Jump to content

Metallica

Staff
  • Content Count

    2,567
  • Joined

  • Last visited

5 Followers

About Metallica

  • Rank
    Master of PUPs
  • Birthday 05/19/1963

Profile Information

  • Location
    Netherlands

Recent Profile Visitors

172,540 profile views
  1. What is Best Coupons Now Promos?The Malwarebytes research team has determined that Best Coupons Now Promos is a potentially unwanted program that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing.This particular one shows popups on websites the user is visiting with the affected browser.You may see this entry in your list of installed Chrome extensions:this icon in the Chrome menu-bar:You may have noticed these warnings during install:and this type of popups:How did Best Coupons Now Promos get on my computer?PUPs use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Best Coupons Now Promos?Our program Malwarebytes can detect and remove this adware program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Best Coupons Now Promos? No, Malwarebytes removes Best Coupons Now Promos completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the Best Coupons Now Promos adware. It would have blocked their domain before it became too late. Technical details for expertsPossible signs in FRST logs: CHR Extension: (Best Coupons Now Promos) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf [2020-04-07] Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0 Adds the file background.html"="2/25/2020 2:37 PM, 1752 bytes, A Adds the file block-list.txt"="2/25/2020 2:37 PM, 254 bytes, A Adds the file manifest.json"="4/7/2020 8:51 AM, 1730 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0\_metadata Adds the file computed_hashes.json"="4/7/2020 8:51 AM, 4478 bytes, A Adds the file verified_contents.json"="2/25/2020 2:37 PM, 6177 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0\control\background Adds the file ad-request-handler.js"="2/25/2020 2:37 PM, 3307 bytes, A Adds the file ad-response-handler.js"="2/25/2020 2:37 PM, 2928 bytes, A Adds the file background-event-manager.js"="2/25/2020 2:37 PM, 6434 bytes, A Adds the file background-initializer.js"="2/25/2020 2:37 PM, 2286 bytes, A Adds the file block-list-handler.js"="2/25/2020 2:37 PM, 548 bytes, A Adds the file branding-event-handler.js"="2/25/2020 2:37 PM, 798 bytes, A Adds the file display-ad-delivery-handler.js"="2/25/2020 2:37 PM, 4011 bytes, A Adds the file ext-install-handler.js"="2/25/2020 2:37 PM, 483 bytes, A Adds the file ext-update-handler.js"="2/25/2020 2:37 PM, 94 bytes, A Adds the file lightbox-ad-delivery-handler.js"="2/25/2020 2:37 PM, 2095 bytes, A Adds the file push-ad-delivery-handler.js"="2/25/2020 2:37 PM, 3642 bytes, A Adds the file timer-heart-beat-handler.js"="2/25/2020 2:37 PM, 275 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0\control\content Adds the file content.js"="2/25/2020 2:37 PM, 42834 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0\helper Adds the file constants.js"="2/25/2020 2:37 PM, 2147 bytes, A Adds the file utility.js"="2/25/2020 2:37 PM, 6125 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0\helper\logger Adds the file logger.js"="2/25/2020 2:37 PM, 966 bytes, A Adds the file logger-chrome-message-channel.js"="2/25/2020 2:37 PM, 250 bytes, A Adds the file logger-console-channel.js"="2/25/2020 2:37 PM, 122 bytes, A Adds the file logger-network-channel.js"="2/25/2020 2:37 PM, 648 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0\icons Adds the file 128.png"="4/7/2020 8:51 AM, 8051 bytes, A Adds the file 16.png"="4/7/2020 8:51 AM, 612 bytes, A Adds the file 19.png"="4/7/2020 8:51 AM, 752 bytes, A Adds the file 32.png"="4/7/2020 8:51 AM, 1768 bytes, A Adds the file 38.png"="4/7/2020 8:51 AM, 2299 bytes, A Adds the file 48.png"="4/7/2020 8:51 AM, 3486 bytes, A Adds the file 64.png"="4/7/2020 8:51 AM, 4549 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0\model Adds the file ad-info.js"="2/25/2020 2:37 PM, 1650 bytes, A Adds the file ad-request.js"="2/25/2020 2:37 PM, 3082 bytes, A Adds the file ad-response.js"="2/25/2020 2:37 PM, 1014 bytes, A Adds the file context.js"="2/25/2020 2:37 PM, 2049 bytes, A Adds the file ext-config.js"="2/25/2020 2:37 PM, 7749 bytes, A Adds the file thank-you-page.js"="2/25/2020 2:37 PM, 941 bytes, A Adds the file user.js"="2/25/2020 2:37 PM, 5495 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eialjdelamohblmmaaanpcpmneccjfpf\1.1.1075.102_0\view\background Adds the file display-ad-renderer.js"="2/25/2020 2:37 PM, 2604 bytes, A Adds the file thank-you-page-renderer.js"="2/25/2020 2:37 PM, 715 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eialjdelamohblmmaaanpcpmneccjfpf Adds the file 000003.log"="4/7/2020 8:51 AM, 1464 bytes, A Adds the file CURRENT"="4/7/2020 8:51 AM, 16 bytes, A Adds the file LOCK"="4/7/2020 8:51 AM, 0 bytes, A Adds the file LOG"="4/7/2020 8:55 AM, 184 bytes, A Adds the file MANIFEST-000001"="4/7/2020 8:51 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "eialjdelamohblmmaaanpcpmneccjfpf"="REG_SZ", "A03AE77108429908C68E50E557F5D396EDE460C24CFFD7174DB91E3B0172F1B1" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/7/20 Scan Time: 9:00 AM Log File: 7e3657f6-789d-11ea-b6c0-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.867 Update Package Version: 1.0.22060 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233815 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 9 min, 13 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.BestCouponsNow, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|eialjdelamohblmmaaanpcpmneccjfpf, Quarantined, 2226, 808229, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.BestCouponsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\eialjdelamohblmmaaanpcpmneccjfpf, Quarantined, 2226, 808229, , , , PUP.Optional.BestCouponsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\eialjdelamohblmmaaanpcpmneccjfpf, Quarantined, 2226, 808229, 1.0.22060, , ame, File: 8 PUP.Optional.BestCouponsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 2226, 808229, , , , PUP.Optional.BestCouponsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 2226, 808229, , , , PUP.Optional.BestCouponsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eialjdelamohblmmaaanpcpmneccjfpf\000003.log, Quarantined, 2226, 808229, , , , PUP.Optional.BestCouponsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eialjdelamohblmmaaanpcpmneccjfpf\CURRENT, Quarantined, 2226, 808229, , , , PUP.Optional.BestCouponsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eialjdelamohblmmaaanpcpmneccjfpf\LOCK, Quarantined, 2226, 808229, , , , PUP.Optional.BestCouponsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eialjdelamohblmmaaanpcpmneccjfpf\LOG, Quarantined, 2226, 808229, , , , PUP.Optional.BestCouponsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eialjdelamohblmmaaanpcpmneccjfpf\MANIFEST-000001, Quarantined, 2226, 808229, , , , PUP.Optional.AdvertisingExt, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EIALJDELAMOHBLMMAAANPCPMNECCJFPF\1.1.1075.102_0\MANIFEST.JSON, Quarantined, 1814, 629211, 1.0.22060, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Rolling Search? The Malwarebytes research team has determined that Rolling Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is a search hijacker and uses web push notifications. How do I know if my computer is affected by Rolling Search? You may see this entry in your list of installed Chrome extensions: and these warnings during install: You will see this icon in your Chrome menu-bar: and this changed setting: How did Rolling Search get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Rolling Search? Our program Malwarebytes can detect and remove this adware. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Rolling Search? No, Malwarebytes removes Rolling Search completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Rolling Search hijacker. It would have blocked their website, giving you a chance to stop before it became too late. Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://install.rollingsearch.com CHR DefaultSearchURL: Default -> hxxps://feed.rollingsearch.com/?q={searchTerms}&publisher=rollingsearch&barcodeid=569890000000000 CHR DefaultSearchKeyword: Default -> RollingSearch CHR DefaultSuggestURL: Default -> hxxps://api.rollingsearch.com/suggest/get?q={searchTerms} CHR Extension: (RollingSearch) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcncoofdjajjmofplbdieeoieapjhgij [2020-04-06] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcncoofdjajjmofplbdieeoieapjhgij\1.1.0_0 Adds the file manifest.json"="4/6/2020 8:47 AM, 2098 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcncoofdjajjmofplbdieeoieapjhgij\1.1.0_0\_metadata Adds the file computed_hashes.json"="4/6/2020 8:47 AM, 6255 bytes, A Adds the file verified_contents.json"="3/1/2020 10:21 AM, 2049 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcncoofdjajjmofplbdieeoieapjhgij\1.1.0_0\images Adds the file logo-white-text.png"="3/1/2020 10:21 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcncoofdjajjmofplbdieeoieapjhgij\1.1.0_0\images\icons Adds the file 128x128.png"="4/6/2020 8:47 AM, 4055 bytes, A Adds the file 16x16.png"="4/6/2020 8:47 AM, 470 bytes, A Adds the file 64x64.png"="4/6/2020 8:47 AM, 2105 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcncoofdjajjmofplbdieeoieapjhgij\1.1.0_0\scripts Adds the file background.js"="3/1/2020 10:21 AM, 514587 bytes, A Adds the file sitecontent.js"="3/1/2020 10:21 AM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dcncoofdjajjmofplbdieeoieapjhgij Adds the file 000003.log"="4/6/2020 8:51 AM, 835 bytes, A Adds the file CURRENT"="4/6/2020 8:47 AM, 16 bytes, A Adds the file LOCK"="4/6/2020 8:47 AM, 0 bytes, A Adds the file LOG"="4/6/2020 8:51 AM, 184 bytes, A Adds the file MANIFEST-000001"="4/6/2020 8:47 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_dcncoofdjajjmofplbdieeoieapjhgij Adds the file Rolling Search.ico"="4/6/2020 8:47 AM, 177147 bytes, A Adds the file Rolling Search.ico.md5"="4/6/2020 8:47 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "dcncoofdjajjmofplbdieeoieapjhgij"="REG_SZ", "6159505CD847AE8099AE07E9DB4B4D7E0629A29A665857442A9D4EDDD1FC8597" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/6/20 Scan Time: 8:56 AM Log File: b2604f3e-77d3-11ea-a56d-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21998 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233786 Threats Detected: 14 Threats Quarantined: 14 Time Elapsed: 12 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|dcncoofdjajjmofplbdieeoieapjhgij, Quarantined, 15116, 799722, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\dcncoofdjajjmofplbdieeoieapjhgij, Quarantined, 15116, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DCNCOOFDJAJJMOFPLBDIEEOIEAPJHGIJ, Quarantined, 15116, 799722, 1.0.21998, , ame, File: 11 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15116, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15116, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dcncoofdjajjmofplbdieeoieapjhgij\000003.log, Quarantined, 15116, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dcncoofdjajjmofplbdieeoieapjhgij\CURRENT, Quarantined, 15116, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dcncoofdjajjmofplbdieeoieapjhgij\LOCK, Quarantined, 15116, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dcncoofdjajjmofplbdieeoieapjhgij\LOG, Quarantined, 15116, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dcncoofdjajjmofplbdieeoieapjhgij\MANIFEST-000001, Quarantined, 15116, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DCNCOOFDJAJJMOFPLBDIEEOIEAPJHGIJ\1.1.0_0\MANIFEST.JSON, Quarantined, 15116, 799722, 1.0.21998, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 214, 802211, 1.0.21998, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 214, 802211, 1.0.21998, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 214, 802211, 1.0.21998, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Access+? The Malwarebytes research team has determined that Access+ is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one changes your Google search results and their affiliate site uses web push notifications. How do I know if my computer is affected by Access+? You may see this entry in your list of installed Chrome extensions: and these warnings during install: You will see this icon in your Chrome menu-bar: How did Access+ get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Access+? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Access+? No, Malwarebytes removes Access+ completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Access+ hijacker. It would have blocked their website, giving you a chance to stop before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Access+) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnpfpbbhgpppcoihmnjggdegaipdphg [2020-04-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnpfpbbhgpppcoihmnjggdegaipdphg\3.2.16_0 Adds the file googlesearch.js"="3/8/2020 7:59 AM, 2936 bytes, A Adds the file icon128.png"="4/3/2020 8:56 AM, 13540 bytes, A Adds the file manifest.json"="4/3/2020 8:56 AM, 2131 bytes, A Adds the file meta.js"="3/8/2020 8:00 AM, 188 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnpfpbbhgpppcoihmnjggdegaipdphg\3.2.16_0\_metadata Adds the file computed_hashes.json"="4/3/2020 8:56 AM, 239 bytes, A Adds the file verified_contents.json"="3/8/2020 8:00 AM, 1632 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "plnpfpbbhgpppcoihmnjggdegaipdphg"="REG_SZ", "C83B5543E320CCA3853CB62210B50109C3FAD7018031E6B19A7C3DB05DD10476" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/3/20 Scan Time: 9:19 AM Log File: 7becca18-757b-11ea-bda4-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21824 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234039 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 3 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SponsoredSearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|plnpfpbbhgpppcoihmnjggdegaipdphg, Quarantined, 15182, 806876, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.SponsoredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PLNPFPBBHGPPPCOIHMNJGGDEGAIPDPHG, Quarantined, 15182, 806876, 1.0.21824, , ame, File: 3 PUP.Optional.SponsoredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15182, 806876, , , , PUP.Optional.SponsoredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15182, 806876, , , , PUP.Optional.SponsoredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PLNPFPBBHGPPPCOIHMNJGGDEGAIPDPHG\3.2.16_0\MANIFEST.JSON, Quarantined, 15182, 806876, 1.0.21824, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is My Social Shortcut?The Malwarebytes research team has determined that My Social Shortcut is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.My Social Shortcut is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by My Social Shortcut?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did My Social Shortcut get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove My Social Shortcut?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of My Social Shortcut? No, Malwarebytes' Anti-Malware removes My Social Shortcut completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the My Social Shortcut hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hp.myway.com/mysocialshortcut/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF Homepage: Mozilla\Firefox\Profiles\{profile}.default -> moz-extension://6efd25d0-19d0-4d95-8143-1370478153a6/dynamicHomePage.html FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _d1Membersttab03_@free.mysocialshortcut.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _d1Membersttab03_@free.mysocialshortcut.com FF Extension: (MySocialShortcut) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_d1Membersttab03_@free.mysocialshortcut.com.xpi [2020-04-02] [UpdateUrl:hxxps://updates.tb.ask.com/updateXpi.json?id=223553785&version=8.942.17.48010&track=TTAB03&trackRevision=1&fromId=_d1Membersttab03_%40free.mysocialshortcut.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://ognogdhldnmmaggmfoahbdnagnbhhlmj/ntp1.html" CHR Extension: (MySocialShortcut) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognogdhldnmmaggmfoahbdnagnbhhlmj [2020-04-02] C:\Users\{username}\AppData\Local\MySocialShortcutTooltab MySocialShortcut Internet Explorer Homepage and New Tab (HKCU\...\MySocialShortcutTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognogdhldnmmaggmfoahbdnagnbhhlmj\13.924.17.40984_0 Adds the file manifest.json"="4/2/2020 10:46 AM, 2551 bytes, A Adds the file ntp1.html"="3/17/2020 10:48 AM, 1434 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognogdhldnmmaggmfoahbdnagnbhhlmj\13.924.17.40984_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognogdhldnmmaggmfoahbdnagnbhhlmj\13.924.17.40984_0\_metadata Adds the file computed_hashes.json"="4/2/2020 10:46 AM, 7778 bytes, A Adds the file verified_contents.json"="3/17/2020 10:48 AM, 9197 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognogdhldnmmaggmfoahbdnagnbhhlmj\13.924.17.40984_0\config Adds the file config.json"="3/17/2020 10:48 AM, 2239 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognogdhldnmmaggmfoahbdnagnbhhlmj\13.924.17.40984_0\icons Adds the file icon128.png"="4/2/2020 10:46 AM, 5214 bytes, A Adds the file icon16.png"="4/2/2020 10:46 AM, 518 bytes, A Adds the file icon19disabled.png"="3/17/2020 10:48 AM, 1604 bytes, A Adds the file icon19on.png"="4/2/2020 10:46 AM, 588 bytes, A Adds the file icon48.png"="4/2/2020 10:46 AM, 1874 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognogdhldnmmaggmfoahbdnagnbhhlmj\13.924.17.40984_0\js Adds the file ajax.js"="3/17/2020 10:48 AM, 3263 bytes, A Adds the file babAPI.js"="3/17/2020 10:48 AM, 5950 bytes, A Adds the file babClickHandler.js"="3/17/2020 10:48 AM, 3485 bytes, A Adds the file babContentScript.js"="3/17/2020 10:48 AM, 10509 bytes, A Adds the file babContentScriptAPI.js"="3/17/2020 10:48 AM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="3/17/2020 10:48 AM, 4311 bytes, A Adds the file babTypeFactory.js"="3/17/2020 10:48 AM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="3/17/2020 10:48 AM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="3/17/2020 10:48 AM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="3/17/2020 10:48 AM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="3/17/2020 10:48 AM, 4111 bytes, A Adds the file background.js"="3/17/2020 10:48 AM, 25379 bytes, A Adds the file browserUtils.js"="3/17/2020 10:48 AM, 1892 bytes, A Adds the file chrome.js"="3/17/2020 10:48 AM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="3/17/2020 10:48 AM, 23600 bytes, A Adds the file dateTimeUtils.js"="3/17/2020 10:48 AM, 1213 bytes, A Adds the file dlp.js"="3/17/2020 10:48 AM, 5852 bytes, A Adds the file dlpHelper.js"="3/17/2020 10:48 AM, 1835 bytes, A Adds the file extensionDetect.js"="3/17/2020 10:48 AM, 4357 bytes, A Adds the file index.js"="3/17/2020 10:48 AM, 49 bytes, A Adds the file localStorageContentScript.js"="3/17/2020 10:48 AM, 2237 bytes, A Adds the file logger.js"="3/17/2020 10:48 AM, 531 bytes, A Adds the file loggingLevelUtils.js"="3/17/2020 10:48 AM, 1976 bytes, A Adds the file meta.js"="3/17/2020 10:48 AM, 1697 bytes, A Adds the file newTabPageRedirectHandler.js"="3/17/2020 10:48 AM, 2902 bytes, A Adds the file notificationService.js"="3/17/2020 10:48 AM, 15355 bytes, A Adds the file offerService.js"="3/17/2020 10:48 AM, 17241 bytes, A Adds the file pageUtils.js"="3/17/2020 10:48 AM, 3132 bytes, A Adds the file PartnerId.js"="3/17/2020 10:48 AM, 16402 bytes, A Adds the file polyfill.js"="3/17/2020 10:48 AM, 875 bytes, A Adds the file product.js"="3/17/2020 10:48 AM, 8007 bytes, A Adds the file pTagService.js"="3/17/2020 10:48 AM, 7125 bytes, A Adds the file remoteConfigLoader.js"="3/17/2020 10:48 AM, 6179 bytes, A Adds the file scheduler.js"="3/17/2020 10:48 AM, 4130 bytes, A Adds the file searchBoxFocusSetterEdge.js"="3/17/2020 10:48 AM, 1648 bytes, A Adds the file splashPageRedirectHandler.js"="3/17/2020 10:48 AM, 2821 bytes, A Adds the file storageUtils.js"="3/17/2020 10:48 AM, 1718 bytes, A Adds the file surveyService.js"="3/17/2020 10:48 AM, 5401 bytes, A Adds the file templateParser.js"="3/17/2020 10:48 AM, 3153 bytes, A Adds the file ul.js"="3/17/2020 10:48 AM, 5856 bytes, A Adds the file urlFragmentActions.js"="3/17/2020 10:48 AM, 2453 bytes, A Adds the file urlUtils.js"="3/17/2020 10:48 AM, 5991 bytes, A Adds the file util.js"="3/17/2020 10:48 AM, 5402 bytes, A Adds the file watchExtensionsHandler.js"="3/17/2020 10:48 AM, 10297 bytes, A Adds the file webtooltabAPI.js"="3/17/2020 10:48 AM, 9786 bytes, A Adds the file webTooltabAPIProxy.js"="3/17/2020 10:48 AM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ognogdhldnmmaggmfoahbdnagnbhhlmj Adds the file 000003.log"="4/2/2020 10:47 AM, 9823 bytes, A Adds the file CURRENT"="4/2/2020 10:46 AM, 16 bytes, A Adds the file LOCK"="4/2/2020 10:46 AM, 0 bytes, A Adds the file LOG"="4/2/2020 10:48 AM, 185 bytes, A Adds the file MANIFEST-000001"="4/2/2020 10:46 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\MySocialShortcutTooltab Adds the file TooltabExtension.dll"="11/21/2019 8:15 PM, 273008 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _d1Membersttab03_@free.mysocialshortcut.com.xpi"="4/2/2020 10:49 AM, 226458 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ognogdhldnmmaggmfoahbdnagnbhhlmj"="REG_SZ", "B7DC2AFB9FEE8B79E5E8CA28C04303784F8973CE124A65BA2E5883514D6CE5E5" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "https://hp.myway.com/mysocialshortcut/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MySocialShortcutTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "MySocialShortcut Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\MySocialShortcutTooltab\TooltabExtension.dll" U uninstall:MySocialShortcut" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\MySocialShortcut] "Start Page"="REG_SZ", "https://hp.myway.com/mysocialshortcut/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c={ptb}&ptb={p2}" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/2/20 Scan Time: 10:58 AM Log File: 16b41158-74c0-11ea-8370-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21778 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234055 Threats Detected: 23 Threats Quarantined: 23 Time Elapsed: 18 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MySocialShortcutTooltab\TooltabExtension.dll, Quarantined, 1813, 356944, , , , Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MySocialShortcutTooltab Uninstall Internet Explorer, Quarantined, 1813, 356944, , , , PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MySocialShortcut, Quarantined, 1813, 444113, 1.0.21778, , ame, Registry Value: 4 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MySocialShortcut|START PAGE, Quarantined, 1813, 444113, 1.0.21778, , ame, PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MySocialShortcut|UNINSTALLSURVEYURL, Quarantined, 1813, 769449, 1.0.21778, , ame, PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MySocialShortcutTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, 709, 352442, 1.0.21778, , ame, PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ognogdhldnmmaggmfoahbdnagnbhhlmj, Quarantined, 1813, 443121, , , , Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 709, 293497, 1.0.21778, , ame, Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MySocialShortcutTooltab, Quarantined, 1813, 356944, 1.0.21778, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ognogdhldnmmaggmfoahbdnagnbhhlmj, Quarantined, 1813, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OGNOGDHLDNMMAGGMFOAHBDNAGNBHHLMJ, Quarantined, 1813, 443121, 1.0.21778, , ame, File: 12 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MySocialShortcutTooltab\TooltabExtension.dll, Quarantined, 1813, 356944, 1.0.21778, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_d1Membersttab03_@free.mysocialshortcut.com.xpi, Quarantined, 1813, 782571, 1.0.21778, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1813, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1813, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ognogdhldnmmaggmfoahbdnagnbhhlmj\000003.log, Quarantined, 1813, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ognogdhldnmmaggmfoahbdnagnbhhlmj\CURRENT, Quarantined, 1813, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ognogdhldnmmaggmfoahbdnagnbhhlmj\LOCK, Quarantined, 1813, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ognogdhldnmmaggmfoahbdnagnbhhlmj\LOG, Quarantined, 1813, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ognogdhldnmmaggmfoahbdnagnbhhlmj\MANIFEST-000001, Quarantined, 1813, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OGNOGDHLDNMMAGGMFOAHBDNAGNBHHLMJ\13.924.17.40984_0\MANIFEST.JSON, Quarantined, 1813, 443121, 1.0.21778, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OGNOGDHLDNMMAGGMFOAHBDNAGNBHHLMJ\13.924.17.40984_0\CONFIG\CONFIG.JSON, Quarantined, 1813, 456842, 1.0.21778, , ame, PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\MYSOCIALSHORTCUT.EXE, Quarantined, 709, 365288, 1.0.21778, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is ScanMyReg? The Malwarebytes research team has determined that ScanMyReg is a registry cleaner. These so-called "registry cleaners" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with ScanMyReg? This is how the main screen of the registry cleaning application looks: You will find these icons in your taskbar and on your desktop: And see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: How did ScanMyReg get on my computer? These so-called registry cleaners use different methods of getting installed. This particular one was downloaded from their website. How do I remove ScanMyReg? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of ScanMyReg? No, Malwarebytes removes ScanMyReg completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this registry cleaner. As you can see below the full version of Malwarebytes would have protected you against the ScanMyReg installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts You may see these entries in FRST logs: (SuiNing Yilong Software Store -> YL Computing, Inc) C:\Program Files (x86)\ScanMyReg\ScanMyReg.exe C:\Users\Public\Desktop\ScanMyReg.lnk C:\ProgramData\Desktop\ScanMyReg.lnk C:\Windows\SysWOW64\91207717.sys C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanMyReg C:\Program Files (x86)\ScanMyReg (YL Computing, Inc ) C:\Users\{username}\Desktop\smrinstall2019.exe ScanMyReg 3.25 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-A9D60D18D757}_is1) (Version: 3.25 - YL Computing, Inc) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\ScanMyReg Adds the file list.dat"="1/9/2015 7:56 PM, 106 bytes, A Adds the file ScanMyReg.exe"="3/18/2019 1:46 PM, 3684752 bytes, A Adds the file Settings.ini"="4/1/2020 8:28 AM, 256 bytes, A Adds the file Settings.xml"="3/6/2012 12:51 PM, 3834 bytes, A Adds the file unins000.dat"="4/1/2020 8:27 AM, 16799 bytes, A Adds the file unins000.exe"="4/1/2020 8:26 AM, 840357 bytes, A Adds the folder C:\Program Files (x86)\ScanMyReg\Language Adds the file Arabic.bmp"="1/1/2014 8:48 AM, 2254 bytes, A Adds the file Arabic.txt"="1/1/2014 8:47 AM, 9329 bytes, A Adds the folder C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky Adds the folder C:\Program Files (x86)\ScanMyReg\Skin\Classic Adds the folder C:\Program Files (x86)\ScanMyReg\Skin\Feri Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanMyReg Adds the file ScanMyReg on the Web.url"="4/1/2020 8:27 AM, 58 bytes, A Adds the file ScanMyReg.lnk"="4/1/2020 8:27 AM, 1037 bytes, A Adds the file Uninstall ScanMyReg.lnk"="4/1/2020 8:27 AM, 1032 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file ScanMyReg.lnk"="4/1/2020 8:27 AM, 1019 bytes, A In the existing folder C:\Windows\SysWOW64 Adds the file 91207717.sys"="4/1/2020 8:27 AM, 46 bytes, A Adds the file gdiplus.dll"="7/25/2010 10:23 PM, 1706800 bytes, A Adds the file shfolder.inf"="7/25/2010 10:23 PM, 439 bytes, A Adds the file unicows.dll"="7/25/2010 10:23 PM, 258352 bytes, A Adds the file W95INF16.DLL"="7/25/2010 10:23 PM, 2272 bytes, A Adds the file W95INF32.DLL"="7/25/2010 10:23 PM, 4608 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC274982-5AAD-4C20-848D-A9D60D18D757}_is1] "DisplayName"="REG_SZ", "ScanMyReg 3.25" "DisplayVersion"="REG_SZ", "3.25" "EstimatedSize"="REG_DWORD", 12225 "HelpLink"="REG_SZ", "http://scanmyreg.ylcomputing.com/support.htm" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\ScanMyReg" "Inno Setup: Deselected Tasks"="REG_SZ", "quicklaunchicon" "Inno Setup: Icon Group"="REG_SZ", "ScanMyReg" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.6.1 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20200401" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\ScanMyReg\" "MajorVersion"="REG_DWORD", 3 "MinorVersion"="REG_DWORD", 25 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "YL Computing, Inc" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\ScanMyReg\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\ScanMyReg\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://scanmyreg.ylcomputing.com" "URLUpdateInfo"="REG_SZ", "http://scanmyreg.ylcomputing.com/download.htm" "VersionMajor"="REG_DWORD", 3 "VersionMinor"="REG_DWORD", 25 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/1/20 Scan Time: 8:36 AM Log File: 0db5b60c-73e3-11ea-b893-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21718 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234083 Threats Detected: 149 Threats Quarantined: 149 Time Elapsed: 7 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\ScanMyReg.exe, Quarantined, 3322, 563468, , , , Module: 1 PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\ScanMyReg.exe, Quarantined, 3322, 563468, , , , Registry Key: 1 PUP.Optional.ScanMyReg, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FC274982-5AAD-4C20-848D-A9D60D18D757}_IS1, Quarantined, 3322, 563472, 1.0.21718, , ame, Registry Value: 1 PUP.Optional.ScanMyReg, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FC274982-5AAD-4C20-848D-A9D60D18D757}_IS1|DISPLAYNAME, Quarantined, 3322, 563472, 1.0.21718, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\PROGRAM FILES (X86)\SCANMYREG, Quarantined, 3322, 563468, 1.0.21718, , ame, PUP.Optional.ScanMyReg, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SCANMYREG, Quarantined, 3322, 563469, 1.0.21718, , ame, File: 138 PUP.Optional.ScanMyReg, C:\USERS\PUBLIC\DESKTOP\SCANMYREG.LNK, Quarantined, 3322, 563470, 1.0.21718, , ame, PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Arabic.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Arabic.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Chinese(Simplified).bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Chinese(Simplified).txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\chinese(Traditional).bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\chinese(Traditional).txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Czech.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Default.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Deutsch.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Deutsch.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Dutch-Nl.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Dutch-Nl.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\English.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\English.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Estonian.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Estonian.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Farsi.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Farsi.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Finnish.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Finnish.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\French.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\French.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Greek.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Greek.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Indonesia.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Indonesia.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Italian.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Italian.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Japanese.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Japanese.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Korean.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Korean.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Macedonian.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Magyar.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Nederlands.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Nederlands.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Norwegian.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Norwegian.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Polish.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Polish.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Portuguese-br.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Portuguese-br.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Portuguese-pt.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Portuguese-pt.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Romanian.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Romanian.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Russian.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Russian.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Spanish.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Turkish.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Turkish.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Ukrainian.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Vietnamese.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Vietnamese.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Vlaams.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Language\Vlaams.txt, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\b11.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\b12.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\b13.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\b21.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\b22.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\b23.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\backbtn.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\backbtn_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\btn_disable.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\btn_hover.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\btn_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\disable99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\hover99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\main.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\normal99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\pressed99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\registernow_buy_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\registernow_buy_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\registernow_register_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\registernow_register_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\spbtn_horver.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\spbtn_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Blue Sky\spbtn_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\b11.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\b12.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\b13.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\b21.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\b22.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\b23.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\backbtn.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\backbtn_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\btn_disable.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\btn_hover.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\btn_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\disable99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\hover99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\main.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\normal99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\pressed99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\registernow_buy_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\registernow_buy_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\registernow_register_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\registernow_register_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\spbtn_horver.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\spbtn_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Classic\spbtn_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\b11.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\b12.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\b13.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\b21.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\b22.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\b23.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\backbtn.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\backbtn_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\btn_disable.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\btn_hover.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\btn_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\disable99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\hover99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\main.bmp, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\normal99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\pressed99.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\registernow_buy_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\registernow_buy_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\registernow_register_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\registernow_register_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\spbtn_horver.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\spbtn_normal.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Skin\Feri\spbtn_pressed.png, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\list.dat, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\ScanMyReg.exe, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Settings.ini, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\Settings.xml, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\unins000.dat, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\Program Files (x86)\ScanMyReg\unins000.exe, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\ScanMyReg.lnk, Quarantined, 3322, 563468, , , , PUP.Optional.ScanMyReg, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanMyReg\ScanMyReg on the Web.url, Quarantined, 3322, 563469, , , , PUP.Optional.ScanMyReg, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanMyReg\ScanMyReg.lnk, Quarantined, 3322, 563469, , , , PUP.Optional.ScanMyReg, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanMyReg\Uninstall ScanMyReg.lnk, Quarantined, 3322, 563469, , , , PUP.Optional.ScanMyReg, C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\LOCALCOPY\{6F0DE846-37D1-44E6-A767-FFB16B545FE1}-SMRINSTALL2019.EXE, Quarantined, 3322, 563473, 1.0.21718, , ame, PUP.Optional.ScanMyReg, C:\USERS\{username}\DESKTOP\SMRINSTALL2019.EXE, Quarantined, 3322, 563473, 1.0.21718, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. What is SearchZilla? The Malwarebytes research team has determined that SearchZilla is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is a search hijacker and uses web push notifications. How do I know if my computer is affected by SearchZilla? You may see this entry in your list of installed Chrome extensions: and these warnings during install: You will see this icon in your Chrome menu-bar: and these changed settings: How did SearchZilla get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove SearchZilla? Our program Malwarebytes can detect and remove this adware. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of SearchZilla? No, Malwarebytes removes SearchZilla completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://install.search-zilla.com CHR DefaultSearchURL: Default -> hxxps://feed.search-zilla.com/?q={searchTerms}&publisher=searchzilla&barcodeid=569860000000000 CHR DefaultSearchKeyword: Default -> SearchZilla CHR DefaultSuggestURL: Default -> hxxps://api.search-zilla.com/suggest/get?q={searchTerms} CHR Extension: (SearchZilla) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgolgjbhgjpihecbbbhggkaggkmnbffc [2020-03-31] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgolgjbhgjpihecbbbhggkaggkmnbffc\1.1.0_0 Adds the file manifest.json"="3/31/2020 10:43 AM, 2078 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgolgjbhgjpihecbbbhggkaggkmnbffc\1.1.0_0\_metadata Adds the file computed_hashes.json"="3/31/2020 10:43 AM, 6255 bytes, A Adds the file verified_contents.json"="2/27/2020 10:32 AM, 2049 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgolgjbhgjpihecbbbhggkaggkmnbffc\1.1.0_0\images Adds the file logo-white-text.png"="2/27/2020 10:32 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgolgjbhgjpihecbbbhggkaggkmnbffc\1.1.0_0\images\icons Adds the file 128x128.png"="3/31/2020 10:43 AM, 5636 bytes, A Adds the file 16x16.png"="3/31/2020 10:43 AM, 608 bytes, A Adds the file 64x64.png"="3/31/2020 10:43 AM, 2649 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgolgjbhgjpihecbbbhggkaggkmnbffc\1.1.0_0\scripts Adds the file background.js"="2/27/2020 10:32 AM, 514556 bytes, A Adds the file sitecontent.js"="2/27/2020 10:32 AM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lgolgjbhgjpihecbbbhggkaggkmnbffc Adds the file 000003.log"="3/31/2020 10:46 AM, 816 bytes, A Adds the file CURRENT"="3/31/2020 10:43 AM, 16 bytes, A Adds the file LOCK"="3/31/2020 10:43 AM, 0 bytes, A Adds the file LOG"="3/31/2020 10:46 AM, 184 bytes, A Adds the file MANIFEST-000001"="3/31/2020 10:43 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_lgolgjbhgjpihecbbbhggkaggkmnbffc Adds the file SearchZilla.ico"="3/31/2020 10:43 AM, 182073 bytes, A Adds the file SearchZilla.ico.md5"="3/31/2020 10:43 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lgolgjbhgjpihecbbbhggkaggkmnbffc"="REG_SZ", "07E3803BC2A903329DCC2C29C4CE4B4C9CC6896F5F116AB6FEB985D4A100ACF4" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/31/20 Scan Time: 10:52 AM Log File: e9d81dda-732c-11ea-b2d8-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21666 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234057 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 14 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lgolgjbhgjpihecbbbhggkaggkmnbffc, Quarantined, 15096, 799722, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\lgolgjbhgjpihecbbbhggkaggkmnbffc, Quarantined, 15096, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LGOLGJBHGJPIHECBBBHGGKAGGKMNBFFC, Quarantined, 15096, 799722, 1.0.21666, , ame, File: 8 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15096, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15096, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lgolgjbhgjpihecbbbhggkaggkmnbffc\000003.log, Quarantined, 15096, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lgolgjbhgjpihecbbbhggkaggkmnbffc\CURRENT, Quarantined, 15096, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lgolgjbhgjpihecbbbhggkaggkmnbffc\LOCK, Quarantined, 15096, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lgolgjbhgjpihecbbbhggkaggkmnbffc\LOG, Quarantined, 15096, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lgolgjbhgjpihecbbbhggkaggkmnbffc\MANIFEST-000001, Quarantined, 15096, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LGOLGJBHGJPIHECBBBHGGKAGGKMNBFFC\1.1.0_0\MANIFEST.JSON, Quarantined, 15096, 799722, 1.0.21666, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  7. What is Decent Search?The Malwarebytes research team has determined that Decent Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Decent Search?You may see this entry in your list of installed Chrome extensions:this icon in the Chrome menu-bar:this changed setting:You may have noticed these warnings during install:How did Decent Search get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from a deceptive website:How do I remove Decent Search?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Decent Search? No, Malwarebytes removes Decent Search completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Decent Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://somedecentsearch.com/search/?q={searchTerms} CHR DefaultSearchKeyword: Default -> ds CHR DefaultSuggestURL: Default -> hxxps://somedecentsearch.com/suggest/?q={searchTerms} CHR Extension: (Decent) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeiemkknffcmghkanjfajlaplkdhlbg [2020-03-30] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeiemkknffcmghkanjfajlaplkdhlbg\1.8_0 Adds the file bg.js"="2/25/2020 11:05 PM, 987 bytes, A Adds the file icon.png"="3/30/2020 9:16 AM, 8867 bytes, A Adds the file manifest.json"="3/30/2020 9:16 AM, 1227 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeiemkknffcmghkanjfajlaplkdhlbg\1.8_0\_metadata Adds the file computed_hashes.json"="3/30/2020 9:16 AM, 128 bytes, A Adds the file verified_contents.json"="3/20/2020 6:38 PM, 1508 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "faeiemkknffcmghkanjfajlaplkdhlbg"="REG_SZ", "76C7840812E71F91D4E537F5494A8FAFFC4040974E386D8361902E5A87A93EBD" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/30/20 Scan Time: 9:30 AM Log File: 5c4d1116-7258-11ea-9f44-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21612 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234055 Threats Detected: 7 Threats Quarantined: 7 Time Elapsed: 20 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.DecentSearch, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|faeiemkknffcmghkanjfajlaplkdhlbg, Quarantined, 427, 803834, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.DecentSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FAEIEMKKNFFCMGHKANJFAJLAPLKDHLBG, Quarantined, 427, 803834, 1.0.21612, , ame, File: 5 PUP.Optional.DecentSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 427, 803834, , , , PUP.Optional.DecentSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 427, 803834, , , , PUP.Optional.DecentSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FAEIEMKKNFFCMGHKANJFAJLAPLKDHLBG\1.8_0\MANIFEST.JSON, Quarantined, 427, 803834, 1.0.21612, , ame, PUP.Optional.DecentSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 427, 803835, 1.0.21612, , ame, PUP.Optional.DecentSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 427, 803835, 1.0.21612, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  8. What is Get Search Plus? The Malwarebytes research team has determined that Get Search Plus is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is also a browser NewTab and uses web push notifications. How do I know if my computer is affected by Get Search Plus? You may see this entry in your list of installed Chrome extensions: this icon in the Chrome menu-bar: these changed settings: You may have noticed these warnings during install: How did Get Search Plus get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Get Search Plus? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Get Search Plus? No, Malwarebytes removes Get Search Plus completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. Malwarebytes Browser Guard, as well as the full version of Malwarebytes would have protected you against the Get Search Plus hijacker. It blocks their domains, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://searchplus.co CHR NewTab: Default -> Active:"chrome-extension://eoccimmcpieheioihnpeedkkfonjojgi/newtabhtml/newtabpage.html" CHR DefaultSearchURL: Default -> hxxps://hp.hsearchplus.co/s?query={searchTerms} CHR DefaultSearchKeyword: Default -> Search Plus CHR Extension: (Search Plus) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccimmcpieheioihnpeedkkfonjojgi [2020-03-27] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccimmcpieheioihnpeedkkfonjojgi\1.1_0 Adds the file central.js"="3/10/2020 4:11 PM, 1823 bytes, A Adds the file icon.png"="3/27/2020 10:13 AM, 3320 bytes, A Adds the file manifest.json"="3/27/2020 10:13 AM, 1722 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccimmcpieheioihnpeedkkfonjojgi\1.1_0\_locales\en Adds the file messages.json"="3/27/2020 10:13 AM, 180 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccimmcpieheioihnpeedkkfonjojgi\1.1_0\_metadata Adds the file computed_hashes.json"="3/27/2020 10:13 AM, 1673 bytes, A Adds the file verified_contents.json"="3/9/2020 11:39 AM, 3016 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccimmcpieheioihnpeedkkfonjojgi\1.1_0\html\bAction Adds the file about.html"="1/13/2020 5:23 PM, 3877 bytes, A Adds the file newtabpage.html"="9/30/2019 2:04 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccimmcpieheioihnpeedkkfonjojgi\1.1_0\js Adds the file browseraction.js"="3/9/2020 11:40 AM, 1023 bytes, A Adds the file config.js"="3/10/2020 4:09 PM, 1008 bytes, A Adds the file dailyFeature.js"="3/9/2020 11:40 AM, 3525 bytes, A Adds the file ds.js"="10/21/2019 4:07 PM, 711 bytes, A Adds the file log.js"="10/21/2019 4:07 PM, 888 bytes, A Adds the file newTab.js"="3/9/2020 3:25 PM, 1601 bytes, A Adds the file search.js"="2/20/2020 2:19 PM, 1027 bytes, A Adds the file store.js"="8/28/2019 1:57 PM, 235 bytes, A Adds the file utility.js"="10/21/2019 4:07 PM, 2522 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccimmcpieheioihnpeedkkfonjojgi\1.1_0\newtabhtml Adds the file newtabpage.html"="9/30/2019 2:00 PM, 207 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\eoccimmcpieheioihnpeedkkfonjojgi Adds the file 000003.log"="3/27/2020 10:13 AM, 0 bytes, A Adds the file CURRENT"="3/27/2020 10:13 AM, 16 bytes, A Adds the file LOCK"="3/27/2020 10:13 AM, 0 bytes, A Adds the file LOG"="3/27/2020 10:13 AM, 0 bytes, A Adds the file MANIFEST-000001"="3/27/2020 10:13 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "eoccimmcpieheioihnpeedkkfonjojgi"="REG_SZ", "7D4DBE3B43E9C5CD6C02998CA8FDDD714372EE4571E65DA2F1F7E79D406BFA3C" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/27/20 Scan Time: 10:27 AM Log File: 1fec102a-700d-11ea-affe-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21442 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234261 Threats Detected: 13 Threats Quarantined: 13 Time Elapsed: 7 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchPlus, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|eoccimmcpieheioihnpeedkkfonjojgi, Quarantined, 15087, 785555, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchPlus, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\eoccimmcpieheioihnpeedkkfonjojgi, Quarantined, 15087, 785555, , , , PUP.Optional.SearchPlus, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EOCCIMMCPIEHEIOIHNPEEDKKFONJOJGI, Quarantined, 15087, 785555, 1.0.21442, , ame, File: 10 PUP.Optional.SearchPlus, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15087, 785555, , , , PUP.Optional.SearchPlus, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15087, 785555, , , , PUP.Optional.SearchPlus, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\eoccimmcpieheioihnpeedkkfonjojgi\000003.log, Quarantined, 15087, 785555, , , , PUP.Optional.SearchPlus, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\eoccimmcpieheioihnpeedkkfonjojgi\CURRENT, Quarantined, 15087, 785555, , , , PUP.Optional.SearchPlus, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\eoccimmcpieheioihnpeedkkfonjojgi\LOCK, Quarantined, 15087, 785555, , , , PUP.Optional.SearchPlus, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\eoccimmcpieheioihnpeedkkfonjojgi\LOG, Quarantined, 15087, 785555, , , , PUP.Optional.SearchPlus, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\eoccimmcpieheioihnpeedkkfonjojgi\MANIFEST-000001, Quarantined, 15087, 785555, , , , PUP.Optional.SearchPlus, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EOCCIMMCPIEHEIOIHNPEEDKKFONJOJGI\1.1_0\MANIFEST.JSON, Quarantined, 15087, 785555, 1.0.21442, , ame, PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EOCCIMMCPIEHEIOIHNPEEDKKFONJOJGI\1.1_0\JS\DAILYFEATURE.JS, Quarantined, 204, 752296, 1.0.21442, , ame, PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 155, 787230, 1.0.21442, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  9. What is Protect My Search Daily?The Malwarebytes research team has determined that Protect My Search Daily is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Protect My Search Daily?You may see this entry in your list of installed Chrome extensions:this icon in the Chrome menu-bar:this changed setting:You may have noticed these warnings during install:How did Protect My Search Daily get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Protect My Search Daily?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Protect My Search Daily? No, Malwarebytes removes Protect My Search Daily completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes, as well as Malwarebytes Browser Guard would have protected you against the Protect My Search Daily hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://www.protectmysearchdaily.com/search.php?type=search&id=MTMyNzQ&q={searchTerms} CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://auto.protectmysearchdaily.com/autocomplete.js?omni=true&appId=MTMyNzQ&q={searchTerms} CHR Extension: (Web) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo [2020-03-26] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0 Adds the file manifest.json"="3/26/2020 9:00 AM, 2254 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\_metadata Adds the file computed_hashes.json"="3/26/2020 9:00 AM, 13251 bytes, A Adds the file verified_contents.json"="3/9/2020 10:11 AM, 8555 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\core Adds the file content.js"="3/9/2020 10:11 AM, 5685 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\homepage\block Adds the file block.html"="3/9/2020 10:11 AM, 2075 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\homepage\css Adds the file annotations.css"="3/9/2020 10:11 AM, 38371 bytes, A Adds the file blockedPage.css"="3/9/2020 10:11 AM, 4772 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\homepage\icons Adds the file alert.svg"="3/9/2020 10:11 AM, 1093 bytes, A Adds the file security.svg"="3/9/2020 10:11 AM, 1028 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\homepage\img Adds the file _earth.svg"="3/9/2020 10:11 AM, 612 bytes, A Adds the file _logo.png"="3/9/2020 10:11 AM, 2179 bytes, A Adds the file _logo.svg"="3/9/2020 10:11 AM, 531 bytes, A Adds the file _safe.svg"="3/9/2020 10:11 AM, 269 bytes, A Adds the file _unsafe.svg"="3/9/2020 10:11 AM, 430 bytes, A Adds the file annotations-sprite_new.png"="3/9/2020 10:11 AM, 10135 bytes, A Adds the file at-risk-icon.png"="3/9/2020 10:11 AM, 1247 bytes, A Adds the file bg.jpg"="3/9/2020 10:11 AM, 2614 bytes, A Adds the file btn-search.svg"="3/9/2020 10:11 AM, 675 bytes, A Adds the file caution.png"="3/9/2020 10:11 AM, 2738 bytes, A Adds the file caution_.png"="3/9/2020 10:11 AM, 489 bytes, A Adds the file close-pop.png"="3/9/2020 10:11 AM, 693 bytes, A Adds the file footer-bg1-new.png"="3/9/2020 10:11 AM, 2283 bytes, A Adds the file img-blocked.svg"="3/9/2020 10:11 AM, 364 bytes, A Adds the file layer.png"="3/9/2020 10:11 AM, 30798 bytes, A Adds the file pointer.png"="3/9/2020 10:11 AM, 2699 bytes, A Adds the file safe.png"="3/9/2020 10:11 AM, 5040 bytes, A Adds the file safe_.png"="3/9/2020 10:11 AM, 842 bytes, A Adds the file safe-icon.png"="3/9/2020 10:11 AM, 1251 bytes, A Adds the file safeicon-popup.svg"="3/9/2020 10:11 AM, 449 bytes, A Adds the file search.svg"="3/9/2020 10:11 AM, 332 bytes, A Adds the file searchicon.png"="3/9/2020 10:11 AM, 1425 bytes, A Adds the file search-icon-2.png"="3/9/2020 10:11 AM, 9539 bytes, A Adds the file searchmagnifier.png"="3/9/2020 10:11 AM, 4127 bytes, A Adds the file sf_overlay_sprite.png"="3/9/2020 10:11 AM, 13244 bytes, A Adds the file sf-magni.png"="3/9/2020 10:11 AM, 1433 bytes, A Adds the file sf-sprite.png"="3/9/2020 10:11 AM, 17709 bytes, A Adds the file small-search.png"="3/9/2020 10:11 AM, 3875 bytes, A Adds the file srch.png"="3/9/2020 10:11 AM, 1241 bytes, A Adds the file tick.png"="3/9/2020 10:11 AM, 2513 bytes, A Adds the file trans1.png"="3/9/2020 10:11 AM, 935 bytes, A Adds the file unsafeicon-popup.svg"="3/9/2020 10:11 AM, 436 bytes, A Adds the file untested.png"="3/9/2020 10:11 AM, 4621 bytes, A Adds the file untested_.png"="3/9/2020 10:11 AM, 790 bytes, A Adds the file untested-icon.png"="3/9/2020 10:11 AM, 1288 bytes, A Adds the file warning.png"="3/9/2020 10:11 AM, 4586 bytes, A Adds the file warning_.png"="3/9/2020 10:11 AM, 676 bytes, A Adds the file warning-icon.png"="3/9/2020 10:11 AM, 1137 bytes, A Adds the file warningicon-popup.svg"="3/9/2020 10:11 AM, 736 bytes, A Adds the file website.svg"="3/9/2020 10:11 AM, 6696 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\homepage\js Adds the file content-ui.js"="3/9/2020 10:11 AM, 5690 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\homepage\popup Adds the file popup.html"="3/9/2020 10:11 AM, 11632 bytes, A Adds the file popup.js"="3/9/2020 10:11 AM, 13486 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\icons Adds the file icon128.png"="3/26/2020 9:00 AM, 10112 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\js Adds the file blockpage.js"="3/9/2020 10:11 AM, 1865 bytes, A Adds the file custombackground.js"="3/9/2020 10:11 AM, 14996 bytes, A Adds the file jquery-3.2.1.min.js"="3/9/2020 10:11 AM, 86659 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\permission Adds the file fetch.js"="3/9/2020 10:11 AM, 8226 bytes, A Adds the file index.html"="3/9/2020 10:11 AM, 13703 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkodihhbpdgmainngloaaaeloicinoo\2.7.10.10_0\permission\img Adds the file faviconfinal.ico"="3/9/2020 10:11 AM, 101036 bytes, A Adds the file hyper-pp.jpg"="3/9/2020 10:11 AM, 188901 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo Adds the file 000003.log"="3/26/2020 9:03 AM, 95 bytes, A Adds the file CURRENT"="3/26/2020 9:00 AM, 16 bytes, A Adds the file LOCK"="3/26/2020 9:00 AM, 0 bytes, A Adds the file LOG"="3/26/2020 9:05 AM, 184 bytes, A Adds the file MANIFEST-000001"="3/26/2020 9:00 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo Adds the file 000003.log"="3/26/2020 9:00 AM, 71 bytes, A Adds the file CURRENT"="3/26/2020 9:00 AM, 16 bytes, A Adds the file LOCK"="3/26/2020 9:00 AM, 0 bytes, A Adds the file LOG"="3/26/2020 9:05 AM, 183 bytes, A Adds the file MANIFEST-000001"="3/26/2020 9:00 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "dnkodihhbpdgmainngloaaaeloicinoo"="REG_SZ", "D81C25C698B3D99F7AB880A2755ECC749544F5600EB7016CF2EF6F260C9027B9" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/26/20 Scan Time: 9:11 AM Log File: 58495b96-6f39-11ea-a181-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21388 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234708 Threats Detected: 19 Threats Quarantined: 19 Time Elapsed: 6 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchHijacker.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|dnkodihhbpdgmainngloaaaeloicinoo, Quarantined, 273, 803472, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DNKODIHHBPDGMAINNGLOAAAELOICINOO, Quarantined, 273, 803472, 1.0.21388, , ame, File: 15 PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\000003.log, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\CURRENT, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\LOCK, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\LOG, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\MANIFEST-000001, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\000003.log, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\CURRENT, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\LOCK, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\LOG, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnkodihhbpdgmainngloaaaeloicinoo\MANIFEST-000001, Quarantined, 273, 803472, , , , PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DNKODIHHBPDGMAINNGLOAAAELOICINOO\2.7.10.10_0\MANIFEST.JSON, Quarantined, 273, 803472, 1.0.21388, , ame, PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 273, 803469, 1.0.21388, , ame, PUP.Optional.SearchHijacker.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 273, 803469, 1.0.21388, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  10. What is Coupon Search? The Malwarebytes research team has determined that Coupon Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Coupon Search? You may see these new browser extensions: this icon in the menu-bar of the affected browser: these changed settings: You may have noticed these warnings during install: How did Coupon Search get on my computer? Browser hijackers use different methods for distributing themselves. The Chrome extension was downloaded from the webstore: and the Firefox extension directly from their website: How do I remove Coupon Search? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Coupon Search? No, Malwarebytes removes Coupon Search completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Coupon Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: FF Extension: (Coupon Search) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\{1a30df6c-d08a-4528-9c61-7de5617ef920}.xpi [2020-03-25] [UpdateUrl:hxxps://cdn.searchforcoupons-cdn.org/xpi/searchforcoupons/yahoo/0220/updates.json] CHR DefaultSearchURL: Default -> hxxps://services.searchforcoupons-svc.org/search/{searchTerms} CHR DefaultSearchKeyword: Default -> {searchTerms} CHR DefaultSuggestURL: Default -> hxxps://sug.searchforcoupons-svc.org/sug/?s={searchTerms} CHR Extension: (CouponsSearch) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooocplbojpgijahheaeijjiannbgdhnk [2020-03-25] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooocplbojpgijahheaeijjiannbgdhnk\1.0.19.319_0 Adds the file manifest.json"="3/25/2020 8:54 AM, 2075 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooocplbojpgijahheaeijjiannbgdhnk\1.0.19.319_0\_metadata Adds the file computed_hashes.json"="3/25/2020 8:54 AM, 2245 bytes, A Adds the file verified_contents.json"="3/21/2019 1:50 PM, 3537 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooocplbojpgijahheaeijjiannbgdhnk\1.0.19.319_0\background Adds the file ext.js"="3/21/2019 1:50 PM, 4144 bytes, A Adds the file index.html"="3/21/2019 1:50 PM, 410 bytes, A Adds the file listeners.js"="3/21/2019 1:50 PM, 1181 bytes, A Adds the file omni.js"="3/21/2019 1:50 PM, 917 bytes, A Adds the file search.js"="3/21/2019 1:50 PM, 845 bytes, A Adds the file settings.js"="3/21/2019 1:50 PM, 290 bytes, A Adds the file startup.js"="3/21/2019 1:50 PM, 2874 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooocplbojpgijahheaeijjiannbgdhnk\1.0.19.319_0\icons Adds the file 128.png"="3/25/2020 8:54 AM, 30264 bytes, A Adds the file 16.png"="3/25/2020 8:54 AM, 766 bytes, A Adds the file 16gray.png"="3/21/2019 1:50 PM, 903 bytes, A Adds the file 32.png"="3/25/2020 8:54 AM, 2445 bytes, A Adds the file 48.png"="3/25/2020 8:54 AM, 4995 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooocplbojpgijahheaeijjiannbgdhnk\1.0.19.319_0\popup Adds the file popup.css"="3/21/2019 1:50 PM, 276 bytes, A Adds the file popup.html"="3/21/2019 1:50 PM, 531 bytes, A Adds the file popup.js"="3/21/2019 1:50 PM, 276 bytes, A Adds the file tabContent.js"="3/21/2019 1:50 PM, 1619 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooocplbojpgijahheaeijjiannbgdhnk\1.0.19.319_0\prompt Adds the file green-up-arrow.png"="3/21/2019 1:50 PM, 18196 bytes, A Adds the file ok-green-square.png"="3/21/2019 1:50 PM, 28433 bytes, A Adds the file prompt.js"="3/21/2019 1:50 PM, 2880 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk Adds the file 000003.log"="3/25/2020 8:54 AM, 789 bytes, A Adds the file CURRENT"="3/25/2020 8:54 AM, 16 bytes, A Adds the file LOCK"="3/25/2020 8:54 AM, 0 bytes, A Adds the file LOG"="3/25/2020 8:57 AM, 184 bytes, A Adds the file MANIFEST-000001"="3/25/2020 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk Adds the file 000003.log"="3/25/2020 8:54 AM, 83 bytes, A Adds the file CURRENT"="3/25/2020 8:54 AM, 16 bytes, A Adds the file LOCK"="3/25/2020 8:54 AM, 0 bytes, A Adds the file LOG"="3/25/2020 8:57 AM, 183 bytes, A Adds the file MANIFEST-000001"="3/25/2020 8:54 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file {1a30df6c-d08a-4528-9c61-7de5617ef920}.xpi"="3/25/2020 8:52 AM, 74240 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ooocplbojpgijahheaeijjiannbgdhnk"="REG_SZ", "C3F2598FD01A9C7D1335BD68C2A9CFF1E9C461D5379E0B17E76E5FE14246CF24" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/25/20 Scan Time: 12:26 PM Log File: 705f2d22-6e8b-11ea-aa53-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.859 Update Package Version: 1.0.21340 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234754 Threats Detected: 18 Threats Quarantined: 18 Time Elapsed: 5 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.TightRopeInteractive.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ooocplbojpgijahheaeijjiannbgdhnk, Quarantined, 15153, 792704, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.TightRopeInteractive.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OOOCPLBOJPGIJAHHEAEIJJIANNBGDHNK, Quarantined, 15153, 792704, 1.0.21340, , ame, File: 14 PUP.Optional.CouponSearch, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\{1A30DF6C-D08A-4528-9C61-7DE5617EF920}.XPI, Quarantined, 4655, 803740, 1.0.21340, , ame, PUP.Optional.TightRopeInteractive.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\000003.log, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\CURRENT, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\LOCK, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\LOG, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\MANIFEST-000001, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\000003.log, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\CURRENT, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\LOCK, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\LOG, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ooocplbojpgijahheaeijjiannbgdhnk\MANIFEST-000001, Quarantined, 15153, 792704, , , , PUP.Optional.TightRopeInteractive.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OOOCPLBOJPGIJAHHEAEIJJIANNBGDHNK\1.0.19.319_0\MANIFEST.JSON, Quarantined, 15153, 792704, 1.0.21340, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  11. What is Tab Recovery - Save & Organize Your Tabs? The Malwarebytes research team has determined that Tab Recovery is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is also a browser NewTab. How do I know if my computer is affected by Tab Recovery? You may see this entry in your list of installed Chrome extensions: this icon in the Chrome menu-bar: these changed settings: and this new startpage: and searchpage: You may have noticed these warnings during install: How did Tab Recovery get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: How do I remove Tab Recovery? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Tab Recovery? No, Malwarebytes removes Tab Recovery completely. We hope our application and this guide have helped you eradicate this hijacker. Technical details for experts Possible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://pbkpcnlmaopgbmjepnnlinggpbdlhfll/newtab.html" CHR DefaultSearchURL: Default -> hxxp://explormatrix.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> e CHR Extension: (ExplorMatrix) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkpcnlmaopgbmjepnnlinggpbdlhfll [2020-03-24] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkpcnlmaopgbmjepnnlinggpbdlhfll\0.0.20_0 Adds the file background.bundle.js"="3/9/2020 5:23 PM, 6625 bytes, A Adds the file icon-128.png"="3/24/2020 8:59 AM, 7719 bytes, A Adds the file icon-16.png"="3/24/2020 8:59 AM, 578 bytes, A Adds the file icon-32.png"="3/24/2020 8:59 AM, 1324 bytes, A Adds the file icon-48.png"="3/9/2020 5:23 PM, 2463 bytes, A Adds the file manifest.json"="3/24/2020 8:59 AM, 1746 bytes, A Adds the file newtab.bundle.js"="3/9/2020 5:23 PM, 1065230 bytes, A Adds the file newtab.html"="3/9/2020 5:23 PM, 1304 bytes, A Adds the file options.bundle.js"="3/9/2020 5:23 PM, 9608 bytes, A Adds the file options.html"="3/9/2020 5:23 PM, 170 bytes, A Adds the file popup.bundle.js"="3/9/2020 5:23 PM, 10461 bytes, A Adds the file popup.html"="3/9/2020 5:23 PM, 293 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkpcnlmaopgbmjepnnlinggpbdlhfll\0.0.20_0\_metadata Adds the file computed_hashes.json"="3/24/2020 8:59 AM, 13348 bytes, A Adds the file verified_contents.json"="3/9/2020 5:23 PM, 2529 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll Adds the file 000003.log"="3/24/2020 9:07 AM, 41120 bytes, A Adds the file CURRENT"="3/24/2020 8:59 AM, 16 bytes, A Adds the file LOCK"="3/24/2020 8:59 AM, 0 bytes, A Adds the file LOG"="3/24/2020 9:08 AM, 185 bytes, A Adds the file MANIFEST-000001"="3/24/2020 8:59 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pbkpcnlmaopgbmjepnnlinggpbdlhfll"="REG_SZ", "B0889A1DD7A8E4BB42403445301E71644389315666FCD0AD532942ED863921A6" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/24/20 Scan Time: 9:17 AM Log File: f5c18f44-6da7-11ea-b90e-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.835 Update Package Version: 1.0.21278 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234623 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 10 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pbkpcnlmaopgbmjepnnlinggpbdlhfll, Quarantined, 334, 803109, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PBKPCNLMAOPGBMJEPNNLINGGPBDLHFLL, Quarantined, 334, 803109, 1.0.21278, , ame, File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\000003.log, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\CURRENT, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\LOCK, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\LOG, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\MANIFEST-000001, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 334, 803108, 1.0.21278, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) The full version of Malwarebytes could have protected your computer against this type of threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  12. What is SearchStreams? The Malwarebytes research team has determined that SearchStreams is adware. These adware applications display advertisements not originating from the sites you are browsing. This particular one hijacks your search results. How do I know if my computer is affected by SearchStreams? You may see these warnings during install: This entry in your list of installed Chrome extensions: this icon in your browsers' menu bar: and this changed setting: How did SearchStreams get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove SearchStreams? Our program Malwarebytes can detect and remove this adware program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of SearchStreams? No, Malwarebytes removes SearchStreams completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the SearchStreams adware. It would have blocked their domain. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.searchstreams.com/?q={searchTerms}&publisher=searchstreams&barcodeid=569870000000000 CHR DefaultSearchKeyword: Default -> SearchStreams CHR DefaultSuggestURL: Default -> hxxps://api.searchstreams.com/suggest/get?q={searchTerms} CHR Extension: (SearchStreams) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdgmalcknocffegnfogakhfakkhgjkdj [2020-03-23] Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdgmalcknocffegnfogakhfakkhgjkdj\1.1.0_0 Adds the file manifest.json"="3/23/2020 8:52 AM, 2096 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdgmalcknocffegnfogakhfakkhgjkdj\1.1.0_0\_metadata Adds the file computed_hashes.json"="3/23/2020 8:52 AM, 11801 bytes, A Adds the file verified_contents.json"="2/25/2020 3:11 PM, 2049 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdgmalcknocffegnfogakhfakkhgjkdj\1.1.0_0\images Adds the file logo-white-text.png"="2/25/2020 3:11 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdgmalcknocffegnfogakhfakkhgjkdj\1.1.0_0\images\icons Adds the file 128x128.png"="3/23/2020 8:52 AM, 7212 bytes, A Adds the file 16x16.png"="3/23/2020 8:52 AM, 585 bytes, A Adds the file 64x64.png"="3/23/2020 8:52 AM, 3354 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdgmalcknocffegnfogakhfakkhgjkdj\1.1.0_0\scripts Adds the file background.js"="2/25/2020 3:11 PM, 998868 bytes, A Adds the file sitecontent.js"="2/25/2020 3:11 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pdgmalcknocffegnfogakhfakkhgjkdj Adds the file 000003.log"="3/23/2020 8:54 AM, 778 bytes, A Adds the file CURRENT"="3/23/2020 8:52 AM, 16 bytes, A Adds the file LOCK"="3/23/2020 8:52 AM, 0 bytes, A Adds the file LOG"="3/23/2020 8:54 AM, 184 bytes, A Adds the file MANIFEST-000001"="3/23/2020 8:52 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_pdgmalcknocffegnfogakhfakkhgjkdj Adds the file SearchStreams.ico"="3/23/2020 8:52 AM, 189195 bytes, A Adds the file SearchStreams.ico.md5"="3/23/2020 8:52 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pdgmalcknocffegnfogakhfakkhgjkdj"="REG_SZ", "825763FF885576CF8E3FA2AD12F43E1F5983C44D4945208DA2F8BE13EBF6055B" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/23/20 Scan Time: 9:02 AM Log File: 9b785a34-6cdc-11ea-93cc-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.835 Update Package Version: 1.0.21216 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234587 Threats Detected: 14 Threats Quarantined: 14 Time Elapsed: 9 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pdgmalcknocffegnfogakhfakkhgjkdj, Quarantined, 15078, 799722, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pdgmalcknocffegnfogakhfakkhgjkdj, Quarantined, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PDGMALCKNOCFFEGNFOGAKHFAKKHGJKDJ, Quarantined, 15078, 799722, 1.0.21216, , ame, File: 11 Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pdgmalcknocffegnfogakhfakkhgjkdj\000003.log, Quarantined, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pdgmalcknocffegnfogakhfakkhgjkdj\CURRENT, Quarantined, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pdgmalcknocffegnfogakhfakkhgjkdj\LOCK, Quarantined, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pdgmalcknocffegnfogakhfakkhgjkdj\LOG, Quarantined, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pdgmalcknocffegnfogakhfakkhgjkdj\LOG.old, Quarantined, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pdgmalcknocffegnfogakhfakkhgjkdj\MANIFEST-000001, Quarantined, 15078, 799722, , , , Adware.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PDGMALCKNOCFFEGNFOGAKHFAKKHGJKDJ\1.1.0_0\MANIFEST.JSON, Quarantined, 15078, 799722, 1.0.21216, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 216, 802150, 1.0.21216, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 216, 802150, 1.0.21216, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  13. What is System Assistant? The Malwarebytes research team has determined that System Assistant is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with System Assistant? This is how the main screen of the system optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see this warning during install: and this type of screens during "operations": You may see this entry in your list of installed programs: and this task in your list of Scheduled Tasks: How did System Assistant get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website: How do I remove System Assistant? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of System Assistant? No, Malwarebytes removes System Assistant completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the System Assistant installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts You may see these entries in FRST logs: (Avanquest Software SAS -> avanquest_) C:\Program Files (x86)\System Assistant\SANotifications.exe (Avanquest Software SAS -> avanquest_) C:\Program Files (x86)\System Assistant\SystemAssistant.exe Task: {63740F95-FABB-4E8D-BE7B-750462F067AB} - System32\Tasks\System Assistant automatic scan and notifications => C:\Program Files (x86)\System Assistant\SANotifications.exe [3838440 2020-02-11] (Avanquest Software SAS -> avanquest_) C:\ProgramData\System Assistant C:\Windows\system32\Tasks\System Assistant automatic scan and notifications C:\Users\{username}\Desktop\System Assistant.lnk C:\Users\{username}\AppData\Roaming\System Assistant C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Assistant C:\Program Files (x86)\System Assistant System Assistant v7.0.1.2 (HKLM-x32\...\System Assistant_is1) (Version: 7.0.1.2 - Avanquest) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\System Assistant Adds the file Animation.gif"="11/9/2016 12:55 PM, 3965 bytes, A Adds the file Cookies.txt"="4/5/2018 9:04 PM, 104 bytes, A Adds the file English.ini"="2/7/2020 7:00 PM, 53706 bytes, A Adds the file HomePage.url"="2/7/2020 6:25 PM, 114 bytes, A Adds the file SANotifications.exe"="2/11/2020 5:15 PM, 3838440 bytes, A Adds the file SchedTasks.txt"="8/29/2018 11:56 PM, 6591 bytes, A Adds the file Services1.txt"="7/5/2018 4:36 PM, 3403 bytes, A Adds the file Services2.txt"="2/6/2018 4:38 PM, 14579 bytes, A Adds the file SList.db"="1/9/2016 5:04 PM, 1093632 bytes, A Adds the file SList.txt"="1/17/2020 3:28 PM, 74126 bytes, A Adds the file sqlite3.dll"="2/11/2020 5:13 PM, 958648 bytes, A Adds the file SystemAssistant.chm"="2/9/2020 3:32 PM, 32240 bytes, A Adds the file SystemAssistant.exe"="2/11/2020 5:15 PM, 7447528 bytes, A Adds the file Turkish.ini"="2/7/2020 7:06 PM, 64995 bytes, A Adds the file UList.txt"="9/13/2019 11:51 AM, 9769 bytes, A Adds the file unins000.dat"="3/20/2020 10:02 AM, 30655 bytes, A Adds the file unins000.exe"="3/20/2020 10:02 AM, 2558817 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Assistant Adds the file System Assistant on the Web.lnk"="3/20/2020 10:02 AM, 1081 bytes, A Adds the file System Assistant.lnk"="3/20/2020 10:02 AM, 1116 bytes, A Adds the file Uninstall System Assistant.lnk"="3/20/2020 10:02 AM, 1081 bytes, A Adds the folder C:\ProgramData\System Assistant Adds the file CookieExclusions.txt"="3/20/2020 10:04 AM, 274 bytes, A Adds the file Cookies.txt"="4/5/2018 9:04 PM, 104 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\System Assistant Adds the folder C:\Users\{username}\AppData\Roaming\System Assistant\Backup Adds the folder C:\Users\{username}\AppData\Roaming\System Assistant\Log Adds the folder C:\Users\{username}\AppData\Roaming\System Assistant\Undo In the existing folder C:\Users\{username}\Desktop Adds the file System Assistant.lnk"="3/20/2020 10:02 AM, 1098 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file System Assistant automatic scan and notifications"="3/20/2020 10:02 AM, 3276 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\System Assistant_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\System Assistant\SystemAssistant.exe,0" "DisplayName"="REG_SZ", "System Assistant v7.0.1.2" "DisplayVersion"="REG_SZ", "7.0.1.2" "EstimatedSize"="REG_DWORD", 16660 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\System Assistant" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "System Assistant" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "6.0.3 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20200320" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\System Assistant\" "MajorVersion"="REG_DWORD", 7 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Avanquest" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\System Assistant\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\System Assistant\unins000.exe"" "VersionMajor"="REG_DWORD", 7 "VersionMinor"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\System Assistant] "AfterInstallURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_INSTALL_T700V" "BackupDir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\System Assistant\Backup" "BigCacheSizeNotifications"="REG_DWORD", 1 "BuildID"="REG_SZ", "SystemAssistant" "BuyNowURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_BUY_ADAWARE_TEST" "CheckUpdates"="REG_DWORD", 1 "CookieNotifications"="REG_DWORD", 1 "CrashNotifications"="REG_DWORD", 1 "Cv"="REG_SZ", "Jan2020" "DisplayName"="REG_SZ", "System Assistant" "EulaURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_EULA" "FormSP"="REG_DWORD", 1 "HideAfterInstallURL"="REG_DWORD", 1 "HomePageURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_HOME" "InstallationDate"="REG_BINARY, .... "InstallerName"="REG_SZ", "C:\Users\{username}\Desktop\SystemAssistant.exe" "ItemsCleaned"="REG_DWORD", 0 "ItemsToClean"="REG_DWORD", 126 "Language"="REG_DWORD", 1 "LastCleanExecuted"="REG_DWORD", 0 "LastMonitorNotification"="REG_BINARY, .... "LastScanCanceled"="REG_DWORD", 0 "LastScanDate"="REG_BINARY, .... "LastSlowStartupNotification"="REG_BINARY, .... "LastUpdateChecking"="REG_BINARY, .... "LastUpdCheck"="REG_BINARY, .... "LogDir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\System Assistant\Log" "LowDiskSpaceNotifications"="REG_DWORD", 1 "LowFreeMemNotifications"="REG_DWORD", 1 "MinCacheSize"="REG_DWORD", 500 "MinCookieNumber"="REG_DWORD", 100 "MinFreeDiskSpace"="REG_DWORD", 10 "MinFreeMemory"="REG_DWORD", 10 "MonitorNotifications"="REG_DWORD", 1 "NewAppNotifications"="REG_DWORD", 1 "NewExtNotifications"="REG_DWORD", 1 "NLaunches"="REG_DWORD", 1 "NoAVNotifications"="REG_DWORD", 1 "OnWinStartup"="REG_DWORD", 0 "PrivacyURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_PRIVACY" "ProURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_UPGRADE_PRO" "PUANotifications"="REG_DWORD", 1 "RenewURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_RENEW" "s_SmartDate"="REG_BINARY, .... "s_SmartEnabled"="REG_DWORD", 1 "s_SmartMode"="REG_DWORD", 0 "ScanSet1"="REG_SZ", "111111111111111111111111111111" "ScanSet2"="REG_SZ", "1111111" "ScanSet3"="REG_SZ", "1111111111" "ShowRebootMessage"="REG_DWORD", 1 "ShowTips"="REG_DWORD", 1 "SizeCleaned"="REG_DWORD", 0 "SizeToClean"="REG_SZ", "1.03 GB" "SizeToCleanInt"="REG_DWORD", 1059 "SlowStartupNotifications"="REG_DWORD", 1 "SoftwareNotifications"="REG_DWORD", 1 "StartupNotifications"="REG_DWORD", 1 "SupportURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_SUPPORT" "TrayAllowed"="REG_DWORD", 1 "UndoDir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\System Assistant\Undo" "UninstallNotifications"="REG_DWORD", 1 "UninstallURL"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_UC_SA_UNINSTALL" "UpgradeID"="REG_SZ", "SystemAssistant" "UseExclusions"="REG_DWORD", 1 "Version"="REG_SZ", "7.0.1" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/20/20 Scan Time: 10:14 AM Log File: 2d0db614-6a8b-11ea-9222-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.854 Update Package Version: 1.0.21056 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234642 Threats Detected: 54 Threats Quarantined: 54 Time Elapsed: 32 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 PUP.Optional.Avanquest, C:\PROGRAM FILES (X86)\SYSTEM ASSISTANT\SANOTIFICATIONS.EXE, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\SystemAssistant.exe, Quarantined, 1398, 801593, , , , Module: 4 PUP.Optional.Avanquest, C:\PROGRAM FILES (X86)\SYSTEM ASSISTANT\SANOTIFICATIONS.EXE, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\sqlite3.dll, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\sqlite3.dll, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\SystemAssistant.exe, Quarantined, 1398, 801593, , , , Registry Key: 5 PUP.Optional.Avanquest, HKCU\SOFTWARE\SYSTEM ASSISTANT, Quarantined, 1398, 801284, 1.0.21056, , ame, PUP.Optional.Avanquest, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System Assistant automatic scan and notifications, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{63740F95-FABB-4E8D-BE7B-750462F067AB}, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{63740F95-FABB-4E8D-BE7B-750462F067AB}, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\System Assistant_is1, Quarantined, 1398, 801593, , , , Registry Value: 1 PUP.Optional.Avanquest, HKCU\SOFTWARE\SYSTEM ASSISTANT|EULAURL, Quarantined, 1398, 801284, 1.0.21056, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.Avanquest, C:\PROGRAM FILES (X86)\SYSTEM ASSISTANT, Quarantined, 1398, 801593, 1.0.21056, , ame, PUP.Optional.Avanquest, C:\PROGRAMDATA\SYSTEM ASSISTANT, Quarantined, 1398, 801632, 1.0.21056, , ame, PUP.Optional.Avanquest, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM ASSISTANT, Quarantined, 1398, 801634, 1.0.21056, , ame, File: 39 PUP.Optional.Avanquest, C:\WINDOWS\SYSTEM32\TASKS\System Assistant automatic scan and notifications, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\PROGRAM FILES (X86)\SYSTEM ASSISTANT\SANOTIFICATIONS.EXE, Quarantined, 1398, 801593, 1.0.21056, , ame, PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Animation.gif, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Brazilian.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Cookies.txt, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Danish.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Dutch.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\English.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Finnish.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\French.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\German.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\HomePage.url, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Italian.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Japanese.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Norwegian.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Polish.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Portuguese.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Russian.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\SchedTasks.txt, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Services1.txt, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Services2.txt, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\SList.db, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\SList.txt, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Spanish.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\sqlite3.dll, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Swedish.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\SystemAssistant.chm, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\SystemAssistant.exe, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\Turkish.ini, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\UList.txt, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\unins000.dat, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\Program Files (x86)\System Assistant\unins000.exe, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\USERS\{username}\Desktop\System Assistant.lnk, Quarantined, 1398, 801593, , , , PUP.Optional.Avanquest, C:\PROGRAMDATA\SYSTEM ASSISTANT\COOKIEEXCLUSIONS.TXT, Quarantined, 1398, 801632, 1.0.21056, , ame, PUP.Optional.Avanquest, C:\ProgramData\System Assistant\Cookies.txt, Quarantined, 1398, 801632, , , , PUP.Optional.Avanquest, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM ASSISTANT\SYSTEM ASSISTANT ON THE WEB.LNK, Quarantined, 1398, 801634, 1.0.21056, , ame, PUP.Optional.Avanquest, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Assistant\System Assistant.lnk, Quarantined, 1398, 801634, , , , PUP.Optional.Avanquest, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Assistant\Uninstall System Assistant.lnk, Quarantined, 1398, 801634, , , , PUP.Optional.Avanquest, C:\USERS\{username}\DESKTOP\SYSTEMASSISTANT.EXE, Quarantined, 1398, 801285, 1.0.21056, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  14. What is Ext Apps? The Malwarebytes research team has determined that Ext Apps is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Ext Apps? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did Ext Apps get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Ext Apps? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Ext Apps? No, Malwarebytes removes Ext Apps completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Ext Apps hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Ext Apps) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaddmainnefjaijbpbmalhchhhanammk [2020-03-19] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaddmainnefjaijbpbmalhchhhanammk\1.74_0 Adds the file manifest.json"="3/19/2020 9:09 AM, 1134 bytes, A Adds the file sr.js"="3/17/2020 11:38 AM, 4783 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaddmainnefjaijbpbmalhchhhanammk\1.74_0\_metadata Adds the file computed_hashes.json"="3/19/2020 9:09 AM, 584 bytes, A Adds the file verified_contents.json"="3/17/2020 11:39 AM, 1636 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaddmainnefjaijbpbmalhchhhanammk\1.74_0\icons Adds the file icon128.png"="3/19/2020 9:09 AM, 16835 bytes, A Adds the file icon48.png"="3/19/2020 9:09 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gaddmainnefjaijbpbmalhchhhanammk Adds the file 000003.log"="3/19/2020 9:09 AM, 51 bytes, A Adds the file CURRENT"="3/19/2020 9:09 AM, 16 bytes, A Adds the file LOCK"="3/19/2020 9:09 AM, 0 bytes, A Adds the file LOG"="3/19/2020 9:12 AM, 184 bytes, A Adds the file MANIFEST-000001"="3/19/2020 9:09 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "gaddmainnefjaijbpbmalhchhhanammk"="REG_SZ", "9A5DBAB84DB8BD8701DC51572FD9F93F1676FE56DFB4CE466C3387CBA7D6F6B5" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/19/20 Scan Time: 9:19 AM Log File: 6c801e9e-69ba-11ea-995a-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.835 Update Package Version: 1.0.20998 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234662 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 11 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gaddmainnefjaijbpbmalhchhhanammk, Quarantined, 15047, 798705, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\gaddmainnefjaijbpbmalhchhhanammk, Quarantined, 15047, 798705, , , , PUP.Optional.SearchHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GADDMAINNEFJAIJBPBMALHCHHHANAMMK, Quarantined, 15047, 798705, 1.0.20998, , ame, File: 8 PUP.Optional.SearchHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15047, 798705, , , , PUP.Optional.SearchHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15047, 798705, , , , PUP.Optional.SearchHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gaddmainnefjaijbpbmalhchhhanammk\000003.log, Quarantined, 15047, 798705, , , , PUP.Optional.SearchHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gaddmainnefjaijbpbmalhchhhanammk\CURRENT, Quarantined, 15047, 798705, , , , PUP.Optional.SearchHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gaddmainnefjaijbpbmalhchhhanammk\LOCK, Quarantined, 15047, 798705, , , , PUP.Optional.SearchHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gaddmainnefjaijbpbmalhchhhanammk\LOG, Quarantined, 15047, 798705, , , , PUP.Optional.SearchHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gaddmainnefjaijbpbmalhchhhanammk\MANIFEST-000001, Quarantined, 15047, 798705, , , , PUP.Optional.SearchHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GADDMAINNEFJAIJBPBMALHCHHHANAMMK\1.74_0\MANIFEST.JSON, Quarantined, 15047, 798705, 1.0.20998, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  15. What is Max File Shredder? The Malwarebytes research team has determined that Max File Shredder is a potentially unwanted program (PUP). How do I know if I am infected with Max File Shredder? This is how the main screen of the PUP looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and this type of screen during "operations": You may see this entry in your list of installed programs: How did Max File Shredder get on my computer? These PUPs use different methods of getting installed. This particular one was downloaded from their website: How do I remove Max File Shredder? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Max File Shredder? No, Malwarebytes removes Max File Shredder completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this PUP. As you can see below the full version of Malwarebytes would have protected you against the Max File Shredder installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and both Malwarebytes Premium and Browser Guard block access to their domain: Technical details for experts You may see these entries in FRST logs: (Max Secure Software India Private Ltd. -> Max Secure Software) C:\Program Files\Max File Shredder\MaxFileShredder.exe (Max Secure Software India Private Ltd. -> Max Secure Software) C:\Program Files\Max File Shredder\MFSSystemTray.exe (Max Secure Software India Private Ltd. -> Max Secure Software) C:\Program Files\Max File Shredder\MFSVistaService.exe HKLM\...\Run: [MaxFileShredder] => C:\Program Files\Max File Shredder\MFSSystemTray.exe [521952 2019-08-01] (Max Secure Software India Private Ltd. -> Max Secure Software) HKLM\...\Run: [MFileShredderAutoScan] => C:\Program Files\Max File Shredder\MaxFileShredder.exe [4095768 2019-08-01] (Max Secure Software India Private Ltd. -> Max Secure Software) R2 MFSVistaSvc; C:\Program Files\Max File Shredder\MFSVistaService.exe [435480 2019-08-01] (Max Secure Software India Private Ltd. -> Max Secure Software) C:\Users\Public\Desktop\Max File Shredder.lnk C:\ProgramData\Desktop\Max File Shredder.lnk C:\Windows\system32RegistryCleaner.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max File Shredder C:\ProgramData\Max Secure C:\Program Files\Max File Shredder (Max Secure Software ) C:\Users\{username}\Desktop\MaxFileShredderx64.exe C:\Users\{username}\AppData\Local\Max Secure Software Max File Shredder (HKLM\...\Max File Shredder_is1) (Version: 2.0.0.11 - Max Secure Software) Significant alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Max File Shredder Adds the file CheckDll.dll"="8/1/2019 11:57 AM, 835352 bytes, A Adds the file CloseAll.exe"="8/1/2019 11:59 AM, 272152 bytes, A Adds the file Eraser.dll"="8/1/2019 11:59 AM, 1292056 bytes, A Adds the file IPExVB.dll"="8/1/2019 11:59 AM, 2424088 bytes, A Adds the file MaxFileShredder.chm"="4/20/2015 2:11 PM, 563033 bytes, A Adds the file MaxFileShredder.exe"="8/1/2019 11:59 AM, 4095768 bytes, A Adds the file MFSPopup.exe"="8/1/2019 11:59 AM, 788760 bytes, A Adds the file MFSSystemTray.exe"="8/1/2019 11:59 AM, 521952 bytes, A Adds the file MFSVistaService.exe"="8/1/2019 11:59 AM, 435480 bytes, A Adds the file Setup.ini"="12/11/2013 11:57 PM, 932 bytes, A Adds the file unins000.dat"="3/18/2020 10:19 AM, 17579 bytes, A Adds the file unins000.exe"="3/18/2020 10:18 AM, 740632 bytes, A Adds the file unins000.msg"="3/18/2020 10:19 AM, 11401 bytes, A Adds the file VchRegX64.dll"="8/1/2019 11:54 AM, 1548056 bytes, A Adds the file VoucherLog.txt"="3/18/2020 10:23 AM, 16496 bytes, A Adds the folder C:\Program Files\Max File Shredder\Icons Adds the file FileShredder.ico"="12/11/2013 11:57 PM, 12918 bytes, A Adds the folder C:\Program Files\Max File Shredder\Log Adds the file Log.Log"="12/11/2013 11:57 PM, 0 bytes, A Adds the folder C:\Program Files\Max File Shredder\PlugIns Adds the file AbsoluteFTP.wp"="12/11/2013 11:57 PM, 373 bytes, A Adds the file ACDSEE Photo Viewer v3.wp"="12/11/2013 11:57 PM, 1052 bytes, A Adds the file Adaptec Easy CD Creator v4.wp"="12/11/2013 11:57 PM, 381 bytes, A Adds the file Adobe Acrobat Reader v3.0.wp"="12/11/2013 11:57 PM, 1152 bytes, A Adds the file Adobe Acrobat Reader v3.1.wp"="12/11/2013 11:57 PM, 1112 bytes, A Adds the file Adobe Acrobat Reader v4.0.wp"="12/11/2013 11:57 PM, 1192 bytes, A Adds the file Adobe Photoshop v5.0 LE.wp"="12/11/2013 11:57 PM, 1471 bytes, A Adds the file Adobe Photoshop v5.5.wp"="12/11/2013 11:57 PM, 1688 bytes, A Adds the file Adobe Photoshop v5.wp"="12/11/2013 11:57 PM, 1505 bytes, A Adds the file Adobe Photoshop v6.0.wp"="12/11/2013 11:57 PM, 499 bytes, A Adds the file ASPack.wp"="12/11/2013 11:57 PM, 1133 bytes, A Adds the file Cabinet Manager.wp"="12/11/2013 11:57 PM, 471 bytes, A Adds the file Copernic 2000 Pro.wp"="12/11/2013 11:57 PM, 371 bytes, A Adds the file Copernic 2000.wp"="12/11/2013 11:57 PM, 363 bytes, A Adds the file Cute FTP v3.0.wp"="12/11/2013 11:57 PM, 549 bytes, A Adds the file Cute FTP v4.0.wp"="12/11/2013 11:57 PM, 549 bytes, A Adds the file Delphi v3.wp"="12/11/2013 11:57 PM, 519 bytes, A Adds the file Delphi v4.wp"="12/11/2013 11:57 PM, 574 bytes, A Adds the file Delphi v5.wp"="12/11/2013 11:57 PM, 574 bytes, A Adds the file DiskKeeper v5.wp"="12/11/2013 11:57 PM, 354 bytes, A Adds the file Download Accelerator.wp"="12/11/2013 11:57 PM, 541 bytes, A Adds the file Eudora Mail.wp"="12/11/2013 11:57 PM, 675 bytes, A Adds the file FTP Explorer.wp"="12/11/2013 11:57 PM, 366 bytes, A Adds the file GetRight ExplorerBar.wp"="12/11/2013 11:57 PM, 390 bytes, A Adds the file GetRight v4.wp"="12/11/2013 11:57 PM, 626 bytes, A Adds the file GoZilla.wp"="12/11/2013 11:57 PM, 486 bytes, A Adds the file Helios TextPad v3.wp"="12/11/2013 11:57 PM, 5965 bytes, A Adds the file Helios TextPad v4.wp"="12/11/2013 11:57 PM, 5965 bytes, A Adds the file HelpWriter.wp"="12/11/2013 11:57 PM, 999 bytes, A Adds the file Icon Extractor.wp"="12/11/2013 11:57 PM, 398 bytes, A Adds the file ICQ 2000a.wp"="12/11/2013 11:57 PM, 1114 bytes, A Adds the file InstallShield Express.wp"="12/11/2013 11:57 PM, 448 bytes, A Adds the file JASC Paintshop Pro v5.wp"="12/11/2013 11:57 PM, 1919 bytes, A Adds the file JASC Paintshop Pro v6.wp"="12/11/2013 11:57 PM, 2159 bytes, A Adds the file JASC Paintshop Pro v7.wp"="12/11/2013 11:57 PM, 2157 bytes, A Adds the file Jet PhotoShell v1.2.wp"="12/11/2013 11:57 PM, 569 bytes, A Adds the file Macromedia Flash v4.0.wp"="12/11/2013 11:57 PM, 509 bytes, A Adds the file MasterSplitter v2.1.wp"="12/11/2013 11:57 PM, 374 bytes, A Adds the file McAfee Virus Scan v4.wp"="12/11/2013 11:57 PM, 804 bytes, A Adds the file Microangelo 98.wp"="12/11/2013 11:57 PM, 442 bytes, A Adds the file Micrografx Picture Publisher v7.wp"="12/11/2013 11:57 PM, 1238 bytes, A Adds the file Micrografx Picture Publisher v8.wp"="12/11/2013 11:57 PM, 1238 bytes, A Adds the file Microsoft FrontPage Express.wp"="12/11/2013 11:57 PM, 687 bytes, A Adds the file Microsoft FrontPage.wp"="12/11/2013 11:57 PM, 1694 bytes, A Adds the file Microsoft Help Workshop.wp"="12/11/2013 11:57 PM, 385 bytes, A Adds the file Microsoft HTML Help.wp"="12/11/2013 11:57 PM, 410 bytes, A Adds the file Microsoft Office- Word.wp"="12/11/2013 11:57 PM, 1515 bytes, A Adds the file Microsoft Office-Access.wp"="12/11/2013 11:57 PM, 2715 bytes, A Adds the file Microsoft Office-Excel.wp"="12/11/2013 11:57 PM, 1461 bytes, A Adds the file Microsoft Office-Photo Editor.wp"="12/11/2013 11:57 PM, 2680 bytes, A Adds the file Microsoft Office-Power Point.wp"="12/11/2013 11:57 PM, 1337 bytes, A Adds the file Microsoft Publisher 2000.wp"="12/11/2013 11:57 PM, 362 bytes, A Adds the file Microsoft Send-To Extensions.wp"="12/11/2013 11:57 PM, 406 bytes, A Adds the file Microsoft Windows Paint.wp"="12/11/2013 11:57 PM, 727 bytes, A Adds the file Microsoft Windows WordPad.wp"="12/11/2013 11:57 PM, 737 bytes, A Adds the file Napster Music Community.wp"="12/11/2013 11:57 PM, 699 bytes, A Adds the file NEATO Labels.wp"="12/11/2013 11:57 PM, 621 bytes, A Adds the file NeoPlanet v5.wp"="12/11/2013 11:57 PM, 611 bytes, A Adds the file Norton AntiVirus 2000 (v6).wp"="12/11/2013 11:57 PM, 460 bytes, A Adds the file Norton File Manager.wp"="12/11/2013 11:57 PM, 583 bytes, A Adds the file Norton Utilities 2000.wp"="12/11/2013 11:57 PM, 598 bytes, A Adds the file NoteTab Pro.wp"="12/11/2013 11:57 PM, 7491 bytes, A Adds the file Opera Browser v4.02 Final.wp"="12/11/2013 11:57 PM, 658 bytes, A Adds the file Opera Browser.wp"="12/11/2013 11:57 PM, 644 bytes, A Adds the file PackageForTheWeb.wp"="12/11/2013 11:57 PM, 1027 bytes, A Adds the file Personal Ancestral File.wp"="12/11/2013 11:57 PM, 399 bytes, A Adds the file Real Audio Player v6 v7 v8.wp"="12/11/2013 11:57 PM, 1541 bytes, A Adds the file Real Download v4.wp"="12/11/2013 11:57 PM, 636 bytes, A Adds the file SureThing CD Labeler.wp"="12/11/2013 11:57 PM, 361 bytes, A Adds the file Telnet.wp"="12/11/2013 11:57 PM, 540 bytes, A Adds the file Ulead Gif Animator v4.0.wp"="12/11/2013 11:57 PM, 392 bytes, A Adds the file Ulead Photo Explorer v4.2.wp"="12/11/2013 11:57 PM, 1310 bytes, A Adds the file Ulead Photo Viewer v4.0.wp"="12/11/2013 11:57 PM, 392 bytes, A Adds the file Ulead PhotoImpact v5.wp"="12/11/2013 11:57 PM, 388 bytes, A Adds the file Ulead PhotoImpact Viewer v4.wp"="12/11/2013 11:57 PM, 396 bytes, A Adds the file UltraEdit v4.wp"="12/11/2013 11:57 PM, 624 bytes, A Adds the file UltraEdit v7.wp"="12/11/2013 11:57 PM, 1057 bytes, A Adds the file Web Ferret v3.wp"="12/11/2013 11:57 PM, 394 bytes, A Adds the file WinOnCD.wp"="12/11/2013 11:57 PM, 604 bytes, A Adds the file WinRar v2.6.wp"="12/11/2013 11:57 PM, 407 bytes, A Adds the file WinRar v2.70.wp"="12/11/2013 11:57 PM, 434 bytes, A Adds the file WinZip v7.wp"="12/11/2013 11:57 PM, 607 bytes, A Adds the file WinZip v8.wp"="12/11/2013 11:57 PM, 607 bytes, A Adds the file Wise Installer.wp"="12/11/2013 11:57 PM, 685 bytes, A Adds the file Yahoo Player.wp"="12/11/2013 11:57 PM, 565 bytes, A Adds the file ZipMagic 2000.wp"="12/11/2013 11:57 PM, 1098 bytes, A Adds the file Zone Alarm.wp"="12/11/2013 11:57 PM, 328 bytes, A Adds the folder C:\ProgramData\Max Secure\Max PC Secure Adds the file SysMFS.dll"="3/18/2020 10:23 AM, 63 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max File Shredder Adds the file Max File Shredder.lnk"="3/18/2020 10:19 AM, 1832 bytes, A Adds the file Uninstall Max File Shredder.lnk"="3/18/2020 10:19 AM, 1797 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Max Secure Software\MaxDownloadTemp Adds the file maxdownloader.log"="3/18/2020 10:18 AM, 295 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file MaxFileShredderx64.exe"="3/18/2020 10:18 AM, 3774536 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Max File Shredder.lnk"="3/18/2020 10:19 AM, 1814 bytes, A In the existing folder C:\Windows Adds the file system32RegistryCleaner.txt"="3/18/2020 10:19 AM, 120 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CEKOpera.CEKOpera] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CEKOpera.CEKOpera.1\CLSID] "(Default)"="REG_SZ", "{8AC459C4-2872-442A-9B47-BA22DDC4960E}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F770852-A82B-4642-BA37-A856A605AF73}] "(Default)"="REG_SZ", "EKMail Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1039E24B-3B74-4AA6-BA0C-134E4250AC12}] "(Default)"="REG_SZ", "EKMode Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27208D3D-CFAA-4372-96A6-E5BC6C7F655D}] "(Default)"="REG_SZ", "EKChat Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DBAEC01-0BA2-4991-A1F4-FC0585227548}] "(Default)"="REG_SZ", "EKSecurity Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DD6E37C-E209-4AD7-8699-1535F757DF5A}] "(Default)"="REG_SZ", "EKWindows Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AB344BC-3B5F-42E3-BEB6-89F615CC5008}] "(Default)"="REG_SZ", "EKRestriction Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AE69E57-4E11-4685-BDE8-55B2F320B204}] "(Default)"="REG_SZ", "EKInternetExplorer Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A5C497-E3E3-4D14-8C3A-2C33B961CDEA}] "(Default)"="REG_SZ", "PopUp Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{733A4CC7-C760-452D-816F-18B0611BC693}] "(Default)"="REG_SZ", "EKCustom Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{796E5560-17C0-4908-8E8A-7633B5AAF0EC}] "(Default)"="REG_SZ", "EKMisc Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AC459C4-2872-442A-9B47-BA22DDC4960E}] "(Default)"="REG_SZ", "CEKOpera Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94FE530A-C5C0-42DA-B306-9FF5C703E5C9}] "(Default)"="REG_SZ", "EkHideIEWIndows Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1E2AD8B-F7FE-4a59-B308-8032DC38D0DA}] "(Default)"="REG_SZ", "EKChrome Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7DC5B86-D4E9-4562-BF52-F26D699DD37A}] "(Default)"="REG_SZ", "EvidenceKiller Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC99C277-DCBA-4C62-B5BC-9CA59C681F5D}] "(Default)"="REG_SZ", "EKDriveOps Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECED6576-D3B1-4183-82B6-82A2D66EFC75}] "(Default)"="REG_SZ", "EKStart Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F899EDA8-B919-4b2e-9B78-004344888F1D}] "(Default)"="REG_SZ", "EKFirefox Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC537DA-947E-4F41-A1EF-12086966E25E}] "(Default)"="REG_SZ", "EKNetscape Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Max File Shredder] "CheckDaysLeft"="REG_SZ", "3/18/2020" "COMPANY"="REG_SZ", "Max Secure Software" "Default"="REG_SZ", "Max File Shredder" "INSTALLPATH"="REG_SZ", "C:\Program Files\Max File Shredder" "PRODUCT NAME"="REG_SZ", "Max File Shredder" "ProductVersionNo"="REG_SZ", "2.0.0.11" "SplashStatus"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Max File Shredder\Scheduler] "DailyWeeklyMonthly"="REG_DWORD", 2 "ScheduleDateTime"="REG_SZ", "3-18-2020 11:0 9" "ScheduleOtherTasks"="REG_DWORD", 0 "SchedulePrivacyTasks"="REG_DWORD", 66846719 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IConfMFS] "A"="REG_SZ", "0" "B"="REG_SZ", "" "Size"="REG_DWORD", 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MaxFileShredder"="REG_SZ", "C:\Program Files\Max File Shredder\MFSSystemTray.exe" "MFileShredderAutoScan"="REG_SZ", "C:\Program Files\Max File Shredder\MaxFileShredder.exe -AUTOSCAN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Max File Shredder_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Max File Shredder\Icons\FileShredder.ico" "DisplayName"="REG_SZ", "Max File Shredder" "DisplayVersion"="REG_SZ", "2.0.0.11" "EstimatedSize"="REG_DWORD", 13299 "HelpLink"="REG_SZ", "http://www.maxpcsecure.com" "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Max File Shredder" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Max File Shredder" "Inno Setup: Language"="REG_SZ", "default" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.6.1 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20200318" "InstallLocation"="REG_SZ", "C:\Program Files\Max File Shredder\" "MajorVersion"="REG_DWORD", 2 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Max Secure Software" "QuietUninstallString"="REG_SZ", ""C:\Program Files\Max File Shredder\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Max File Shredder\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.maxpcsecure.com" "URLUpdateInfo"="REG_SZ", "http://www.maxpcsecure.com" "VersionMajor"="REG_DWORD", 2 "VersionMinor"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MFSVistaSvc] "DisplayName"="REG_SZ", "MFSVistaSvc" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Max File Shredder\MFSVistaService.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Max File Shredder] "Default"="REG_SZ", "Max File Shredder" [HKEY_CURRENT_USER\Software\Max File Shredder\WindowPrivacy Pro 1.0\Chat] "ICQMSGRCLEARMESSAGEARCHIVE"="REG_SZ", "0" "YAHOOMSGRCLEARMESSAGEARCHIVE"="REG_SZ", "0" [HKEY_CURRENT_USER\Software\Max File Shredder\WindowPrivacy Pro 1.0\InternetExplorer] "FAVORITES"="REG_SZ", "0" "HomePageSetting"="REG_SZ", "0" "InternetOptions"="REG_SZ", "0" [HKEY_CURRENT_USER\Software\Max File Shredder\WindowPrivacy Pro 1.0\Windows] "ApplicationLog"="REG_SZ", "0" "AUTOCOMPLETE"="REG_SZ", "0" "CommanDialogLastVisited"="REG_SZ", "0" "CommanDialogOpenSave"="REG_SZ", "0" "RecycleBinHotKey"="REG_SZ", "0" "RegistryStreamAllStream"="REG_SZ", "0" "RegistryStreamMRU"="REG_SZ", "0" "SwapFile"="REG_SZ", "0" [HKEY_CURRENT_USER\Software\MaxFileShredderOptions] "COMPANY"="REG_SZ", "Max Secure Software" "PRODUCT NAME"="REG_SZ", "MaxFileShredder" [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\Chat] "ICQMSGRCLEARMESSAGEARCHIVE"="REG_DWORD", 0 "YAHOOMSGRCLEARMESSAGEARCHIVE"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\Custom\PlugIns] [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\DriveOps] "DirectoryStructures"="REG_DWORD", 0 "DriveScan"="REG_DWORD", 0 "FileStructures"="REG_DWORD", 0 "FreeSpace"="REG_DWORD", 0 "ScrambleDateAndTime"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\DriveOps\FreeSpace] "Size"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\DriveOps\HighPerformance] "NoOfMonthsToFuture"="REG_DWORD", 1 "NoOfMonthsToPast"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\DriveOps\List] "Size"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\DriveOps\Scan] "Size"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\InternetExplorer] "AUTOCOMPLETE"="REG_DWORD", 0 "AutoCompleteForms"="REG_DWORD", 0 "AutoCompletePasswords"="REG_DWORD", 0 "ClearOnExit"="REG_DWORD", 0 "Cookies"="REG_DWORD", 0 "DownloadComponent"="REG_DWORD", 0 "FAVORITES"="REG_DWORD", 0 "HomePageSetting"="REG_DWORD", 0 "InternetOptions"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\InternetExplorer\Cookies] "Size"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\Mail] "NETSCAPEMAIL"="REG_DWORD", 0 "OUTLOOKEXPRESSMAIL"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\Misc] "AUTOEXECUTE"="REG_DWORD", 0 "AutoRunTime"="REG_DWORD", 1 "DETAILLOGOFREGOPER"="REG_DWORD", 1626571668 "DISPLAYSPLASHSCREEN"="REG_DWORD", 1626571668 "NoOfLogRefreshLine"="REG_DWORD", 300000000 "STARTUPMESSAGEBOX"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\Netscape] [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\Start] [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\Windows] "ApplicationLog"="REG_DWORD", 0 "CommanDialogLastVisited"="REG_DWORD", 0 "CommanDialogOpenSave"="REG_DWORD", 0 "MYDOCUMENTS"="REG_DWORD", 0 "RecycleBinHotKey"="REG_DWORD", 0 "RegistryStreamAllStream"="REG_DWORD", 0 "RegistryStreamMRU"="REG_DWORD", 0 "SwapFile"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\MaxFileShredderOptions\Windows Version] Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/18/20 Scan Time: 10:30 AM Log File: 0c33758c-68fb-11ea-b57a-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.848 Update Package Version: 1.0.20930 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234677 Threats Detected: 233 Threats Quarantined: 233 Time Elapsed: 15 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 3 PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MFSVISTASERVICE.EXE, Quarantined, 1304, 800839, , , , PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MFSSYSTEMTRAY.EXE, Quarantined, 1304, 800833, , , , PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MAXFILESHREDDER.EXE, Quarantined, 1304, 800833, , , , Module: 7 PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MFSVISTASERVICE.EXE, Quarantined, 1304, 800839, , , , PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MFSSYSTEMTRAY.EXE, Quarantined, 1304, 800833, , , , PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MAXFILESHREDDER.EXE, Quarantined, 1304, 800833, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\Eraser.dll, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\IPExVB.dll, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\VchRegX64.dll, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\VchRegX64.dll, Quarantined, 1304, 800827, , , , Registry Key: 101 PUP.Optional.MaxSecureSoftware, HKCU\SOFTWARE\Max File Shredder, Quarantined, 1304, 800837, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, HKCU\SOFTWARE\MaxFileShredderOptions, Quarantined, 1304, 800838, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\Max File Shredder, Quarantined, 1304, 800832, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Max File Shredder_is1, Quarantined, 1304, 800835, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MFSVistaSvc, Quarantined, 1304, 800839, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{0F770852-A82B-4642-BA37-A856A605AF73}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKMail.EKMail, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKMail.EKMail.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\TYPELIB\{799CD94E-B779-11D5-83D7-00400573A79A}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{32CC06D9-0A1F-410A-81A6-9AD7B2E78251}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{414C32C6-9576-4657-915A-97D8BD4BCAEB}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{4DE811B7-22C4-4329-8FC2-BC5DD8565C63}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{612B0562-C671-4857-880E-DB63D3DD59B1}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{7991C5C7-02B3-48AA-B59F-B008D4B2718C}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{8350351B-4348-4C6F-9CF0-4611058DC579}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE3514EE-76EB-4C99-B83A-9F0C0F3A5CD4}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{32CC06D9-0A1F-410A-81A6-9AD7B2E78251}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{414C32C6-9576-4657-915A-97D8BD4BCAEB}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4DE811B7-22C4-4329-8FC2-BC5DD8565C63}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{612B0562-C671-4857-880E-DB63D3DD59B1}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7991C5C7-02B3-48AA-B59F-B008D4B2718C}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8350351B-4348-4C6F-9CF0-4611058DC579}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE3514EE-76EB-4C99-B83A-9F0C0F3A5CD4}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{32CC06D9-0A1F-410A-81A6-9AD7B2E78251}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{414C32C6-9576-4657-915A-97D8BD4BCAEB}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4DE811B7-22C4-4329-8FC2-BC5DD8565C63}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{612B0562-C671-4857-880E-DB63D3DD59B1}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7991C5C7-02B3-48AA-B59F-B008D4B2718C}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8350351B-4348-4C6F-9CF0-4611058DC579}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE3514EE-76EB-4C99-B83A-9F0C0F3A5CD4}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{799CD94E-B779-11D5-83D7-00400573A79A}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{799CD94E-B779-11D5-83D7-00400573A79A}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{0F770852-A82B-4642-BA37-A856A605AF73}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{1039E24B-3B74-4AA6-BA0C-134E4250AC12}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKMode.EKMode, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKMode.EKMode.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{1039E24B-3B74-4AA6-BA0C-134E4250AC12}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{27208D3D-CFAA-4372-96A6-E5BC6C7F655D}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKChat.EKChat, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKChat.EKChat.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{27208D3D-CFAA-4372-96A6-E5BC6C7F655D}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{2DBAEC01-0BA2-4991-A1F4-FC0585227548}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKSecurity.EKSecurity, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKSecurity.EKSecurity.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{2DBAEC01-0BA2-4991-A1F4-FC0585227548}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{3DD6E37C-E209-4AD7-8699-1535F757DF5A}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKWindows.EKWindows, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKWindows.EKWindows.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{3DD6E37C-E209-4AD7-8699-1535F757DF5A}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{5AB344BC-3B5F-42E3-BEB6-89F615CC5008}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKRestriction.EKRestriction, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKRestriction.EKRestriction.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{5AB344BC-3B5F-42E3-BEB6-89F615CC5008}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{6AE69E57-4E11-4685-BDE8-55B2F320B204}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKInternetExplorer.EKInternetExplorer, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKInternetExplorer.EKInternetExplorer.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{6AE69E57-4E11-4685-BDE8-55B2F320B204}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{71A5C497-E3E3-4D14-8C3A-2C33B961CDEA}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\PopUp.PopUp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\PopUp.PopUp.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{71A5C497-E3E3-4D14-8C3A-2C33B961CDEA}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{733A4CC7-C760-452D-816F-18B0611BC693}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKCustom.EKCustom, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKCustom.EKCustom.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{733A4CC7-C760-452D-816F-18B0611BC693}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{796E5560-17C0-4908-8E8A-7633B5AAF0EC}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKMisc.EKMisc, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKMisc.EKMisc.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{796E5560-17C0-4908-8E8A-7633B5AAF0EC}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{8AC459C4-2872-442A-9B47-BA22DDC4960E}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CEKOpera.CEKOpera, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CEKOpera.CEKOpera.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{8AC459C4-2872-442A-9B47-BA22DDC4960E}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{94FE530A-C5C0-42DA-B306-9FF5C703E5C9}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EkHideIEWIndows.EkHideIEWIndows, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EkHideIEWIndows.EkHideIEWIndows.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{94FE530A-C5C0-42DA-B306-9FF5C703E5C9}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{B1E2AD8B-F7FE-4a59-B308-8032DC38D0DA}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKChrome.EKChrome, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKChrome.EKChrome.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{B1E2AD8B-F7FE-4a59-B308-8032DC38D0DA}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{B7DC5B86-D4E9-4562-BF52-F26D699DD37A}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EvidenceKiller.EvidenceKiller, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EvidenceKiller.EvidenceKiller.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{B7DC5B86-D4E9-4562-BF52-F26D699DD37A}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{EC99C277-DCBA-4C62-B5BC-9CA59C681F5D}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKDriveOps.EKDriveOps, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKDriveOps.EKDriveOps.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{EC99C277-DCBA-4C62-B5BC-9CA59C681F5D}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{ECED6576-D3B1-4183-82B6-82A2D66EFC75}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKStart.EKStart, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKStart.EKStart.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{ECED6576-D3B1-4183-82B6-82A2D66EFC75}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{F899EDA8-B919-4b2e-9B78-004344888F1D}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKFirefox.EKFirefox, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKFirefox.EKFirefox.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{F899EDA8-B919-4b2e-9B78-004344888F1D}\InprocServer32, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{FFC537DA-947E-4F41-A1EF-12086966E25E}, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKNetscape.EKNetscape, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\EKNetscape.EKNetscape.1, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{FFC537DA-947E-4F41-A1EF-12086966E25E}\InprocServer32, Quarantined, 1304, 800827, , , , Registry Value: 2 PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MAXFILESHREDDER, Quarantined, 1304, 800833, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MFILESHREDDERAUTOSCAN, Quarantined, 1304, 800833, 1.0.20930, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MaxSecureSoftware, C:\Users\{username}\AppData\Local\Max Secure Software\MaxDownloadTemp, Quarantined, 1304, 393078, , , , PUP.Optional.MaxSecureSoftware, C:\USERS\{username}\APPDATA\LOCAL\MAX SECURE SOFTWARE, Quarantined, 1304, 393078, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, C:\PROGRAMDATA\MAX SECURE\MAX PC SECURE, Quarantined, 1304, 393093, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\Icons, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\Log, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER, Quarantined, 1304, 800827, 1.0.20930, , ame, PUP.Optional.MaxSecureSoftware, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MAX FILE SHREDDER, Quarantined, 1304, 800830, 1.0.20930, , ame, File: 112 PUP.Optional.MaxSecureSoftware, C:\Users\{username}\AppData\Local\Max Secure Software\MaxDownloadTemp\maxdownloader.log, Quarantined, 1304, 393078, , , , PUP.Optional.MaxSecureSoftware, C:\ProgramData\Max Secure\Max PC Secure\SysMFS.dll, Quarantined, 1304, 393093, , , , PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MFSVISTASERVICE.EXE, Quarantined, 1304, 800839, , , , PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MFSSYSTEMTRAY.EXE, Quarantined, 1304, 800833, , , , PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\MAX FILE SHREDDER\MAXFILESHREDDER.EXE, Quarantined, 1304, 800833, , , , PUP.Optional.MaxSecureSoftware, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Max File Shredder.lnk, Quarantined, 1304, 800833, , , , PUP.Optional.MaxSecureSoftware, C:\USERS\PUBLIC\Desktop\Max File Shredder.lnk, Quarantined, 1304, 800833, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\Icons\FileShredder.ico, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\Log\Log.Log, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\AbsoluteFTP.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\ACDSEE Photo Viewer v3.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Adaptec Easy CD Creator v4.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Adobe Acrobat Reader v3.0.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Adobe Acrobat Reader v3.1.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Adobe Acrobat Reader v4.0.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Adobe Photoshop v5.0 LE.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Adobe Photoshop v5.5.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Adobe Photoshop v5.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Adobe Photoshop v6.0.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\ASPack.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Cabinet Manager.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Copernic 2000 Pro.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Copernic 2000.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Cute FTP v3.0.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Cute FTP v4.0.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Delphi v3.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Delphi v4.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Delphi v5.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\DiskKeeper v5.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Download Accelerator.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Eudora Mail.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\FTP Explorer.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\GetRight ExplorerBar.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\GetRight v4.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\GoZilla.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Helios TextPad v3.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Helios TextPad v4.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\HelpWriter.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Icon Extractor.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\ICQ 2000a.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\InstallShield Express.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\JASC Paintshop Pro v5.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\JASC Paintshop Pro v6.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\JASC Paintshop Pro v7.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Jet PhotoShell v1.2.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Macromedia Flash v4.0.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\MasterSplitter v2.1.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\McAfee Virus Scan v4.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microangelo 98.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Micrografx Picture Publisher v7.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Micrografx Picture Publisher v8.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft FrontPage Express.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft FrontPage.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Help Workshop.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft HTML Help.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Office- Word.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Office-Access.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Office-Excel.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Office-Photo Editor.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Office-Power Point.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Publisher 2000.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Send-To Extensions.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Windows Paint.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Microsoft Windows WordPad.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Napster Music Community.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\NEATO Labels.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\NeoPlanet v5.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Norton AntiVirus 2000 (v6).wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Norton File Manager.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Norton Utilities 2000.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\NoteTab Pro.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Opera Browser v4.02 Final.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Opera Browser.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\PackageForTheWeb.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Personal Ancestral File.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Real Audio Player v6 v7 v8.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Real Download v4.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\SureThing CD Labeler.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Telnet.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Ulead Gif Animator v4.0.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Ulead Photo Explorer v4.2.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Ulead Photo Viewer v4.0.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Ulead PhotoImpact v5.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Ulead PhotoImpact Viewer v4.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\UltraEdit v4.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\UltraEdit v7.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Web Ferret v3.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\WinOnCD.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\WinRar v2.6.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\WinRar v2.70.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\WinZip v7.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\WinZip v8.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Wise Installer.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Yahoo Player.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\ZipMagic 2000.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\PlugIns\Zone Alarm.wp, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\CheckDll.dll, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\CloseAll.exe, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\Eraser.dll, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\IPExVB.dll, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\MaxFileShredder.chm, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\MFSPopup.exe, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\Setup.ini, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\unins000.dat, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\unins000.exe, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\unins000.msg, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\VchRegX64.dll, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\Program Files\Max File Shredder\VoucherLog.txt, Quarantined, 1304, 800827, , , , PUP.Optional.MaxSecureSoftware, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max File Shredder\Max File Shredder.lnk, Quarantined, 1304, 800830, , , , PUP.Optional.MaxSecureSoftware, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max File Shredder\Uninstall Max File Shredder.lnk, Quarantined, 1304, 800830, , , , PUP.Optional.MaxSecureSoftware, C:\USERS\{username}\DESKTOP\MAXFILESHREDDERDM.EXE, Quarantined, 1304, 800826, 1.0.20930, 8BC0856F4D009490284855F3, dds, 00636917 PUP.Optional.MaxSecureSoftware, C:\USERS\{username}\DESKTOP\MAXFILESHREDDERX64.EXE, Quarantined, 1304, 800828, 1.0.20930, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.