A-4189-9CBB-F1990980753F} - System32\Tasks\Bit Optimizer Update => C:\Program Files (x86)\BitOptimizer\Bit Optimizer\bitoptimizer.exe [2017-05-17] (BitOptimizer) Task: {E30D027A-4945-46A4-A5DB-28776A70F995} - System32\Tasks\Bit Optimizer Startup => C:\Program Files (x86)\BitOptimizer\Bit Optimizer\bitoptimizer.exe [2017-05-17] (BitOptimizer) Task: C:\Windows\Tasks\Bit Optimizer Startup.job => C:\Program Files (x86)\BitOptimizer\Bit Optimizer\bitoptimizer.exeCC:\Program Files (x86)\BitOptimizer\Bit Optimizer\bitoptimizer.exe Task: C:\Windows\Tasks\Bit Optimizer Update.job => C:\Program Files (x86)\BitOptimizer\Bit Optimizer\bitoptimizer.exe Task: C:\Windows\Tasks\Bit Optimizer_sch_C0A3428E-5FBB-11E7-B244-080027750297.job => C:\Program Files (x86)\BitOptimizer\Bit Optimizer\bitoptimizer.exe <==== ATTENTION Task: C:\Windows\Tasks\BitOptimizer Registration3.job => C:\Windows\system32\rundll32.exeHC:\Program Files (x86)\Common Files\BitOptimizer\UUS3\UUS3.dll () C:\Program Files (x86)\BitOptimizer\Bit Optimizer\7ZipDLL.dll () C:\Program Files (x86)\BitOptimizer\Bit Optimizer\LiteZip.dll () C:\Program Files (x86)\BitOptimizer\Bit Optimizer\ExtensionManager.dll () C:\Program Files (x86)\BitOptimizer\Bit Optimizer\CommonLoggingExtension.pxt () C:\Program Files (x86)\BitOptimizer\Bit Optimizer\CommonSpecialist.pxt () C:\Program Files (x86)\BitOptimizer\Bit Optimizer\RegHookSpecialist.pxt () C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Utility.pxt () C:\Program Files (x86)\BitOptimizer\Bit Optimizer\LiteUnzip.dll Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/3/17 Scan Time: 9:13 AM Log File: mbamBitOptimizer.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2281 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 337129 Threats Detected: 379 Threats Quarantined: 379 Time Elapsed: 2 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\BITOPTIMIZER.EXE, Quarantined, [5643], [411754],1.0.2281 Module: 10 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\BITOPTIMIZER.EXE, Quarantined, [5643], [411754],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\MYRESOURCES.DLL, Quarantined, [5643], [411754],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\EXTENSIONMANAGER.DLL, Quarantined, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\LITEZIP.DLL, Quarantined, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\COMMONSPECIALIST.PXT, Quarantined, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\UTILITY.PXT, Quarantined, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\REGHOOKSPECIALIST.PXT, Quarantined, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\COMMONLOGGINGEXTENSION.PXT, Quarantined, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\7ZIPDLL.DLL, Quarantined, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\LITEUNZIP.DLL, Quarantined, [5643], [411755],1.0.2281 Registry Key: 10 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{88B14829-538E-40E9-BDBC-5EF22DFC98B8}, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{44EE4EBC-9599-4E05-9482-6DB2A9CD13A9}, Delete-on-Reboot, [5643], [411764],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4748BED2-F9A7-4EE0-BBAD-05D9B4731D04}, Delete-on-Reboot, [5643], [411772],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{62B34127-D32A-4189-9CBB-F1990980753F}, Delete-on-Reboot, [5643], [411764],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E30D027A-4945-46A4-A5DB-28776A70F995}, Delete-on-Reboot, [5643], [411764],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Bit Optimizer Startup, Delete-on-Reboot, [5643], [411773],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Bit Optimizer Update, Delete-on-Reboot, [5643], [411773],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Bit Optimizer_sch_C0A3428E-5FBB-11E7-B244-080027750297, Delete-on-Reboot, [5643], [411773],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BitOptimizer Registration3, Delete-on-Reboot, [5643], [411763],1.0.2281 PUP.Optional.BitOptimizer, HKCU\SOFTWARE\BitOptimizer, Delete-on-Reboot, [5643], [411768],1.0.2281 Registry Value: 6 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|BITOPTIMIZER REGISTRATION3.JOB, Delete-on-Reboot, [5643], [411765],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|BITOPTIMIZER REGISTRATION3.JOB.FP, Delete-on-Reboot, [5643], [411765],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{44EE4EBC-9599-4E05-9482-6DB2A9CD13A9}|PATH, Delete-on-Reboot, [5643], [411764],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4748BED2-F9A7-4EE0-BBAD-05D9B4731D04}|PATH, Delete-on-Reboot, [5643], [411772],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{62B34127-D32A-4189-9CBB-F1990980753F}|PATH, Delete-on-Reboot, [5643], [411764],1.0.2281 PUP.Optional.BitOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E30D027A-4945-46A4-A5DB-28776A70F995}|PATH, Delete-on-Reboot, [5643], [411764],1.0.2281 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 32 PUP.Optional.BitOptimizer, C:\ProgramData\BitOptimizer\Bit Optimizer, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAMDATA\BitOptimizer, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\Users\{username}\AppData\Roaming\BitOptimizer\Bit Optimizer, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\USERS\{username}\APPDATA\ROAMING\BitOptimizer, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\process, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\general, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\defrag, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Icons, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\BDCOM, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BitOptimizer, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\COMMON FILES\BITOPTIMIZER, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitOptimizer\Bit Optimizer, Delete-on-Reboot, [5643], [411760],1.0.2281 PUP.Optional.BitOptimizer, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BITOPTIMIZER, Delete-on-Reboot, [5643], [411760],1.0.2281 File: 320 PUP.Optional.BitOptimizer, C:\ProgramData\BitOptimizer\Bit Optimizer\dc_db.db, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\ProgramData\BitOptimizer\Bit Optimizer\license.dat, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\ProgramData\BitOptimizer\Bit Optimizer\License.rdat, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\ProgramData\BitOptimizer\Bit Optimizer\License_FirstRun.rdat, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\ProgramData\BitOptimizer\Bit Optimizer\License_Time.rdat, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\ProgramData\BitOptimizer\Bit Optimizer\RB.rdat, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\ProgramData\BitOptimizer\Bit Optimizer\tfn.xml, Delete-on-Reboot, [5643], [411757],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\BITOPTIMIZER.EXE, Delete-on-Reboot, [5643], [411754],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\MYRESOURCES.DLL, Delete-on-Reboot, [5643], [411754],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\EXTENSIONMANAGER.DLL, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\LITEZIP.DLL, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\COMMONSPECIALIST.PXT, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\UTILITY.PXT, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\REGHOOKSPECIALIST.PXT, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\COMMONLOGGINGEXTENSION.PXT, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\7ZIPDLL.DLL, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\PROGRAM FILES (X86)\BITOPTIMIZER\BIT OPTIMIZER\LITEUNZIP.DLL, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\10x10.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\10x10tile.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\background.jpg, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\contentwrapper.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\error_internet.jpg, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\footerbarfill.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\info_bubble.jpg, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\tile_footerbarbase.jpg, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\tile_subheadbarbase.jpg, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\images\tile_titlebarbase.jpg, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\0_days.htm, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\0_days_trial.htm, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\15_days.htm, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\1_days.htm, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\2_days.htm, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\30_days.htm, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\5_days.htm, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\container_content_bkimg.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\container_content_leftimg.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\container_content_rightimg.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\error_connect.html, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\main.css, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\main_error.css, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\html\package_titlebar_bkimg.jpg, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_privacy.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\register_over_small.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\btn.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\btn_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_bho.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_defrag.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_file.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_generalsettings.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_ignore.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_junk.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_process.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_registry.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_schedule.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_speedybackup.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_startup.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\button_update.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\offeraction.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\offeraction_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\register.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\register_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\register_small.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\renew.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\renew_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\settings_button.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\settings_button_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\start.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\start_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\update_later.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\update_later_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\update_now.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\buttons\update_now_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\defrag\c_empty.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\defrag\c_frag.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\defrag\c_unfrag.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\defrag\c_unknown.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\defrag\c_unmove.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\close.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\dlg_title.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\logo.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\max.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\min.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\register.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\register_close.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\register_close_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\register_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\renew.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\renew_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\restore.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\tabactive_bg.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\tabover_bg.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\tab_bg.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\tfn_bg.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\tfn_logo.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\title_bar.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Frame\upper_divider.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\general\collapse.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\general\delete.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\general\driverbg.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\general\expand.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\general\progress_glow.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_email.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\bho.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\dup_audio.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\dup_doc.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\dup_image.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\dup_other.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\dup_video.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\ig_drivers.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\ig_proc.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\ig_reg.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\junk.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_3rd.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_browser.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_fs.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_im.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_multi.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_office.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_other.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\priv_windows.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_apppath.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_com.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_dll.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_empty.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_extensions.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_filepath.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_font.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_help.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_shortcut.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_startup.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\reg_uninstall.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\group\startup.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_junk.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_about.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_bho.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_clean.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_defrag.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_driver.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_file.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_junk_settings.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_maintenance.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_malware.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_performance.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_privacy.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_process.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_registry.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_restore.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_settings.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_startup.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_tools.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\header_update.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\settings_general.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\settings_ignore.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\settings_privacy.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\settings_registry.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\settings_schedule.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\settings_update.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\headers\vipre.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Icons\cleaned.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Icons\info.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Icons\warning.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\cd.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\cpu.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\disk.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\display.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\driver_outdated.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\driver_uptodate.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\floppy.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\mouse_key.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\other.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\outdated.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\power.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\printer.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\software.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\system.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\uptodate.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\drivers\usb.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\defrag.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\defrag_big.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\junk.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\junk_big.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\malware.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\malware_big.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\privacy.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\privacy_big.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\registry.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\maintenance\registry_big.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\process\bho.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\process\process.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\process\startup.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_malware16.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_malware24.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_malware32.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_system16.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_system24.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_system32.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_unknown16.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_unknown24.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_unknown32.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_unwanted16.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_unwanted24.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_unwanted32.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_userapp16.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_userapp24.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\recommendations\rec_userapp32.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\list\other.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\clean-active.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\clean-down.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\clean-over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\computer.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\register-active.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\register-down.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\register-hover.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\renew-over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\prefix\renew.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\activate_normal.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\activate_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\active.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\animation.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\bar_bg.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\checkmark.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\close.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\close_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\thankyou.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\time.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\weekly.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\popups\weekly2.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\01.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\02.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\03.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\04.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\05.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\06.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\07.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\08.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\animation\09.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\md5.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\011.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\012.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\check.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\damage1.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\damage2.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\damage3.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\damage4.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\damage5.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\damage6.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\error.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\error_large.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\FileSystem.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\Fix.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\Fix_over.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\junk.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\malware.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\MBR.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\privacy.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\process-animation.gif, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\Process.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_h.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_h_scan.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_l.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_l_scan.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_m.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_mh.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_mh_scan.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_ml.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_ml_scan.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\rating_m_scan.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\registry.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\Rootkit.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\security_high.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\security_low.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\warning.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Scan\warning_large.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs\drivers.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs\maintenance.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs\overview.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs\restore.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs\scan.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs\scanplus.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs\settings.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\Images\Tabs\tools.png, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\colors.xml, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\HandleUpdate.dll, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\License.rdat, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\License_Time.rdat, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\LogSettings.xml, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\privacy.db, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\RB.rdat, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\SandBoxer.dll, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\settings.xml, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\sqlite3.dll, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\uninstall.exe, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\unrar.dll, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\UNS.xml, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\BitOptimizer\Bit Optimizer\whitelist.dat, Delete-on-Reboot, [5643], [411755],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\close.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\close_md.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\close_mo.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\close_pu.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\close_pu_md.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\close_pu_mo.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\Logo.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\min.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\min_md.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\min_mo.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Images\topbar_gradient.png, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\LiteUnzip.dll, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\settings.xml, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\Update3.exe, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Program Files (x86)\Common Files\BitOptimizer\UUS3\UUS3.dll, Delete-on-Reboot, [5643], [411756],1.0.2281 PUP.Optional.BitOptimizer, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitOptimizer\Bit Optimizer\Bit Optimizer.lnk, Delete-on-Reboot, [5643], [411760],1.0.2281 PUP.Optional.BitOptimizer, C:\USERS\{username}\DESKTOP\BITOPTIMIZER INSTALLER.EXE, Delete-on-Reboot, [5643], [411754],1.0.2281 PUP.Optional.BitOptimizer, C:\WINDOWS\TASKS\BIT OPTIMIZER STARTUP.JOB, Delete-on-Reboot, [5643], [411770],1.0.2281 PUP.Optional.BitOptimizer, C:\WINDOWS\TASKS\BITOPTIMIZER REGISTRATION3.JOB, Delete-on-Reboot, [5643], [411762],1.0.2281 PUP.Optional.BitOptimizer, C:\WINDOWS\TASKS\BIT OPTIMIZER_SCH_C0A3428E-5FBB-11E7-B244-080027750297.JOB, Delete-on-Reboot, [5643], [411770],1.0.2281 PUP.Optional.BitOptimizer, C:\WINDOWS\TASKS\BIT OPTIMIZER UPDATE.JOB, Delete-on-Reboot, [5643], [411770],1.0.2281 PUP.Optional.BitOptimizer, C:\WINDOWS\SYSTEM32\TASKS\BitOptimizer Registration3, Delete-on-Reboot, [5643], [411769],1.0.2281 PUP.Optional.BitOptimizer, C:\WINDOWS\SYSTEM32\TASKS\Bit Optimizer Startup, Delete-on-Reboot, [5643], [411761],1.0.2281 PUP.Optional.BitOptimizer, C:\WINDOWS\SYSTEM32\TASKS\Bit Optimizer Update, Delete-on-Reboot, [5643], [411761],1.0.2281 PUP.Optional.BitOptimizer, C:\WINDOWS\SYSTEM32\TASKS\Bit Optimizer_sch_C0A3428E-5FBB-11E7-B244-080027750297, Delete-on-Reboot, [5643], [411761],1.0.2281 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- July 3
- - pup.optional.bitoptimizer
  - nubrand
  - (and 1 more)
    Tagged with:
    
    pup.optional.bitoptimizer
    
    nubrand
    
    bdservices

Sign In

Metallica

Content count

Joined

Last visited

About Metallica

Profile Information

Recent Profile Visitors

Amesam

cooper_cooper

Juliet

Gt-truth

LukeP3

l3386490

Aura

roger_m

fr33tux

msherwood

rhabdomantist

Removal instructions for SpeedItupFree

Removal instructions for dazzled

Removal instructions for SystemTools

Removal instructions for GenlT

Removal instructions for MergeDocsOnline

Removal instructions for Photor

Removal instructions for Super Optimizer

Removal instructions for 115118.net

Removal instructions for My Maps XP

Removal instructions for Oneway

Removal instructions for Magic Disk

Removal instructions for OnlineWorkSuite

Removal instructions for SearchManager

Removal instructions for DirAnalyze

Removal instructions for BitOptimizer

Browse

Activity

Malwarebytes.com