Metallica

Moderators

View profile See their activity

Content count
1,840
Joined
April 21, 2008
Last visited
December 16, 2016

About Metallica

Rank
Master of PUPs
Birthday 05/19/1963

Contact Methods

ICQ
0

Profile Information

Location
Netherlands

Recent Profile Visitors

154,665 profile views

Gt-truth

May 18
LukeP3

May 11
l3386490

May 1
Aura

April 19
roger_m

April 14
fr33tux

April 6
msherwood

March 15
rhabdomantist

February 24
djrobison22

February 11
nancy999

February 3
ferrellr

January 11

Removal instructions for ServerTest

Metallica posted a topic in Malware Removal Self-Help Guides

What is ServerTest? The Malwarebytes research team has determined that ServerTest is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by ServerTest? You may notice a different font and layout of your Desktop and you may see this entry in your list of installed programs and features: which will pop up this warning when you try to uninstall: How did ServerTest get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove ServerTest? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of ServerTest? No, Malwarebytes removes ServerTest completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the ServerTest adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks some of the connections the adware tries to make: Technical details for experts Possible signs in FRST logs: () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe HKCU\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [2901504 2017-05-23] () C:\Program Files (x86)\YeaDesktop C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop C:\Users\{username}\AppData\Roaming\ServerTest C:\Users\{username}\Desktop\loadapp.exe 1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\YeaDesktop Adds the file config.xml"="5/26/2017 8:36 AM, 1481 bytes, A Adds the file HelpTool.dll"="5/23/2017 4:47 PM, 1576960 bytes, A Adds the file unins000.dat"="5/26/2017 8:36 AM, 11566 bytes, A Adds the file unins000.exe"="5/26/2017 8:36 AM, 961334 bytes, A Adds the file YeaDesktop.exe"="5/23/2017 4:11 PM, 2901504 bytes, A Adds the folder C:\Program Files (x86)\YeaDesktop\common Adds the file apphoverbk.png"="1/17/2017 4:31 PM, 355 bytes, A Adds the file BkgSelectedHover.png"="1/17/2017 4:31 PM, 364 bytes, A Adds the file BkgSelectedNormal.png"="1/17/2017 4:31 PM, 255 bytes, A Adds the file BkgSelectedPressed.png"="1/17/2017 4:31 PM, 366 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop Adds the file Uninstall YeaDesktop.lnk"="5/26/2017 8:36 AM, 1039 bytes, A Adds the file YeaDesktop.lnk"="5/26/2017 8:36 AM, 1049 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ServerTest Adds the file 80887.exe"="5/26/2017 8:36 AM, 1483562 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "YeaDesktop.exe"="REG_DWORD", 11001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YeaDesktop] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe" "DisplayName"="REG_SZ", "1.0.0.1" "DisplayVersion"="REG_SZ", "1.0.0.1" "EstimatedSize"="REG_DWORD", 5306 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\YeaDesktop" "Inno Setup: Icon Group"="REG_SZ", "YeaDesktop" "Inno Setup: Language"="REG_SZ", "default" "Inno Setup: Setup Version"="REG_SZ", "5.4.2.ee2 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170526" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\YeaDesktop\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\YeaDesktop\unins000.exe" /SILENT" "UninstallDataFile"="REG_SZ", "C:\Program Files (x86)\YeaDesktop\unins000.dat" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\YeaDesktop\unins000.exe"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "YeaDesktop"="REG_SZ", "C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart" [HKEY_CURRENT_USER\Software\YeaDesktop] "InsM"="REG_DWORD", 1 "InsTM"="REG_QWORD, .... "TmN"="REG_SZ", "12345" "TmSN"="REG_SZ", "" [HKEY_CURRENT_USER\Software\YeaDesktop\actv] "(Default)"="REG_SZ", "" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/26/17 Scan Time: 8:53 AM Log File: mbamServerTest.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.122 Update Package Version: 1.0.2024 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 332622 Threats Detected: 22 Threats Quarantined: 22 Time Elapsed: 1 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Quarantined, [1535], [393869],1.0.2024 Module: 1 PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Quarantined, [1535], [393869],1.0.2024 Registry Key: 2 PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YeaDesktop, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, HKCU\SOFTWARE\YeaDesktop, Delete-on-Reboot, [1535], [391400],1.0.2024 Registry Value: 2 PUP.Optional.YeaDesktop, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YeaDesktop, Delete-on-Reboot, [1535], [393869],1.0.2024 PUP.Optional.YeaDesktop.ClnShrt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|YEADESKTOP.EXE, Delete-on-Reboot, [1357], [396226],1.0.2024 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YeaDesktop, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\YEADESKTOP, Delete-on-Reboot, [1535], [391395],1.0.2024 File: 13 PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YEADESKTOP\YEADESKTOP.EXE, Delete-on-Reboot, [1535], [393869],1.0.2024 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\apphoverbk.png, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedHover.png, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedNormal.png, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedPressed.png, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\config.xml, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\HelpTool.dll, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\unins000.dat, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\unins000.exe, Delete-on-Reboot, [1535], [391396],1.0.2024 PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\Uninstall YeaDesktop.lnk, Delete-on-Reboot, [1535], [391395],1.0.2024 PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\YeaDesktop.lnk, Delete-on-Reboot, [1535], [391395],1.0.2024 Adware.Eszjuxuan, C:\USERS\{username}\DESKTOP\LOADAPP.EXE, Delete-on-Reboot, [42], [401951],1.0.2024 PUP.Optional.YeaDesktop, C:\USERS\{username}\APPDATA\ROAMING\SERVERTEST\80887.EXE, Delete-on-Reboot, [1535], [391393],1.0.2024 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Friday at 07:27 AM
- - pup.optional.yeadesktop
  - adware.eszjuxuan
  - (and 1 more)
    Tagged with:
    
    pup.optional.yeadesktop
    
    adware.eszjuxuan
    
    yeadesktop
Removal instructions for SavingsCool

Metallica posted a topic in Malware Removal Self-Help Guides

What is SavingsCool? The Malwarebytes research team has determined that SavingsCool is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by SavingsCool? You may see this entry in your list of installed programs and features: and this warning during install: How did SavingsCool get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove SavingsCool? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SavingsCool? No, Malwarebytes removes SavingsCool completely. The full removal will require a reboot. You will be prompted to do so. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the SavingsCool adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. Possible signs in FRST logs: () C:\ProgramData\Microsoft\Windows\NetworkCacheManager\ntcache.exe R2 ntcache; C:\ProgramData\Microsoft\Windows\NetworkCacheManager\ntcache.exe [6960640 2017-05-22] () [File not signed] SavingsCool (HKLM-x32\...\SavingsCool) (Version: - ) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\ProgramData\Microsoft\Windows\NetworkCacheManager Adds the file ntcache.exe"="5/22/2017 8:55 PM, 6960640 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SavingsCool] "DisplayName"="REG_SZ", "SavingsCool" "UninstallString"="REG_SZ", "explorer.exe http://uninstall.savings.cool" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ntcache] "Description"="REG_SZ", "Network Cache Manager" "DisplayName"="REG_SZ", "Network Cache Manager" "ErrorControl"="REG_DWORD", 1 "FailureActions"="REG_BINARY, ............d...d...d. "ImagePath"="REG_EXPAND_SZ, "C:\ProgramData\Microsoft\Windows\NetworkCacheManager\ntcache.exe -service" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ntcache\Security] "Security"="REG_BINARY, ........0................p...."......................... ................................... Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/24/17 Scan Time: 8:59 AM Log File: mbamSavingsCool.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.122 Update Package Version: 1.0.2009 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 332294 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 1 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Quarantined, [1652], [401367],1.0.2009 Module: 1 Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Quarantined, [1652], [401367],1.0.2009 Registry Key: 3 Adware.GorillaPrice, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ntcache, Delete-on-Reboot, [1652], [401367],1.0.2009 Adware.SavingsCool.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SavingsCool, Delete-on-Reboot, [970], [351594],1.0.2009 Adware.SavingsCool.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [970], [-1],0.0.0 Registry Value: 4 Adware.SavingsCool.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0 Adware.SavingsCool.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0 Adware.SavingsCool.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0 Adware.SavingsCool.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [970], [-1],0.0.0 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 3 Adware.GorillaPrice, C:\PROGRAMDATA\MICROSOFT\WINDOWS\NETWORKCACHEMANAGER\NTCACHE.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009 Adware.GorillaPrice, C:\USERS\{username}\DESKTOP\NTCACHE.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009 Adware.GorillaPrice, C:\USERS\{username}\DESKTOP\NSIS.EXE, Delete-on-Reboot, [1652], [401367],1.0.2009 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Wednesday at 08:53 AM
- - adware.gorillaprice
  - adware.savingscool.prxysvrrst
  - (and 1 more)
    Tagged with:
    
    adware.gorillaprice
    
    adware.savingscool.prxysvrrst
    
    ntcache
Removal instructions for GetMaps

Metallica posted a topic in Malware Removal Self-Help Guides

What is GetMaps? The Malwarebytes research team has determined that GetMaps is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. GetMaps is a member of the Spigot family as described in the blogpost Spigot browser hijackers. How do I know if my computer is affected by GetMaps? You may see this browser extension/add-on: and these changed search settings: You may see this entry in your list of installed software: these warnings during install: and this new startpage in the affected browser(s): How did GetMaps get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove GetMaps? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GetMaps? No, Malwarebytes removes GetMaps completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the GetMaps hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to their domain: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.getmaps.co/?source=-bb8&uid=45ed69a3-6505-4be3-870c-a19578b69198&uc=20170523&ap=appfocus43&i_id=maps__1.30 SearchScopes: HKCU -> DefaultScope {AA05F8FA-558C-4DD4-BA6F-C60D3F7B4308} URL = hxxp://search.getmaps.co/s?source=-bb8&uid=45ed69a3-6505-4be3-870c-a19578b69198&uc=20170523&ap=appfocus43&i_id=maps__1.30&query={searchTerms} SearchScopes: HKCU -> {AA05F8FA-558C-4DD4-BA6F-C60D3F7B4308} URL = hxxp://search.getmaps.co/s?source=-bb8&uid=45ed69a3-6505-4be3-870c-a19578b69198&uc=20170523&ap=appfocus43&i_id=maps__1.30&query={searchTerms} FF Homepage: hxxp://search.getmaps.co?uid=e3ebc9c6-6b70-4592-a4b5-cfdd69bf4336&uc=20170523&ap=appfocus43&source=tt-bb8&page=homepage&implementation_id=maps_4.0.0 FF Extension: Maps - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\Extensions\@Maps.xpi [2017-05-23] C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Get Maps (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 2.7.0.2 - Cloud Installer) The most significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions Adds the file {972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi"="5/23/2017 10:33 AM, 1717 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Adds the file Uninstall.exe"="5/23/2017 10:30 AM, 264704 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions Adds the file @Maps.xpi"="5/23/2017 10:33 AM, 19297 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\jetpack\@Maps\simple-storage Adds the file store.json"="5/23/2017 10:34 AM, 323 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.getmaps.co/?source=-bb8&uid=45ed69a3-6505-4be3-870c-a19578b69198&uc=20170523&ap=appfocus43&i_id=maps__1.30" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{AA05F8FA-558C-4DD4-BA6F-C60D3F7B4308}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA05F8FA-558C-4DD4-BA6F-C60D3F7B4308}] "DisplayName"="REG_SZ", "Search" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.getmaps.co/s?source=-bb8&uid=45ed69a3-6505-4be3-870c-a19578b69198&uc=20170523&ap=appfocus43&i_id=maps__1.30&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "Get Maps" "DisplayVersion"="REG_SZ", "2.7.0.2" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\" "Publisher"="REG_SZ", "Cloud Installer" "UninstallDialog"="REG_DWORD", 1 "UninstallEngineID"="REG_SZ", "{AA05F8FA-558C-4DD4-BA6F-C60D3F7B4308}" "UninstallHomepage"="REG_SZ", "http://search.getmaps.co/?source=-bb8&uid=45ed69a3-6505-4be3-870c-a19578b69198&uc=20170523&ap=appfocus43&i_id=maps__1.30" "UninstallImpression"="REG_SZ", "http://imp.getmaps.co/impression.do?source=-bb8&sub_id=20170523&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=appfocus43&user_id=45ed69a3-6505-4be3-870c-a19578b69198&implementation_id=maps__1.30&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall" Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/23/17 Scan Time: 10:42 AM Log File: mbamGetMaps.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.122 Update Package Version: 1.0.2001 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 332097 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 1 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [648], [373878],1.0.2001 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AA05F8FA-558C-4DD4-BA6F-C60D3F7B4308}, Delete-on-Reboot, [2022], [368913],1.0.2001 Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AA05F8FA-558C-4DD4-BA6F-C60D3F7B4308}|URL, Delete-on-Reboot, [2022], [368913],1.0.2001 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [648], [373878],1.0.2001 PUP.Optional.Maps, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\jetpack\@Maps\simple-storage, Delete-on-Reboot, [2054], [348731],1.0.2001 PUP.Optional.Maps, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\JETPACK\@MAPS, Delete-on-Reboot, [2054], [348731],1.0.2001 File: 5 PUP.Optional.Spigot, C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe, Delete-on-Reboot, [648], [373878],1.0.2001 PUP.Optional.Maps, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\jetpack\@Maps\simple-storage\store.json, Delete-on-Reboot, [2054], [348731],1.0.2001 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [2022], [361537],1.0.2001 PUP.Optional.Spigot, C:\USERS\{username}\DESKTOP\GETMAPS.EXE, Delete-on-Reboot, [648], [372110],1.0.2001 PUP.Optional.Maps, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\@MAPS.XPI, Delete-on-Reboot, [2054], [348742],1.0.2001 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Tuesday at 10:26 AM
- - pup.optional.maps
  - pup.optional.spigot
  - (and 1 more)
    Tagged with:
    
    pup.optional.maps
    
    pup.optional.spigot
    
    pup.optional.spigot.generic
Removal instructions for DriverDr

Metallica posted a topic in Malware Removal Self-Help Guides

What is DriverDr? The Malwarebytes research team has determined that DriverDr is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with DriverDr? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and these screen when you try to fix the found "problems": You may see this entry in your list of installed programs: and this task in your list of Scheduled Tasks: How did DriverDr get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove DriverDr? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of DriverDr? No, Malwarebytes removes DriverDr completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the DriverDr installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (DriverDR.com) C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe C:\Windows\System32\Tasks\DriverDR Scheduled Scan C:\Windows\Tasks\DriverDR Scheduled Scan.job C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDR C:\Program Files\DriverDR.com C:\Users\Public\Desktop\DriverDR.lnk C:\Users\{username}\AppData\Roaming\DriverDR.com DriverDR 6.5.0 (HKLM\...\DriverDR_is1) (Version: 6.5.0.0 - DriverDR.com) Task: {8AFC7666-9578-43E6-A914-DE4EB28DBEE9} - System32\Tasks\DriverDR Scheduled Scan => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe [2016-12-12] (DriverDR.com) Task: C:\Windows\Tasks\DriverDR Scheduled Scan.job => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe--scan C:\Program Files\DriverDR.com Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\DriverDR.com\DriverDR Adds the file DriverDR.exe"="12/12/2016 1:09 AM, 2256752 bytes, A Adds the file DriverDR.exe.config"="12/6/2016 12:10 AM, 1584 bytes, A Adds the file Easeware.CheckScheduledScan.exe"="12/12/2016 1:12 AM, 39792 bytes, A Adds the file Easeware.CheckScheduledScan.exe.config"="12/6/2016 12:10 AM, 1584 bytes, A Adds the file Easeware.Driver.Backup.dll"="12/12/2016 1:09 AM, 56688 bytes, A Adds the file Easeware.Driver.Core.dll"="12/12/2016 1:09 AM, 524656 bytes, A Adds the file Easeware.DriverInstall.exe"="12/12/2016 1:12 AM, 398704 bytes, A Adds the file Easeware.DriverInstall.exe.config"="12/6/2016 12:10 AM, 1584 bytes, A Adds the file Interop.WUApiLib.dll"="12/12/2016 1:09 AM, 93040 bytes, A Adds the file partner.xml"="5/6/2016 7:23 PM, 168 bytes, A Adds the file unins000.dat"="5/22/2017 8:40 AM, 30525 bytes, A Adds the file unins000.exe"="5/22/2017 8:40 AM, 1180528 bytes, A Adds the file unins000.msg"="5/22/2017 8:40 AM, 22715 bytes, A Adds the file UnRAR.exe"="12/12/2016 1:12 AM, 253296 bytes, A Adds the file UnRAR_license.txt"="5/6/2016 7:23 PM, 1509 bytes, A Adds the folder C:\Program Files\DriverDR.com\DriverDR\uk Adds the file DriverDR.resources.dll"="12/12/2016 1:11 AM, 39792 bytes, A Adds the file Easeware.DriverInstall.resources.dll"="12/12/2016 1:11 AM, 13680 bytes, A Adds the folder C:\Program Files\DriverDR.com\DriverDR\x64 Adds the file Easeware.Driver.Backup.dll"="12/12/2016 1:10 AM, 56688 bytes, A Adds the file Easeware.Driver.Core.dll"="12/12/2016 1:10 AM, 524656 bytes, A Adds the file Easeware.DriverInstall.exe"="12/12/2016 1:12 AM, 379248 bytes, A Adds the file Easeware.DriverInstall.exe.config"="12/6/2016 12:10 AM, 1584 bytes, A Adds the file Interop.WUApiLib.dll"="12/12/2016 1:09 AM, 93040 bytes, A Adds the folder C:\Program Files\DriverDR.com\DriverDR\x64\ar Adds the file Easeware.DriverInstall.resources.dll"="12/12/2016 1:11 AM, 13168 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDR Adds the file DriverDR.lnk"="5/22/2017 8:40 AM, 993 bytes, A Adds the file Uninstall DriverDR.lnk"="5/22/2017 8:40 AM, 993 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR Adds the file partner.xml"="5/6/2016 7:23 PM, 168 bytes, A Adds the file settings.dat"="5/22/2017 8:40 AM, 542 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR\drivers\qdivtru1.ij4 Adds the folder C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR\drivers\x0ddu5pl.ewq In the existing folder C:\Users\Public\Desktop Adds the file DriverDR.lnk"="5/22/2017 8:40 AM, 975 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file DriverDR Scheduled Scan"="5/22/2017 8:40 AM, 3832 bytes, A In the existing folder C:\Windows\Tasks Adds the file DriverDR Scheduled Scan.job"="5/22/2017 8:40 AM, 418 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverDR_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe" "DisplayName"="REG_SZ", "DriverDR 6.5.0" "DisplayVersion"="REG_SZ", "6.5.0.0" "EstimatedSize"="REG_DWORD", 6280 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\DriverDR.com\DriverDR" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "DriverDR" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170522" "InstallLocation"="REG_SZ", "C:\Program Files\DriverDR.com\DriverDR\" "MajorVersion"="REG_DWORD", 6 "MinorVersion"="REG_DWORD", 5 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "DriverDR.com" "QuietUninstallString"="REG_SZ", ""C:\Program Files\DriverDR.com\DriverDR\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\DriverDR.com\DriverDR\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.DriverDR.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "DriverDR Scheduled Scan.job"="REG_BINARY, ................................ "DriverDR Scheduled Scan.job.fp"="REG_DWORD", -1425972772 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/22/17 Scan Time: 8:55 AM Logfile: mbamDriverDr.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1991 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 331975 Time Elapsed: 2 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe, Quarantined, [9324], [400461],1.0.1991 Module: 1 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe, Quarantined, [9324], [400461],1.0.1991 Registry Key: 3 PUP.Optional.DriverDR, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DriverDR_is1, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverDR_RASAPI32, Delete-on-Reboot, [9324], [400467],1.0.1991 PUP.Optional.DriverDR, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverDR_RASMANCS, Delete-on-Reboot, [9324], [400467],1.0.1991 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 27 PUP.Optional.DriverDR, C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR\drivers\qdivtru1.ij4, Delete-on-Reboot, [9324], [400464],1.0.1991 PUP.Optional.DriverDR, C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR\drivers\x0ddu5pl.ewq, Delete-on-Reboot, [9324], [400464],1.0.1991 PUP.Optional.DriverDR, C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR\drivers, Delete-on-Reboot, [9324], [400464],1.0.1991 PUP.Optional.DriverDR, C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR, Delete-on-Reboot, [9324], [400464],1.0.1991 PUP.Optional.DriverDR, C:\USERS\{username}\APPDATA\ROAMING\DriverDR.com, Delete-on-Reboot, [9324], [400464],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\es-AR, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\pt-BR, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\ar, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\da, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\de, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\fr, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\hu, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\it, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\uk, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\es-AR, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\pt-BR, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\ar, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\da, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\de, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\fr, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\hu, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\it, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\uk, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\PROGRAM FILES\DriverDR.com, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVERDR, Delete-on-Reboot, [9324], [400462],1.0.1991 File: 54 PUP.Optional.DriverDR, C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR\partner.xml, Delete-on-Reboot, [9324], [400464],1.0.1991 PUP.Optional.DriverDR, C:\Users\{username}\AppData\Roaming\DriverDR.com\DriverDR\settings.dat, Delete-on-Reboot, [9324], [400464],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\ar\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\ar\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\da\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\da\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\de\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\de\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\es-AR\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\es-AR\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\fr\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\fr\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\hu\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\hu\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\it\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\it\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\pt-BR\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\pt-BR\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\uk\DriverDR.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\uk\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\ar\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\da\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\de\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\es-AR\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\fr\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\hu\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\it\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\pt-BR\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\uk\Easeware.DriverInstall.resources.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\Easeware.Driver.Backup.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\Easeware.Driver.Core.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\Easeware.DriverInstall.exe, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\Easeware.DriverInstall.exe.config, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\x64\Interop.WUApiLib.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe.config, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\Easeware.CheckScheduledScan.exe, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\Easeware.CheckScheduledScan.exe.config, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\Easeware.Driver.Backup.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\Easeware.Driver.Core.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\Easeware.DriverInstall.exe, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\Easeware.DriverInstall.exe.config, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\Interop.WUApiLib.dll, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\partner.xml, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\unins000.dat, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\unins000.exe, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\unins000.msg, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\UnRAR.exe, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\Program Files\DriverDR.com\DriverDR\UnRAR_license.txt, Delete-on-Reboot, [9324], [400461],1.0.1991 PUP.Optional.DriverDR, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDR\DriverDR.lnk, Delete-on-Reboot, [9324], [400462],1.0.1991 PUP.Optional.DriverDR, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDR\Uninstall DriverDR.lnk, Delete-on-Reboot, [9324], [400462],1.0.1991 PUP.Optional.DriverDR, C:\USERS\PUBLIC\DESKTOP\DRIVERDR.LNK, Delete-on-Reboot, [9324], [400463],1.0.1991 PUP.Optional.DriverDR, C:\WINDOWS\TASKS\DRIVERDR SCHEDULED SCAN.JOB, Delete-on-Reboot, [9324], [400466],1.0.1991 PUP.Optional.DriverDR, C:\WINDOWS\SYSTEM32\TASKS\DriverDR Scheduled Scan, Delete-on-Reboot, [9324], [400465],1.0.1991 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 22
- - pup.optional.driverdr
  - driverdr.com
  - (and 1 more)
    Tagged with:
    
    pup.optional.driverdr
    
    driverdr.com
    
    easeware
Removal instructions for Gifables

Metallica posted a topic in Malware Removal Self-Help Guides

What is Gifables? The Malwarebytes research team has determined that Gifables is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. Gifables is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by Gifables? You may see this browser extensions/add-ons: these warnings during install: You may see this entry in your list of installed software: this type of changed settings: and this new startpage in the affected browsers: How did Gifables get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove Gifables? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Gifables? If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Gifables hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/gifables/ttab02/index.html?n={n1}&ptb={ptb1}&coid={coid1} FF Homepage: hxxp://hp.myway.com/gifables/ttab02/index.html?coId={coid2}&subId&ln=en&n={n2}&ptb={ptb2}&st=tab&p2={p22}&si FF Extension: Gifables - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\Extensions\_l7Members_@free.gifables.com [2017-05-19] CHR Extension: (Gifables) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg [2017-05-19] C:\Users\{username}\AppData\Local\GifablesTooltab Gifables Internet Explorer Homepage and New Tab (HKCU\...\GifablesTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION The most significant changes made by the installer: File system details --------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\GifablesTooltab Adds the file TooltabExtension.dll"="4/14/2017 3:38 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0 Adds the file bg.html"="5/11/2017 1:50 PM, 6119 bytes, A Adds the file buildVars"="5/11/2017 1:50 PM, 8 bytes, A Adds the file buildVars.js"="5/11/2017 1:50 PM, 2579 bytes, A Adds the file companionSW.js"="5/11/2017 1:50 PM, 15026 bytes, A Adds the file config.js"="5/11/2017 1:50 PM, 6170 bytes, A Adds the file contentScript.css"="5/11/2017 1:50 PM, 1362 bytes, A Adds the file contentScript.js"="5/11/2017 1:50 PM, 32297 bytes, A Adds the file debug.html"="5/11/2017 1:50 PM, 299 bytes, A Adds the file debug.jade"="5/11/2017 1:50 PM, 291 bytes, A Adds the file extension_toolbar_api.js"="5/11/2017 1:50 PM, 3143 bytes, A Adds the file initWidgetWindow.js"="5/11/2017 1:50 PM, 768 bytes, A Adds the file manifest.json"="5/19/2017 8:50 AM, 4056 bytes, A Adds the file newTabContentScript.js"="5/11/2017 1:50 PM, 1289 bytes, A Adds the file options.html"="5/11/2017 1:50 PM, 1901 bytes, A Adds the file spent.css"="5/11/2017 1:50 PM, 29420 bytes, A Adds the file spent.html"="5/11/2017 1:50 PM, 4990 bytes, A Adds the file spent.js"="5/11/2017 1:50 PM, 3767 bytes, A Adds the file spent2.css"="5/11/2017 1:50 PM, 29440 bytes, A Adds the file spent2.html"="5/11/2017 1:50 PM, 4988 bytes, A Adds the file spentJ.js"="5/11/2017 1:50 PM, 2892 bytes, A Adds the file spentK.html"="5/11/2017 1:50 PM, 3054 bytes, A Adds the file spentK.js"="5/11/2017 1:50 PM, 875 bytes, A Adds the file startup.js"="5/11/2017 1:50 PM, 4380 bytes, A Adds the file stub.html"="5/11/2017 1:50 PM, 371 bytes, A Adds the file stubby.html"="5/11/2017 1:50 PM, 2665 bytes, A Adds the file superFrame.js"="5/11/2017 1:50 PM, 724 bytes, A Adds the file toolbar.html"="5/11/2017 1:50 PM, 5293 bytes, A Adds the file toolbar.js"="5/11/2017 1:50 PM, 43162 bytes, A Adds the file toolbarUI.css"="5/11/2017 1:50 PM, 4331 bytes, A Adds the file toolbarUI.html"="5/11/2017 1:50 PM, 922 bytes, A Adds the file toolbarUI.js"="5/11/2017 1:50 PM, 28138 bytes, A Adds the file url.js"="5/11/2017 1:50 PM, 13245 bytes, A Adds the file urlFragmentActions.js"="5/11/2017 1:50 PM, 1944 bytes, A Adds the file webtooltab.cs.js"="5/11/2017 1:50 PM, 1694 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\_metadata Adds the file computed_hashes.json"="5/19/2017 8:50 AM, 48579 bytes, A Adds the file verified_contents.json"="5/11/2017 1:50 PM, 33279 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jahgjnedbefhiimghmiemdmgiegiddjg Adds the file 000003.log"="5/19/2017 8:51 AM, 1213 bytes, A Adds the file CURRENT"="5/19/2017 8:50 AM, 16 bytes, A Adds the file LOCK"="5/19/2017 8:50 AM, 0 bytes, A Adds the file LOG"="5/19/2017 8:51 AM, 185 bytes, A Adds the file MANIFEST-000001"="5/19/2017 8:50 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jahgjnedbefhiimghmiemdmgiegiddjg Adds the file 000003.log"="5/19/2017 8:51 AM, 398 bytes, A Adds the file CURRENT"="5/19/2017 8:51 AM, 16 bytes, A Adds the file LOCK"="5/19/2017 8:51 AM, 0 bytes, A Adds the file LOG"="5/19/2017 8:51 AM, 184 bytes, A Adds the file MANIFEST-000001"="5/19/2017 8:51 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com Adds the file bootstrap.js"="5/19/2017 8:48 AM, 24987 bytes, A Adds the file chrome.manifest"="5/19/2017 8:48 AM, 135 bytes, A Adds the file chrome.manifest.restartless"="5/19/2017 8:48 AM, 135 bytes, A Adds the file install.rdf"="5/19/2017 8:48 AM, 1430 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\chrome Adds the file ffxtbr.jar"="5/19/2017 8:48 AM, 346276 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\META-INF Adds the file manifest.mf"="5/19/2017 8:48 AM, 680 bytes, A Adds the file mozilla.rsa"="5/19/2017 8:48 AM, 4187 bytes, A Adds the file mozilla.sf"="5/19/2017 8:48 AM, 121 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\gifables_l7 Registry details ------------------------------------------ [HKEY_CURRENT_USER\Software\Gifables] "Start Page"="REG_SZ", "http://hp.myway.com/gifables/ttab02/index.html?n=C05C6EE&p2=^CQJ^yyyyyy^TTAB02^nl&ptb={ptb1}&coid={coid1}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2"!!~~~~~~~~~~ie-sucks~~~~~~~~~~~~!! [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/gifables/ttab02/index.html?n={n1}&ptb={ptb1}&coid={coid1}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GifablesTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "Gifables Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\GifablesTooltab\TooltabExtension.dll" U uninstall:Gifables" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/19/17 Scan Time: 9:11 AM Logfile: mbamGifables.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1972 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 331684 Time Elapsed: 1 min, 28 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GIFABLESTOOLTAB\TOOLTABEXTENSION.DLL, Quarantined, [271], [301125],1.0.1972 Registry Key: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GifablesTooltab Uninstall Internet Explorer, Delete-on-Reboot, [271], [301125],1.0.1972 Registry Value: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GifablesTooltab Uninstall Internet Explorer|PUBLISHER, Delete-on-Reboot, [271], [352442],1.0.1972 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [271], [293497],1.0.1972 Data Stream: 0 (No malicious items detected) Folder: 89 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\META-INF, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\chrome, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\EXTENSIONS\_L7MEMBERS_@FREE.GIFABLES.COM, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\abstractbutton\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedscript\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\thirdparty\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\uninstall\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedhtml\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\weather\css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\topapps\css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\weather\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\weather\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\topapps\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\generic\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio\css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedscript\html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\alert\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\flare\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\topapps, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\link\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\weather, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\abstractbutton, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedhtml\html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedscript\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\common, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\rss\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\rss\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedhtml\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedscript, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\flare\icons, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\images, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\rss, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\radioWrapper, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\search\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\thirdparty, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews\html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedhtml, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\foreground, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\uninstall, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews\css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\generic, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\weather, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\background, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\alert, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\flare, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\search\html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\link, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\rss, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\window, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\search, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\adapter, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native\libs, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\_metadata, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JAHGJNEDBEFHIIMGHMIEMDMGIEGIDDJG, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GifablesTooltab, Delete-on-Reboot, [818], [356944],1.0.1972 File: 292 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GIFABLESTOOLTAB\TOOLTABEXTENSION.DLL, Delete-on-Reboot, [271], [301125],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [319354],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\PREFS.JS, Replaced, [818], [356946],1.0.1972 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_gifables.dl.myway.com_0.localstorage, Delete-on-Reboot, [271], [240305],1.0.1972 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_gifables.dl.myway.com_0.localstorage-journal, Delete-on-Reboot, [271], [240305],1.0.1972 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{default profile}\EXTENSIONS\_L7MEMBERS_@FREE.GIFABLES.COM\BOOTSTRAP.JS, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\chrome\ffxtbr.jar, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\META-INF\manifest.mf, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\META-INF\mozilla.rsa, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\META-INF\mozilla.sf, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\chrome.manifest, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\chrome.manifest.restartless, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{default profile}\extensions\_l7Members_@free.gifables.com\install.rdf, Delete-on-Reboot, [818], [371671],1.0.1972 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JAHGJNEDBEFHIIMGHMIEMDMGIEGIDDJG\12.702.11.34432_0\MANIFEST.JSON, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\adapter\adapterUtil.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\adapter\widget-adapter.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\abstractbutton\background\abstractButton.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\alert\background\alertButton.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedhtml\background\embedHtmlWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedhtml\html\embedHtmlTemplate.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedhtml\js\embedHtmlUI.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedscript\background\embedScriptWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedscript\html\embedScriptTemplate.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\embedscript\js\embedScriptUI.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\flare\background\FlareWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\flare\icons\Icon_Flare_blue.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\flare\icons\Icon_Flare_pink.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\flare\icons\Thumbs.db, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\generic\background\GenericWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\link\background\linkButton.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\background\menuButton.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\css\menuframe.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\html\menuframe.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\images\right_arrow.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\images\right_arrow_white.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\js\jquery-1.7.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\js\menuframe.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\js\query-string.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\js\underscore-1.3.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\menu\README.txt, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\rss\background\RssWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\thirdparty\background\thirdPartyWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\uninstall\background\uninstallButton.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\components\weather\background\weatherButton.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\bs.30.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\common.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\dynamic.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\enableDetect.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\eventListening.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\global.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\jquery-1.7.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\list-interaction.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\messageEventListener.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\navRedirector.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\paramReplacer.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\PartnerId.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\set.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\underscore-1.3.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\underscore-1.5.2.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\js\unifiedLogging.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\common\common.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\common\eventListening.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\common\list-interaction.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\common\set.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio\css\radio-widget.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio\js\radio-custom.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio\js\radio-parser.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio\js\radio-widget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\radio\radio-widget.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\rss\js\rss-widget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\rss\rssWidget.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test\invalid.json, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test\jquery.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test\qunit.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test\qunit.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test\resource.json, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test\resource.xml, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test\testWidget.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\test\testWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\topapps\css\widget.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\topapps\js\topapps-config.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\topapps\js\widget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\topapps\widget.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\weather\css\weatherButton.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\weather\js\weather.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widgets\weather\weatherButton.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\common\widget-api\widget-context-1.0.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\background\ApiBasedWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\background\widget-api-impl.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\window\hiddenWidgetWindow.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\window\hiddenWidgetWindow.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\window\hiddenWidgetWindowInit.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\window\widgetWindow.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\api\window\widgetWindow.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\background\updateSearch.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\background\updateSearchPromptBg.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\07_buttons2.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\08_buttons2.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\defaultSearchModal.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\tvf_btn_ok.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\tvf_restart_icon.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews\background\MovieReviewsWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews\css\movieReviews.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews\html\movieReviews.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\moviereviews\js\movieReviews.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\background\RadioWidget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\css\toolbar-item.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\foreground\button.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\radioWrapper\radioWrapper.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\radio\radioWrapper\radioWrapper.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\search\background\searchBox.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\search\html\searchSuggestions.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\search\html\searchSuggestions.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\search\html\searchSuggestions.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\search\html\searchSuggestionsInit.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\css\supertab.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\html\supertab.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\js\newtabfork.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\js\reporting.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\js\srchsugg.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\js\supertab.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\js\unifiedLogging.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\components\supertab\js\__utm.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\_metadata\computed_hashes.json, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\_metadata\verified_contents.json, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons\arrowSprite.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons\icon128.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons\icon16.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons\icon19disabled.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons\icon19on.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons\icon48.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\icons\tb_icon_search_disappearing_ask.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\235052116.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\235052128.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\235052129.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\235052180.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\235052197.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\down_arrow.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\IDR_PRODUCT_LOGO_16.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\IDR_WEBSTORE_ICON.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\magnifying_glass.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\RadioPlayerSprite.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\search_button.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\tvf_icon_guide.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\tvf_logo.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\images\wrench.png, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\newTabInitialize.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\chromeStorage.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\chromeUtils.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\companionSWUtils.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\exeManager.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\exeManagerNMD.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\exePackageManager.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\focusManager.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\globalBlacklistManager.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\messaging.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\mutation_summary-min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\mutation_summary.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\nativeMessagingDispatcher.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\newTabInfo.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\options.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\readLocalStorage.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\recentlyClosedTabs.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\reservespacefortoolbar.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\reservespaceifenabled.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\scriptInjector.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\searchContext.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\settingsOverrides.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\toolbarCookieParser.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\toolbarPreinit.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\underscore-1.3.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\URILoaderContentScript.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\webTooltabAPI.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\Widget.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\widgetContentScriptInjectee.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\widgetFactory.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\js\widgetWindowManager.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native\libs\jquery-1.7.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native\libs\jquery-1.9.1.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native\libs\underscore-1.5.2.min.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native\cache.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native\ce.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native\debug.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\native\ss.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\activePing.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\buttonLogger.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\competitorDnsList.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\console.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\FFPreferencesPersister.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\httpTransport.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\HttpURL.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\internationalSearch.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\LocalStoragePersister.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\MindsparkGlobal.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\MindsparkGlobal.unitTest.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\MindsparkGlobalNotes.txt, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\rsvp-latest.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\searchSuggestLocale.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\testHttpTransport.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\unifiedLogger.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\unifiedLogging.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\universalConsole.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\shared\utils.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\spent2.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\bg.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\buildVars, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\buildVars.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\companionSW.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\config.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\contentScript.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\contentScript.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\debug.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\debug.jade, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\spentJ.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\spentK.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\spentK.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\startup.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\stub.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\stubby.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\superFrame.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\toolbar.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\toolbar.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\toolbarUI.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\toolbarUI.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\toolbarUI.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\url.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\urlFragmentActions.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\webtooltab.cs.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\extension_toolbar_api.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\initWidgetWindow.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\newTabContentScript.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\options.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\spent.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\spent.html, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\spent.js, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jahgjnedbefhiimghmiemdmgiegiddjg\12.702.11.34432_0\spent2.css, Delete-on-Reboot, [271], [301932],1.0.1972 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_ext.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [271], [240306],1.0.1972 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_ext.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [271], [240306],1.0.1972 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_gifables.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [271], [240306],1.0.1972 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_gifables.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [271], [240306],1.0.1972 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 19
- - pup.optional.mindspark
  - myway
  - (and 2 more)
    Tagged with:
    
    pup.optional.mindspark
    
    myway
    
    jahgjnedbefhiimghmiemdmgiegiddjg
    
    iac
Removal instructions for ScreenUp

Metallica posted a topic in Malware Removal Self-Help Guides

What is ScreenUp? The Malwarebytes research team has determined that ScreenUp is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by ScreenUp? You may see this entry in your list of installed programs and features: and these warnings during install: and these screens during operations (taking screenshots): How did ScreenUp get on my computer? Adware applications use different methods for distributing themselves. This particular one was bundled with other software. How do I remove ScreenUp? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of ScreenUp? No, Malwarebytes removes ScreenUp completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the ScreenUp adware. It would have warned you before the adware could run, giving you a chance to stop it before it became too late. The web protection module also blocks the connections the installer tries to make: Technical details for experts Possible signs in FRST logs: (DoLab LLC) C:\Users\{username}\AppData\Roaming\ScreenUp\ScreenUp.exe HKCU\...\Run: [ScreenUp] => C:\Users\{username}\AppData\Roaming\ScreenUp\ScreenUp.exe [1598976 2015-09-14] (DoLab LLC) C:\Users\Public\Desktop\ScreenUp.lnk C:\Users\{username}\AppData\Roaming\ScreenUp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenUp ScreenUp (HKLM-x32\...\ScreenUp) (Version: - DoLab LLC) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenUp Adds the file ScreenUp.lnk"="5/8/2017 10:33 AM, 1009 bytes, A Adds the file Uninstall.lnk"="5/8/2017 10:33 AM, 1056 bytes, A Adds the file Website.lnk"="5/8/2017 10:33 AM, 1009 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ScreenUp Adds the file ScreenUp.exe"="9/14/2015 12:39 PM, 1598976 bytes, A Adds the file ScreenUp.url"="5/8/2017 10:33 AM, 48 bytes, A Adds the file uninst.exe"="5/8/2017 10:33 AM, 114157 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file ScreenUp.lnk"="5/8/2017 10:33 AM, 973 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ScreenUp.exe] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\ScreenUp\ScreenUp.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ScreenUp] "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Roaming\ScreenUp\ScreenUp.exe" "DisplayName"="REG_SZ", "ScreenUp" "Publisher"="REG_SZ", "DoLab LLC" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Roaming\ScreenUp\uninst.exe" "URLInfoAbout"="REG_SZ", "http://www.screenup.ru" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ScreenUp"="REG_SZ", "C:\Users\{username}\AppData\Roaming\ScreenUp\ScreenUp.exe" [HKEY_CURRENT_USER\Software\ScreenUp] "(Default)"="REG_SZ", "77639700254805193922091408" "AutoUpdate"="REG_DWORD", 1 "lastUpdateTime"="REG_SZ", "13138706045" "prtScr"="REG_DWORD", 1 "prtScrAlt"="REG_DWORD", 1 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/18/17 Scan Time: 8:06 AM Logfile: mbamScreenUp.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1963 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 331584 Time Elapsed: 1 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP\SCREENUP.EXE, Quarantined, [9235], [398730],1.0.1963 Module: 1 PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP\SCREENUP.EXE, Quarantined, [9235], [398730],1.0.1963 Registry Key: 4 PUP.Optional.ScreenUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ScreenUp, Delete-on-Reboot, [9235], [399043],1.0.1963 PUP.Optional.ScreenUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ScreenUp.exe, Delete-on-Reboot, [9235], [399042],1.0.1963 PUP.Optional.ScreenUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ScreenUp.exe, Delete-on-Reboot, [9235], [399042],1.0.1963 PUP.Optional.ScreenUp, HKCU\SOFTWARE\SCREENUP, Delete-on-Reboot, [9235], [399040],1.0.1963 Registry Value: 3 PUP.Optional.ScreenUp, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ScreenUp, Delete-on-Reboot, [9235], [398730],1.0.1963 PUP.Optional.ScreenUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SCREENUP|URLINFOABOUT, Delete-on-Reboot, [9235], [399041],1.0.1963 PUP.Optional.ScreenUp, HKCU\SOFTWARE\SCREENUP|AUTOUPDATE, Delete-on-Reboot, [9235], [399040],1.0.1963 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP, Delete-on-Reboot, [9235], [399043],1.0.1963 PUP.Optional.ScreenUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SCREENUP, Delete-on-Reboot, [9235], [399134],1.0.1963 File: 8 PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP\SCREENUP.EXE, Delete-on-Reboot, [9235], [398730],1.0.1963 PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP\SCREENUP.URL, Delete-on-Reboot, [9235], [399043],1.0.1963 PUP.Optional.ScreenUp, C:\Users\{username}\AppData\Roaming\ScreenUp\uninst.exe, Delete-on-Reboot, [9235], [399043],1.0.1963 PUP.Optional.ScreenUp, C:\USERS\{username}\DESKTOP\SCNMASTERSETUP.EXE, Delete-on-Reboot, [9235], [398730],1.0.1963 PUP.Optional.ScreenUp, C:\USERS\PUBLIC\DESKTOP\SCREENUP.LNK, Delete-on-Reboot, [9235], [399045],1.0.1963 PUP.Optional.ScreenUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SCREENUP\WEBSITE.LNK, Delete-on-Reboot, [9235], [399134],1.0.1963 PUP.Optional.ScreenUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenUp\ScreenUp.lnk, Delete-on-Reboot, [9235], [399134],1.0.1963 PUP.Optional.ScreenUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenUp\Uninstall.lnk, Delete-on-Reboot, [9235], [399134],1.0.1963 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 18
- - pup.optional.screenup
  - dolab llc
Removal instructions for Smart System Care

Metallica posted a topic in Malware Removal Self-Help Guides

What is Smart System Care? The Malwarebytes research team has determined that Smart System Care is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Smart System Care? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: and this task in your list of Scheduled Tasks: How did Smart System Care get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Smart System Care? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Smart System Care? No, Malwarebytes removes Smart System Care completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Smart System Care installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain. Technical details for experts You may see these entries in FRST logs: () C:\Program Files\Smart~System Care for {computername}\ssc.exe S2 SSCValidator; C:\ProgramData\SSCValidator For {computername}\SSCValidatorService.exe [32256 2017-03-10] (SSCValidator) [File not signed] C:\Windows\System32\Tasks\Smart~System Care_Logon C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername} C:\Users\Public\Desktop\Smart~System Care.lnk C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername} C:\ProgramData\SSCValidator for {computername} C:\ProgramData\Smart~System Care for {computername} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart~System Care for {computername} C:\Program Files\Smart~System Care for {computername} Smart~System Care (HKLM\...\{E6298C62-873B-43BF-915D-F7B481C0633F}_is1) (Version: 1.0.0.28879 - ) Task: {D952D9F5-26C1-4107-BB06-D73C636F9BAD} - System32\Tasks\Smart~System Care_Logon => C:\Program Files\Smart~System Care for {computername}\ssc.exe [2017-05-11] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Smart~System Care for {computername} Adds the file danish_iss.ini"="9/9/2016 3:17 PM, 2402 bytes, A Adds the file Dutch_iss.ini"="9/9/2016 3:17 PM, 2600 bytes, A Adds the file english_iss.ini"="9/9/2016 3:17 PM, 2256 bytes, A Adds the file finish_iss.ini"="9/9/2016 3:17 PM, 2368 bytes, A Adds the file French_iss.ini"="9/9/2016 3:17 PM, 2792 bytes, A Adds the file german_iss.ini"="9/9/2016 3:17 PM, 2658 bytes, A Adds the file HtmlRenderer.dll"="9/9/2016 3:21 PM, 221696 bytes, A Adds the file HtmlRenderer.WinForms.dll"="9/9/2016 3:21 PM, 60416 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="5/11/2017 5:04 PM, 55480 bytes, A Adds the file italian_iss.ini"="9/9/2016 3:17 PM, 2552 bytes, A Adds the file japanese_iss.ini"="9/9/2016 3:17 PM, 1844 bytes, A Adds the file langs.db"="3/21/2017 5:41 PM, 421888 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="9/9/2016 3:21 PM, 171008 bytes, A Adds the file NAudio.dll"="9/9/2016 3:21 PM, 471040 bytes, A Adds the file norwegian_iss.ini"="9/9/2016 3:17 PM, 2358 bytes, A Adds the file portuguese_iss.ini"="9/9/2016 3:17 PM, 2424 bytes, A Adds the file russian_iss.ini"="9/9/2016 3:17 PM, 2494 bytes, A Adds the file spanish_iss.ini"="9/9/2016 3:17 PM, 2548 bytes, A Adds the file ssc.exe"="5/11/2017 5:04 PM, 2814648 bytes, A Adds the file ssc.exe.config"="5/11/2017 5:04 PM, 5192 bytes, A Adds the file SSCContent.dll"="5/11/2017 1:11 PM, 1346560 bytes, A Adds the file swedish_iss.ini"="9/9/2016 3:17 PM, 2270 bytes, A Adds the file System.Data.SQLite.DLL"="9/9/2016 3:21 PM, 290816 bytes, A Adds the file TAFactory.IconPack.dll"="9/9/2016 3:21 PM, 36864 bytes, A Adds the file unins000.dat"="5/17/2017 8:43 AM, 87075 bytes, A Adds the file unins000.exe"="5/17/2017 8:34 AM, 1273016 bytes, A Adds the file unins000.msg"="5/17/2017 8:43 AM, 22701 bytes, A Adds the folder C:\Program Files\Smart~System Care for {computername}\x64 Adds the file SQLite.Interop.dll"="9/1/2016 10:44 AM, 1175552 bytes, A Adds the folder C:\Program Files\Smart~System Care for {computername}\x86 Adds the file SQLite.Interop.dll"="9/1/2016 10:44 AM, 854528 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart~System Care for {computername} Adds the file Buy Smart~System Care.lnk"="5/17/2017 8:43 AM, 993 bytes, A Adds the file Smart~System Care.lnk"="5/17/2017 8:43 AM, 981 bytes, A Adds the file Uninstall Smart~System Care.lnk"="5/17/2017 8:43 AM, 1012 bytes, A Adds the folder C:\ProgramData\Smart~System Care for {computername} Adds the file mdb.db"="9/9/2016 3:17 PM, 835584 bytes, A Adds the file pcspstartrepair_en.mp3"="9/9/2016 3:17 PM, 130973 bytes, A Adds the folder C:\ProgramData\SSCValidator for {computername} Adds the file InstallUtil.InstallLog"="5/17/2017 8:43 AM, 724 bytes, A Adds the file SSCValidatorService.exe"="3/10/2017 11:53 AM, 32256 bytes, A Adds the file SSCValidatorService.exe.config"="5/11/2017 5:04 PM, 2476 bytes, A Adds the file SSCValidatorService.InstallLog"="5/17/2017 8:43 AM, 789 bytes, A Adds the file SSCValidatorService.InstallState"="5/17/2017 8:43 AM, 5012 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername} Adds the file langswfo.db"="3/21/2017 5:41 PM, 16384 bytes, A Adds the file System.Data.SQLite.DLL"="9/9/2016 3:21 PM, 290816 bytes, A Adds the file wfo.exe"="5/11/2017 5:04 PM, 74936 bytes, A Adds the file wfo.exe.config"="5/11/2017 5:04 PM, 998 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x64 Adds the file SQLite.Interop.dll"="9/1/2016 10:44 AM, 1175552 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x86 Adds the file SQLite.Interop.dll"="9/1/2016 10:44 AM, 854528 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername} Adds the file common_desktop.gif"="5/17/2017 8:44 AM, 15950 bytes, A Adds the file common_desktopscan.gif"="5/17/2017 8:44 AM, 15950 bytes, A Adds the file Errorlog.txt"="5/17/2017 8:47 AM, 16124 bytes, A Adds the file exlist.bin"="5/17/2017 8:44 AM, 258402 bytes, A Adds the file res.xml"="5/17/2017 8:48 AM, 18062 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\smico In the existing folder C:\Users\Public\Desktop Adds the file Smart~System Care.lnk"="5/17/2017 8:43 AM, 963 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Smart~System Care_Logon"="5/17/2017 8:44 AM, 3076 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command] "(Default)" = REG_SZ, "C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\wfo.exe "%1"" "windowsfileopener.Dat"="REG_SZ", "C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command] "(Default)" = REG_SZ, "C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\wfo.exe "%1"" "windowsfileopener.Dat"="REG_SZ", "C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6298C62-873B-43BF-915D-F7B481C0633F}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Smart~System Care for {computername}\ssc.exe" "DisplayName"="REG_SZ", "Smart~System Care" "DisplayVersion"="REG_SZ", "1.0.0.28879" "EstimatedSize"="REG_DWORD", 13663 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Smart~System Care for {computername}" "Inno Setup: Icon Group"="REG_SZ", "Smart~System Care for {computername}" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.8 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170517" "InstallLocation"="REG_SZ", "C:\Program Files\Smart~System Care for {computername}\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files\Smart~System Care for {computername}\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Smart~System Care for {computername}\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Smart~System Care For {computername}] "affired"="REG_DWORD", 1 "afterInstallUrl"="REG_SZ", "http://www.systemoptimizer.online/ssc/afterinstall/?" "cbkpoff"="REG_DWORD", 1 "country"="REG_SZ", "nl" "cta"="REG_DWORD", 0 "dlllist"="REG_SZ", "PSMACHINE_64.DLL,MSSPELLCHECKINGFACILITY.DLL" "EmailURL"="REG_SZ", "ssc@support-geeks.com" "expired"="REG_DWORD", 0 "hdata"="REG_BINARY, ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... "Installstring"="REG_SZ", "C:\Program Files\Smart~System Care for {computername}" "ipaddrurl"="REG_SZ", "http://www.systemoptimizer.online/getIpAddress.asp" "isiunidu"="REG_DWORD", 0 "issilent"="REG_DWORD", 0 "ISTELNO"="REG_DWORD", 1 "LangCode"="REG_SZ", "en" "lstregscancount"="REG_DWORD", 46 "lstscandate"="REG_SZ", "5/17/2017 8:48:21 AM" "lstscanstat"="REG_DWORD", 2 "lstsecscancount"="REG_DWORD", 0 "lsttotalscancount"="REG_DWORD", 46 "mcurl"="REG_SZ", "http://mcafee.safe-mart.store/mcf/" "paramurl"="REG_SZ", "http://trkr.systemoptimizer.online/ipfiles/" "prereg"="REG_DWORD", 0 "PurchaseURL"="REG_SZ", "http://smartsystemcare.safe-mart.store/price.asp?" "pxl"="REG_SZ", "cnw1965_cnw1924_runt" "reg"="REG_DWORD", 0 "RenewURL"="REG_SZ", "http://smartsystemcare.safe-mart.store/renewal.asp?" "runcam"="REG_DWORD", 0 "showtn"="REG_DWORD", 0 "showunins"="REG_DWORD", 1 "showwfo"="REG_DWORD", 1 "stdismax"="REG_DWORD", -1 "supporturl"="REG_SZ", "http://www.systemoptimizer.online/help/" "TELNO"="REG_SZ", "+31-08-58882839" "TELNO_ar"="REG_SZ", "+54 11 5236 0324" "TELNO_at"="REG_SZ", "+43 (0)720 902 309" "TELNO_au"="REG_SZ", "(61)280-733403" "TELNO_br"="REG_SZ", "+55 21 2391 4319" "TELNO_ch"="REG_SZ", "+41 (0)44 508 70 37" "TELNO_de"="REG_SZ", "(800)-180-0926" "TELNO_dk"="REG_SZ", "+45 78 73 09 26" "TELNO_es"="REG_SZ", "+34 951 203 537" "TELNO_fi"="REG_SZ", "+358 (0)9 4270 4911" "TELNO_fr"="REG_SZ", "(334)-88627945" "TELNO_gb"="REG_SZ", "0800-031-5066" "TELNO_it"="REG_SZ", "+39 069 4802886" "TELNO_ja"="REG_SZ", "0120-993-506" "TELNO_jp"="REG_SZ", "0120-993-506" "TELNO_lu"="REG_SZ", "(800)-180-0926" "TELNO_nl"="REG_SZ", "+31-08-58882839" "TELNO_no"="REG_SZ", "+47 21 95 01 97" "TELNO_pt"="REG_SZ", "+351 70 750 2094" "TELNO_se"="REG_SZ", "+46-08124-10298" "TELNO_uk"="REG_SZ", "0800-031-5066" "TELNO_us"="REG_SZ", "(855)-332-0124" "utm_campaign"="REG_SZ", "cnwt1ros32" "utm_source"="REG_SZ", "cnwt1ros32" "vendorLogo"="REG_SZ", "res://SSCContent.dll/jpg/common_logo.jpg" "vendorMachineAvi"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\common_desktop.gif" "vendorMachineAvi1"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\common_desktopscan.gif" "WebURL"="REG_SZ", "http://www.systemoptimizer.online/" "wfoset"="REG_DWORD", 1 "x-ccode"="REG_SZ", "nl" [HKEY_LOCAL_MACHINE\SOFTWARE\ssc-pr] "affiliateid"="REG_SZ", "" "btnid"="REG_SZ", "" "country"="REG_SZ", "nl" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "phone"="REG_SZ", "" "referurl"="REG_SZ", "" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "" "utm_source"="REG_SZ", "cnwt1ros32" "x-at"="REG_SZ", "" "x-context"="REG_SZ", "" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\SSCValidator For {computername}\SSCValidatorService] "country"="REG_SZ", "nl" [HKEY_LOCAL_MACHINE\SOFTWARE\U21hcnR+U3lzdGVtIENhcmU=\ACT] "data"="REG_BINARY, ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................_......................... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SSCValidator] "EventMessageFile"="REG_EXPAND_SZ, "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSCValidator] "Description"="REG_SZ", "SSC Validator" "DisplayName"="REG_SZ", "SSC Validator" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\SSCValidator For {computername}\SSCValidatorService.exe"" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_CURRENT_USER\Software\Smart~System Care For {computername}] "InstallString"="REG_SZ", "C:\Program Files\Smart~System Care for {computername}" "LangCode"="REG_SZ", "en" "utm_campaign"="REG_SZ", "cnwt1ros32" "utm_source"="REG_SZ", "cnwt1ros32" [HKEY_CURRENT_USER\Software\Smart~System Care For {computername}\1.0.0.28879] "Installstring"="REG_SZ", "C:\Program Files\Smart~System Care for {computername}" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/17/17 Scan Time: 9:02 AM Logfile: mbamSmartSystemCare.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1958 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 331547 Time Elapsed: 1 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\SSC.EXE, Quarantined, [1265], [391197],1.0.1958 Module: 7 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\MICROSOFT.WIN32.TASKSCHEDULER.DLL, Quarantined, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\SYSTEM.DATA.SQLITE.DLL, Quarantined, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\X64\SQLITE.INTEROP.DLL, Quarantined, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\TAFACTORY.ICONPACK.DLL, Quarantined, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\SSC.EXE, Quarantined, [1265], [391197],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\INTEROP.IWSHRUNTIMELIBRARY.DLL, Quarantined, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\NAudio.dll, Quarantined, [1265], [399138],1.0.1958 Registry Key: 7 PUP.Optional.SmartSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SSCValidator, Delete-on-Reboot, [1265], [391213],1.0.1958 PUP.Optional.SmartSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E6298C62-873B-43BF-915D-F7B481C0633F}_is1, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, HKCU\SOFTWARE\Smart~System Care For {computername}, Delete-on-Reboot, [1265], [399135],1.0.1958 PUP.Optional.SmartSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SSCValidator, Delete-on-Reboot, [1265], [391216],1.0.1958 PUP.Optional.SmartSystemCare, HKLM\SOFTWARE\Smart~System Care For {computername}, Delete-on-Reboot, [1265], [399136],1.0.1958 PUP.Optional.SmartSystemCare, HKLM\SOFTWARE\ssc-pr, Delete-on-Reboot, [1265], [370120],1.0.1958 PUP.Optional.SmartSystemCare, HKLM\SOFTWARE\SSCValidator For {computername}, Delete-on-Reboot, [1265], [391215],1.0.1958 Registry Value: 2 PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND|WINDOWSFILEOPENER.DAT, Delete-on-Reboot, [1093], [333220],1.0.1958 PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|WINDOWSFILEOPENER.DAT, Delete-on-Reboot, [1300], [333218],1.0.1958 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.SmartSystemCare, C:\PROGRAMDATA\Smart~System Care for {computername}, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAMDATA\SSCValidator for {computername}, Delete-on-Reboot, [1265], [391213],1.0.1958 PUP.Optional.SmartSystemCare, C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\smico, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\USERS\{username}\APPDATA\ROAMING\Smart~System Care For {computername}, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\x64, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\x86, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\Smart~System Care for {computername}, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Smart~System Care for {computername}, Delete-on-Reboot, [1265], [399140],1.0.1958 PUP.Optional.AdvancedPCCare, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x64, Delete-on-Reboot, [73], [379054],1.0.1958 PUP.Optional.AdvancedPCCare, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x86, Delete-on-Reboot, [73], [379054],1.0.1958 PUP.Optional.AdvancedPCCare, C:\USERS\{username}\APPDATA\ROAMING\FILEOPENERWINDOWS FOR {computername}, Delete-on-Reboot, [73], [379054],1.0.1958 File: 53 PUP.Optional.SmartSystemCare, C:\ProgramData\Smart~System Care for {computername}\mdb.db, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\Smart~System Care for {computername}\pcspstartrepair_en.mp3, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\SSCValidator for {computername}\InstallUtil.InstallLog, Delete-on-Reboot, [1265], [391213],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\SSCValidator for {computername}\SSCValidatorService.exe, Delete-on-Reboot, [1265], [391213],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\SSCValidator for {computername}\SSCValidatorService.exe.config, Delete-on-Reboot, [1265], [391213],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\SSCValidator for {computername}\SSCValidatorService.InstallLog, Delete-on-Reboot, [1265], [391213],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\SSCValidator for {computername}\SSCValidatorService.InstallState, Delete-on-Reboot, [1265], [391213],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\MICROSOFT.WIN32.TASKSCHEDULER.DLL, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\SYSTEM.DATA.SQLITE.DLL, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\X64\SQLITE.INTEROP.DLL, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\TAFACTORY.ICONPACK.DLL, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\SSC.EXE, Delete-on-Reboot, [1265], [391197],1.0.1958 PUP.Optional.SmartSystemCare, C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\common_desktop.gif, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\common_desktopscan.gif, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\Errorlog.txt, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\exlist.bin, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\Users\{username}\AppData\Roaming\Smart~System Care For {computername}\res.xml, Delete-on-Reboot, [1265], [399137],1.0.1958 PUP.Optional.SmartSystemCare, C:\PROGRAM FILES\SMART~SYSTEM CARE FOR {computername}\INTEROP.IWSHRUNTIMELIBRARY.DLL, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\x86\SQLite.Interop.dll, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\danish_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\Dutch_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\english_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\finish_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\French_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\german_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\HtmlRenderer.dll, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\HtmlRenderer.WinForms.dll, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\italian_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\japanese_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\langs.db, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\NAudio.dll, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\norwegian_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\portuguese_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\russian_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\spanish_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\ssc.exe.config, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\SSCContent.dll, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\swedish_iss.ini, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\unins000.dat, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\unins000.exe, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\Program Files\Smart~System Care for {computername}\unins000.msg, Delete-on-Reboot, [1265], [399138],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart~System Care for {computername}\Buy Smart~System Care.lnk, Delete-on-Reboot, [1265], [399140],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart~System Care for {computername}\Smart~System Care.lnk, Delete-on-Reboot, [1265], [399140],1.0.1958 PUP.Optional.SmartSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart~System Care for {computername}\Uninstall Smart~System Care.lnk, Delete-on-Reboot, [1265], [399140],1.0.1958 PUP.Optional.AdvancedPCCare, C:\USERS\{username}\APPDATA\ROAMING\FILEOPENERWINDOWS FOR {computername}\WFO.EXE.CONFIG, Delete-on-Reboot, [73], [379054],1.0.1958 PUP.Optional.AdvancedPCCare, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x64\SQLite.Interop.dll, Delete-on-Reboot, [73], [379054],1.0.1958 PUP.Optional.AdvancedPCCare, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x86\SQLite.Interop.dll, Delete-on-Reboot, [73], [379054],1.0.1958 PUP.Optional.AdvancedPCCare, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\langswfo.db, Delete-on-Reboot, [73], [379054],1.0.1958 PUP.Optional.AdvancedPCCare, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\System.Data.SQLite.DLL, Delete-on-Reboot, [73], [379054],1.0.1958 PUP.Optional.AdvancedPCCare, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\wfo.exe, Delete-on-Reboot, [73], [379054],1.0.1958 PUP.Optional.SmartSystemCare, C:\USERS\PUBLIC\DESKTOP\SMART~SYSTEM CARE.LNK, Delete-on-Reboot, [1265], [399139],1.0.1958 PUP.Optional.SmartSystemCare, C:\USERS\{username}\DESKTOP\SSCSETUPSITE.EXE, Delete-on-Reboot, [1265], [391197],1.0.1958 PUP.Optional.SmartSystemCare, C:\USERS\{username}\DESKTOP\INSTALLER.EXE, Delete-on-Reboot, [1265], [399130],1.0.1958 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 17
- - pup.optional.smartsystemcare
  - (855)-332-0124
  - (and 4 more)
    Tagged with:
    
    pup.optional.smartsystemcare
    
    (855)-332-0124
    
    1-855-332-0124
    
    pup.optional.windowsfileopener
    
    8553320124
    
    pup.optional.advancedpccare
Removal instructions for FileTour bundler

Metallica posted a topic in Malware Removal Self-Help Guides

What is FileTour bundler? The Malwarebytes research team has determined that FileTour bundler is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one changes your startpage, your seach provider and it also displays advertisements. How do I know if my computer is affected by FileTour bundler? You may see these warnings during install: these browser add-ons: these Scheduled Tasks: and you will see these icons in your startmenu, your taskbar, and on your desktop: and these changed settings: How did FileTour bundler get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove FileTour bundler? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of FileTour bundler? No, Malwarebytes removes FileTour bundler completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. You can remove the orphaned shortcuts from your desktop and taskbar. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the FileTour bundler hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: Internet Explorer Version 11 (Default browser: "C:\Users\{username}\AppData\Local\Amigo\Application\amigo.exe" -- "%1") (Mail.Ru) C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe (Mail.Ru) C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe (Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe HKCU\...\Run: [amigo] => C:\Users\{username}\AppData\Local\Amigo\Application\amigo.exe [930280 2017-04-14] (Mail.Ru) HKCU\...\Run: [MailRuUpdater] => C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe [4127960 2017-05-02] (Mail.Ru) SearchScopes: HKCU -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BC6C7DDCB-CC6B-4EE8-8E8A-E167FC9126F6%7D&gp=811041 SearchScopes: HKCU -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BC6C7DDCB-CC6B-4EE8-8E8A-E167FC9126F6%7D&gp=811041 BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-05-16] (Mail.Ru) FF DefaultSearchEngine: Поиск@Mail.Ru FF SelectedSearchEngine: Поиск@Mail.Ru FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000 FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B2E33D386-CDC8-43DB-9E30-5D1031D66797%7D&gp=811037 FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-04-24] [not signed] FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\{username}\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\searchplugins\mailru.xml [2017-05-16] FF Extension: Визуальные закладки @Mail.Ru - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-05-16] FF Extension: Домашняя страница Mail.Ru - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\Extensions\homepage@mail.ru [2017-05-16] FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-05-16] [not signed] CHR HomePage: Default -> mail.ru CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811040" CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BFB77DBBC-BA9F-4637-BCBB-EF4B7DC102E1%7D&gp=811041 CHR DefaultSearchKeyword: Default -> mail.ru CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms} CHR Extension: (Mail.Ru) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-05-16] CHR Extension: (Tampermonkey) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-16] CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\epgjfmblhacacphaljkdcjllkomdcjpc [2017-05-16] CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2017-05-16] CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [epgjfmblhacacphaljkdcjllkomdcjpc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx OPR Extension: (Tampermonkey) - C:\Users\{username}\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-16] R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2017-05-02] (Mail.Ru) R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4127960 2017-05-02] (Mail.Ru) C:\Windows\System32\Tasks\MailRuUpdater C:\Users\{username}\AppData\LocalLow\Unity C:\Users\{username}\AppData\Local\Unity C:\Program Files (x86)\Mail.Ru C:\Users\{username}\AppData\Local\Amigo C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk C:\Users\{username}\Desktop\Одноклассники.lnk C:\Users\{username}\Desktop\ВКонтакте.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk C:\Users\{username}\Desktop\Amigo.lnk C:\Users\{username}\AppData\Local\Mail.Ru C:\Windows\System32\Tasks\myblognewsorggasdsm C:\Users\{username}\Desktop\Искать в Интернете.url C:\ProgramData\Mail.Ru Amigo (HKCU\...\Amigo) (Version: 56.0.2924.180 - Mail.Ru) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS) Служба автоматического обновления программ (HKCU\...\MailRuUpdater) (Version: - Mail.Ru) Task: {9ED6C944-AF3E-49BC-B4AD-A0F000F1B665} - System32\Tasks\MailRuUpdater => C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe [2017-05-02] (Mail.Ru) Task: {B87AB81E-E396-4085-9579-71574BD845EF} - System32\Tasks\myblognewsorggasdsm => Firefox.exe myblognews.org/gasdsm ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035" ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035" FirewallRules: [{18D232AA-DB92-4287-B179-241A8283A45B}] => (Allow) C:\Users\{username}\AppData\Local\Amigo\Application\amigo.exe Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/16/17 Scan Time: 8:50 AM Logfile: mbamFileTour.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1950 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 331325 Time Elapsed: 3 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 3 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe, Quarantined, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe, Quarantined, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe, Quarantined, [989], [382901],1.0.1950 Module: 3 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe, Quarantined, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe, Quarantined, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe, Quarantined, [989], [382901],1.0.1950 Registry Key: 31 PUP.Optional.MailRu, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater.Mail.Ru, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mrupdsrv, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO.1, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8E8F97CD-60B5-456F-A201-73065652D099}, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MailRuUpdater, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.Amigo, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amigo, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\Mail.Ru, Delete-on-Reboot, [989], [386185],1.0.1950 PUP.Optional.Amigo, HKCU_Classes\AmigoHTML.W2HDI6XWEU6JI5QBIEKK3NDI2A, Delete-on-Reboot, [5010], [397071],1.0.1950 PUP.Optional.Amigo, HKCU\SOFTWARE\AMIGO, Delete-on-Reboot, [5010], [386187],1.0.1950 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\myblognewsorggasdsm, Delete-on-Reboot, [58], [377576],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Delete-on-Reboot, [989], [382913],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\Mail.Ru, Delete-on-Reboot, [989], [387290],1.0.1950 PUP.Optional.Amigo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\amigo.exe, Delete-on-Reboot, [5010], [386186],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Mail.Ru, Delete-on-Reboot, [989], [389765],1.0.1950 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B87AB81E-E396-4085-9579-71574BD845EF}, Delete-on-Reboot, [58], [377575],1.0.1950 Registry Value: 7 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MailRuUpdater, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.Amigo, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|amigo, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, HKCU\SOFTWARE\AMIGO|NAME, Delete-on-Reboot, [5010], [386187],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, Delete-on-Reboot, [989], [382913],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, Delete-on-Reboot, [989], [382913],1.0.1950 PUP.Optional.MailRu, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, Delete-on-Reboot, [989], [382913],1.0.1950 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B87AB81E-E396-4085-9579-71574BD845EF}|PATH, Delete-on-Reboot, [58], [377575],1.0.1950 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 62 PUP.Optional.MailRu, C:\PROGRAMDATA\Mail.Ru, Delete-on-Reboot, [989], [384139],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\Update Service, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\MailRuUpdater, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\PROGRAM FILES (X86)\Mail.Ru, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\GoChromiumNativeHost, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik\ptls, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\LOCAL\Mail.Ru, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\META-INF, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\content, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\skin, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\homepage@mail.ru, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\lib, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\{A38384B3-2D1D-4F36-BC22-0F7AE402BCD7}, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\_platform_specific\win_x86, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\_platform_specific, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\VisualElements, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\PepperFlash, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Extensions, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Installer, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Crashpad\reports, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\SetupMetrics, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\amigo_safe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Crashpad, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\APPDATA\LOCAL\AMIGO, Delete-on-Reboot, [5010], [386181],1.0.1950 File: 300 PUP.Optional.MailRu, C:\ProgramData\Mail.Ru\Id, Delete-on-Reboot, [989], [384139],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe, Delete-on-Reboot, [989], [384138],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\GoChromiumNativeHost\manifest.json, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\GoChromiumNativeHost\native_host_app.exe, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\Sputnik\MailRu.ico, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\GoMailRu.ico, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\MailRuUpdater.exe, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Local\Mail.Ru\mrkeeper.exe, Delete-on-Reboot, [989], [382901],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\content\fx-metrics.js, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\content\loader.js, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\META-INF\manifest.mf, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\META-INF\mozilla.rsa, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\META-INF\mozilla.sf, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\skin\mail48.png, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\bootstrap.js, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\chrome.manifest, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\homepage@mail.ru\install.rdf, Delete-on-Reboot, [989], [382902],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.html, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\background.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\background\modules.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\customScrollbar.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\dialog.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\general.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\grid.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\informers.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\menu.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\news.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\searchbar.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\slide.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\splash.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\suggests.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\tabs.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\css\themes.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\dialog\close.v2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-1.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\exchange\exchange-3.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\traffic\informers__traffic-jam.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\01.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\02.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\03.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\04.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\05.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\06.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\07.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\08.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\09.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\10.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\informers\weather\11.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-1.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-3.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\menu__item\menu__item-4.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete-hover.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit-hover.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-1.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-10.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-11.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-13.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-3.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-4.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-5.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-6.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-7.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-8.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\body__bg-9.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\leather.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\wood_2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_cookies.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_fabric.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_flax.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_mosaic.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\preview\_wall.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-1.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-10.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-11.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-13.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-3.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-4.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-5.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-6.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-7.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-8.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\body__bg-9.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\cookies.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\fabric.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\flax.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\leather.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\mosaic.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-left.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__arrow-right.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-ok.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-wrong.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wall.jpg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\themes\wood_2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\calendar.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\games.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\news.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\torg.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\thumbnails\travel.mail.ru.jpeg, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\01.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\02.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\03.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\04.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\05.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\06.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\07.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\08.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\09.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\10.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\weather\11.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loading.gif, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\128x128.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\16x16.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\48x48.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\add_button.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\ajax_loader_mc.gif, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\clock.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\close.v2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\cross.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\favicon.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\leftright.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\loader.gif, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\logo_bg.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\multiauth.gif, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\no_photo.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\p-main_sub__gradient.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\pane-arrow.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\reg1.bg.v2.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\searchbar__button.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\search_bg.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\sgmus.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\images\slider-arrow.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\file-system.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\jquery-core.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\sqliteStorage.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\application_core\visibleTab.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\config\config.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery-ui.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\jquery.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\knockout-2.2.1.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\libs\suggests.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\drag_drop.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\edit-dialog.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\layout.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\remove-dialog.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\bookmarks\updates.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\currency.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\geo-monitoring.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\mail-counter.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\news.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\odnoklassniki-counter.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\searchbar.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\themes.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\traffic.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\modules\weather.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\informer.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\pane.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\slider.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\proto\tab-strip.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\sandbox\facade.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\utils\utils.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\google-analytics.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\js\main.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\manifest.json, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\visual-bookmarks\visual-bookmarks.html, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\fx-metrics.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\loader.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\main.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\newtabhomepage.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\overlay.xul, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\content\Utils.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU\vbmail.dtd, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\locale\ru-RU\vbmail.properties, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\overlay.css, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome\skin\vb-logo.png, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\lib\version.js, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\manifest.mf, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\mozilla.rsa, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\META-INF\mozilla.sf, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\chrome.manifest, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}\install.rdf, Delete-on-Reboot, [989], [382903],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAIL.RU.LNK, Delete-on-Reboot, [989], [384473],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [989], [382917],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [989], [382918],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\AMIGO.LNK, Delete-on-Reboot, [5010], [386182],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AMIGO.LNK, Delete-on-Reboot, [5010], [386183],1.0.1950 Adware.FileTour, C:\USERS\{username}\DESKTOP\INSTALL.EXE, Delete-on-Reboot, [240], [398852],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\DESKTOP\AMIGO.LNK, Delete-on-Reboot, [5010], [386184],1.0.1950 PUP.Optional.Amigo, C:\USERS\{username}\APPDATA\LOCAL\AMIGO\APPLICATION\MAIL.ICO, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Extensions\external_extensions.json, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Installer\chrome.7z, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Installer\setup.exe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\hi.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\am.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ar.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\bg.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\bn.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ca.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\cs.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\da.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\de.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\el.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\en-GB.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\en-US.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\es-419.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\es.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\et.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\fa.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\fi.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\fil.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\fr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\gu.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\he.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\hr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\hu.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\id.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\it.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ja.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\kn.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ko.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\lt.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\lv.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ml.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\mr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ms.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\nb.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\nl.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\pl.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\pt-BR.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\pt-PT.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ro.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ru.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sk.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sl.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sv.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\sw.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\ta.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\te.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\th.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\tr.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\uk.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\vi.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\zh-CN.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\Locales\zh-TW.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\PepperFlash\manifest.json, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\PepperFlash\pepflashplayer.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\VisualElements\logo.png, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\VisualElements\smalllogo.png, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\_platform_specific\win_x86\widevinecdm.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\WidevineCdm\manifest.json, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\56.0.2924.180.manifest, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\amigo_resources.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_100_percent.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_200_percent.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_child.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_elf.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\chrome_watcher.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\d3dcompiler_47.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\icudtl.dat, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\libegl.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\libglesv2.dll, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\nacl64.exe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\nacl_irt_x86_32.nexe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\nacl_irt_x86_64.nexe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\natives_blob.bin, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\resources.pak, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\56.0.2924.180\snapshot_blob.bin, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\SetupMetrics\20170516083700.pma, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\amigo.exe, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\amigo.VisualElementsManifest.xml, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\mg.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\mm.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\music.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\ok.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\Application\vk.ico, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Crashpad\metadata, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Crashpad\settings.dat, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\data_0, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\data_1, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\data_2, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\data_3, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\ShaderCache\GPUCache\index, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\CrashpadMetrics.pma, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.Amigo, C:\Users\{username}\AppData\Local\Amigo\User Data\Local State, Delete-on-Reboot, [5010], [386181],1.0.1950 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\myblognewsorggasdsm, Delete-on-Reboot, [58], [380721],1.0.1950 PUP.Optional.MailRu, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\SEARCHPLUGINS\MAILRU.XML, Delete-on-Reboot, [989], [384856],1.0.1950 PUP.Optional.MailRu.Generic, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\MAIL.RU.LNK, Delete-on-Reboot, [9048], [385023],1.0.1950 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 16
- - adware.filetour
  - pup.optional.mailru
  - (and 2 more)
    Tagged with:
    
    adware.filetour
    
    pup.optional.mailru
    
    pup.optional.amigo
    
    pup.optional.startpage
Removal instructions for Watchdog PC Cleaner

Metallica posted a topic in Malware Removal Self-Help Guides

What is Watchdog PC Cleaner? The Malwarebytes research team has determined that Watchdog PC Cleaner is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Watchdog PC Cleaner? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar, your startmenu, and on your desktop: and see these warnings during install: and this screen when you try to fix the found "problems": You may see this entry in your list of installed programs: and this task in your list of Scheduled Tasks: How did Watchdog PC Cleaner get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Watchdog PC Cleaner? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Watchdog PC Cleaner? No, Malwarebytes removes Watchdog PC Cleaner completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Watchdog PC Cleaner installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (Watchdog Development) C:\Program Files (x86)\Watchdog PC Cleaner\WatchdogPCCleaner.exe C:\Users\{username}\Documents\WatchdogPCCleaner C:\Windows\System32\Tasks\WatchdogPCCleaner_Start C:\Users\{username}\Desktop\Watchdog PC Cleaner.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Watchdog PC Cleaner C:\Users\{username}\AppData\Local\Watchdog_Development C:\Program Files (x86)\Watchdog PC Cleaner Watchdog PC Cleaner (HKLM-x32\...\Watchdog PC Cleaner) (Version: 3.1.5 - Watchdog Development) Task: {C6AEB041-8962-47CF-A8AF-9BA875DFDF13} - System32\Tasks\WatchdogPCCleaner_Start => C:\Program Files (x86)\Watchdog PC Cleaner\WatchdogPCCleaner.exe [2017-02-09] (Watchdog Development) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Watchdog PC Cleaner Adds the file ComponentFactory.Krypton.Toolkit.dll"="8/17/2016 8:02 AM, 2667520 bytes, A Adds the file DeepClean.dll"="2/9/2017 3:43 PM, 157184 bytes, A Adds the file DeepClean.dll.config"="8/17/2016 8:02 AM, 227 bytes, A Adds the file InstAct.exe"="2/9/2017 3:44 PM, 34664 bytes, A Adds the file InstAct.exe.config"="8/17/2016 8:02 AM, 224 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="2/9/2017 3:43 PM, 49152 bytes, A Adds the file Interop.Shell32.dll"="2/9/2017 3:43 PM, 49152 bytes, A Adds the file LinqBridge.dll"="8/17/2016 8:02 AM, 62976 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="8/17/2016 8:02 AM, 322560 bytes, A Adds the file mlogger.log"="5/15/2017 9:20 AM, 163 bytes, A Adds the file ObjectListView.dll"="2/9/2017 3:43 PM, 414720 bytes, A Adds the file Push.exe"="2/9/2017 3:44 PM, 25448 bytes, A Adds the file Push.exe.config"="12/12/2016 7:24 AM, 224 bytes, A Adds the file Setup.dll"="2/9/2017 3:43 PM, 92160 bytes, A Adds the file Setup.dll.config"="8/17/2016 8:02 AM, 227 bytes, A Adds the file Splash.exe"="2/9/2017 3:44 PM, 294248 bytes, A Adds the file Splash.exe.config"="8/17/2016 8:02 AM, 224 bytes, A Adds the file SQLite.Interop.dll"="8/17/2016 8:02 AM, 811008 bytes, A Adds the file System.Data.SQLite.dll"="8/17/2016 8:02 AM, 262144 bytes, A Adds the file uninstall.exe"="2/9/2017 3:45 PM, 199280 bytes, A Adds the file updater.exe"="2/9/2017 3:44 PM, 507240 bytes, A Adds the file updater.ini"="5/15/2017 9:20 AM, 402 bytes, A Adds the file WatchdogPCCleaner.exe"="2/9/2017 3:44 PM, 2780008 bytes, A Adds the file WatchdogPCCleaner.exe.config"="2/3/2017 3:44 PM, 6717 bytes, A Adds the folder C:\Program Files (x86)\Watchdog PC Cleaner\ar Adds the file Splash.resources.dll"="2/9/2017 3:43 PM, 5632 bytes, A Adds the file WatchdogPCCleaner.resources.dll"="2/9/2017 3:43 PM, 74240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Watchdog_Development\WatchdogPCCleaner.exe_Url_gf24w31b1skug3l5aku0hdmvykcuvwa5\3.1.5.0 Adds the file user.config"="5/15/2017 9:22 AM, 1086 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Watchdog PC Cleaner Adds the file Uninstall Watchdog PC Cleaner.lnk"="5/15/2017 9:20 AM, 906 bytes, A Adds the file Watchdog PC Cleaner.lnk"="5/15/2017 9:20 AM, 1165 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file Watchdog PC Cleaner.lnk"="5/15/2017 9:20 AM, 1129 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file WatchdogPCCleaner_Start"="5/15/2017 9:20 AM, 3242 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Watchdog PC Cleaner] " "="REG_SZ", "C:\Program Files (x86)\Watchdog PC Cleaner\WatchdogPCCleaner.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Watchdog PC Cleaner] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Watchdog PC Cleaner\WatchdogPCCleaner.exe" "DisplayName"="REG_SZ", "Watchdog PC Cleaner" "DisplayVersion"="REG_SZ", "3.1.5" "EstimatedSize"="REG_DWORD", 10392 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Watchdog Development" "QuietUninstallString"="REG_SZ", "C:\Program Files (x86)\Watchdog PC Cleaner\uninstall.exe /S" "UninstallString"="REG_SZ", "C:\Program Files (x86)\Watchdog PC Cleaner\uninstall.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Watchdog Development\Watchdog PC Cleaner] "Path"="REG_SZ", "C:\Program Files (x86)\Watchdog PC Cleaner" "Version"="REG_SZ", "3.1.5" [HKEY_CURRENT_USER\Software\Watchdog Development\Watchdog PC Cleaner] "Custom1"="REG_DWORD", 0 "Custom2"="REG_DWORD", 0 "ResName"="REG_SZ", "Regular" [HKEY_CURRENT_USER\Software\WatchdogPCCleanerLanguage] "lang"="REG_SZ", "en" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/15/17 Scan Time: 9:31 AM Logfile: mbamWatchdogPCCleaner.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1940 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330957 Time Elapsed: 1 min, 30 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\WatchdogPCCleaner.exe, Quarantined, [983], [396373],1.0.1940 Module: 1 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\WatchdogPCCleaner.exe, Quarantined, [983], [396373],1.0.1940 Registry Key: 9 PUP.Optional.WatchDogPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Watchdog PC Cleaner, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Watchdog PC Cleaner, Delete-on-Reboot, [983], [396379],1.0.1940 PUP.Optional.WatchDogPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WatchdogPCCleaner_RASAPI32, Delete-on-Reboot, [983], [396380],1.0.1940 PUP.Optional.WatchDogPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WatchdogPCCleaner_RASMANCS, Delete-on-Reboot, [983], [396380],1.0.1940 PUP.Optional.WatchDogPCCleaner, HKLM\SOFTWARE\WOW6432NODE\WATCHDOG DEVELOPMENT\Watchdog PC Cleaner, Delete-on-Reboot, [983], [396382],1.0.1940 PUP.Optional.WatchDogPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Watchdog PC Cleaner, Delete-on-Reboot, [983], [396379],1.0.1940 PUP.Optional.WatchDogPCCleaner, HKCU\SOFTWARE\WATCHDOG DEVELOPMENT\Watchdog PC Cleaner, Delete-on-Reboot, [983], [396384],1.0.1940 PUP.Optional.WatchDogPCCleaner, HKCU\SOFTWARE\WatchdogPCCleanerConfig, Delete-on-Reboot, [983], [396385],1.0.1940 PUP.Optional.WatchDogPCCleaner, HKCU\SOFTWARE\WatchdogPCCleanerLanguage, Delete-on-Reboot, [983], [396385],1.0.1940 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 25 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\bs-Cyrl-BA, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\bs-Latn-BA, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sr-Cyrl-RS, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sr-Latn-RS, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\fil-PH, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\hr-HR, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\se-FI, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\th-TH, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\tr-TR, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ar, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\da, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\de, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\es, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\fr, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\he, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\it, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ja, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\nl, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\no, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\pl, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\pt, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ru, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sv, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\PROGRAM FILES (X86)\Watchdog PC Cleaner, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\USERS\{username}\DOCUMENTS\WATCHDOGPCCLEANER, Delete-on-Reboot, [983], [397447],1.0.1940 File: 79 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ar\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ar\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\bs-Cyrl-BA\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\bs-Cyrl-BA\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\bs-Latn-BA\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\bs-Latn-BA\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\da\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\da\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\de\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\de\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\es\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\es\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\fil-PH\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\fil-PH\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\fr\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\fr\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\he\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\he\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\hr-HR\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\hr-HR\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\it\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\it\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ja\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ja\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\nl\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\nl\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\no\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\no\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\pl\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\pl\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\pt\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\pt\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ru\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ru\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\se-FI\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\se-FI\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sr-Cyrl-RS\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sr-Cyrl-RS\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sr-Latn-RS\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sr-Latn-RS\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sv\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\sv\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\th-TH\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\th-TH\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\tr-TR\Splash.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\tr-TR\WatchdogPCCleaner.resources.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ComponentFactory.Krypton.Toolkit.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\DeepClean.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\DeepClean.dll.config, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\InstAct.exe, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\InstAct.exe.config, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Interop.Shell32.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\LinqBridge.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\mlogger.log, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\ObjectListView.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Push.exe, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Push.exe.config, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Setup.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Setup.dll.config, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Splash.exe, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\Splash.exe.config, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\SQLite.Interop.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\System.Data.SQLite.dll, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\uninstall.exe, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\updater.exe, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\updater.ini, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\WatchdogPCCleaner.exe, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Program Files (x86)\Watchdog PC Cleaner\WatchdogPCCleaner.exe.config, Delete-on-Reboot, [983], [396373],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Users\{username}\Documents\WatchdogPCCleaner\errors, Delete-on-Reboot, [983], [397447],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Users\{username}\Documents\WatchdogPCCleaner\errors_data, Delete-on-Reboot, [983], [397447],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Users\{username}\Documents\WatchdogPCCleaner\fileerrors, Delete-on-Reboot, [983], [397447],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Users\{username}\Documents\WatchdogPCCleaner\fileerrors_data, Delete-on-Reboot, [983], [397447],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Users\{username}\Documents\WatchdogPCCleaner\log.txt, Delete-on-Reboot, [983], [397447],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\Users\{username}\Documents\WatchdogPCCleaner\logerror.txt, Delete-on-Reboot, [983], [397447],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\USERS\{username}\DESKTOP\WATCHDOG.PCCLEANER.SETUP.EXE, Delete-on-Reboot, [983], [396376],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\USERS\{username}\DESKTOP\WATCHDOG PC CLEANER.LNK, Delete-on-Reboot, [983], [396375],1.0.1940 PUP.Optional.WatchDogPCCleaner, C:\WINDOWS\SYSTEM32\TASKS\WatchdogPCCleaner_Start, Delete-on-Reboot, [983], [396377],1.0.1940 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 15
- - pup.optional.watchdogpccleaner
  - 1-888-488-7532
  - (and 1 more)
    Tagged with:
    
    pup.optional.watchdogpccleaner
    
    1-888-488-7532
    
    watchdog development
Removal instructions for MyCleanPC

Metallica posted a topic in Malware Removal Self-Help Guides

What is MyCleanPC? The Malwarebytes research team has determined that MyCleanPC is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with MyCleanPC? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and on your desktop: and see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: and these Scheduled Tasks: How did MyCleanPC get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove MyCleanPC? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MyCleanPC? No, Malwarebytes removes MyCleanPC completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the MyCleanPC installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for experts You may see these entries in FRST logs: (USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\MCPPCO\ustpcopt.exe (USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOPrivacyProtector.exe (USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOSystemCleaner.exe (USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCO_RC.exe (USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODiskOptimizer.exe (USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODefragSrv64.exe R2 USTSPCODiskOptimizer; C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODefragSrv64.exe [2266680 2017-04-27] (USTechSupport, LLC (www.ustechsupport.com)) C:\Windows\System32\Tasks\USTSPCO-USTSPCOOneClickCare C:\Windows\System32\Tasks\MyCleanPC PC Optimizer C:\Windows\System32\Tasks\LAUNCH CDPCO C:\Windows\Tasks\USTSPCO-USTSPCOOneClickCare.job C:\Users\{username}\AppData\Roaming\USTechSupport C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC C:\Program Files (x86)\USTechSupport C:\ProgramData\USTechSupport MyCleanPC PC Optimizer (HKLM-x32\...\{1EBF37B1-7B87-43C8-9DB7-11AD9920E948}_is1) (Version: - USTechSupport) Task: {B51F4334-7FD9-43CA-88CB-CF81BF314C14} - System32\Tasks\MyCleanPC PC Optimizer => C:\Program Files (x86)\USTechSupport\MCPPCO\ustpcopt.exe [2017-04-27] (USTechSupport, LLC (www.ustechsupport.com)) Task: {C1182FB3-D4A8-4D35-A7F9-2E08C426CFA6} - System32\Tasks\LAUNCH CDPCO => C:\Program Files (x86)\USTechSupport\MCPPCO\ustpcopt.exe [2017-04-27] (USTechSupport, LLC (www.ustechsupport.com)) Task: {C83AA56C-CBAF-45F3-B6F0-E8BB7E947A01} - System32\Tasks\USTSPCO-USTSPCOOneClickCare => C:\Program Files (x86)\USTechSupport\MCPPCO\ustpcopt.exe [2017-04-27] (USTechSupport, LLC (www.ustechsupport.com)) Task: C:\Windows\Tasks\USTSPCO-USTSPCOOneClickCare.job => C:\Program Files (x86)\USTechSupport\MCPPCO\ustpcopt.exe () C:\Program Files (x86)\USTechSupport\MCPPCO\asohtm.dll () C:\Program Files (x86)\USTechSupport\MCPPCO\sqlite3.dll Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\USTechSupport\MCPPCO Adds the file 1.ico"="6/12/2012 3:36 PM, 101257 bytes, A Adds the file 2.ico"="6/21/2012 11:11 AM, 163279 bytes, A Adds the file 3.ico"="6/21/2012 11:26 AM, 120755 bytes, A Adds the file 4.ico"="10/2/2012 5:47 PM, 302312 bytes, A Adds the file 5.ico"="5/17/2013 1:28 PM, 49770 bytes, A Adds the file 6.ico"="8/26/2013 10:51 AM, 58438 bytes, A Adds the file ASEng.dll"="4/27/2017 5:59 AM, 1761336 bytes, A Adds the file AsInvoker.exe"="4/27/2017 5:59 AM, 226360 bytes, A Adds the file aso.ini"="4/7/2017 1:02 PM, 98132 bytes, A Adds the file asohtm.dll"="4/27/2017 5:59 AM, 335416 bytes, A Adds the file asores.dll"="4/27/2017 5:59 AM, 8521784 bytes, A Adds the file atl100.dll"="2/28/2014 6:10 PM, 138056 bytes, A Adds the file checkupdate.ini"="4/6/2017 11:46 AM, 6208 bytes, A Adds the file client.ini"="4/6/2017 11:47 AM, 68608 bytes, A Adds the file DiskOpt.ini"="4/6/2017 11:46 AM, 10151 bytes, A Adds the file Downloader.dll"="4/27/2017 5:59 AM, 81464 bytes, A Adds the file FileList.pcp"="12/1/2015 6:17 PM, 13612 bytes, A Adds the file HighestAvailable.exe"="4/27/2017 5:59 AM, 251448 bytes, A Adds the file mfc100chs.dll"="2/28/2014 6:10 PM, 36176 bytes, A Adds the file mfc100cht.dll"="2/28/2014 6:10 PM, 36176 bytes, A Adds the file mfc100deu.dll"="2/28/2014 6:10 PM, 64336 bytes, A Adds the file mfc100enu.dll"="2/28/2014 6:10 PM, 55120 bytes, A Adds the file mfc100esn.dll"="2/28/2014 6:10 PM, 63824 bytes, A Adds the file mfc100fra.dll"="2/28/2014 6:10 PM, 64336 bytes, A Adds the file mfc100ita.dll"="2/28/2014 6:10 PM, 62288 bytes, A Adds the file mfc100jpn.dll"="2/28/2014 6:10 PM, 43856 bytes, A Adds the file mfc100kor.dll"="2/28/2014 6:10 PM, 43344 bytes, A Adds the file mfc100rus.dll"="2/28/2014 6:10 PM, 60752 bytes, A Adds the file mfc100u.dll"="2/28/2014 6:10 PM, 4422992 bytes, A Adds the file Microsoft.VC90.ATL.manifest"="2/28/2014 6:10 PM, 353 bytes, A Adds the file Microsoft.VC90.CRT.manifest"="2/28/2014 6:10 PM, 391 bytes, A Adds the file Microsoft.VC90.MFC.manifest"="2/28/2014 6:10 PM, 349 bytes, A Adds the file Microsoft.VC90.MFCLOC.manifest"="2/28/2014 6:10 PM, 670 bytes, A Adds the file msvcp100.dll"="2/28/2014 6:10 PM, 421200 bytes, A Adds the file msvcr100.dll"="2/28/2014 6:10 PM, 773968 bytes, A Adds the file privprotector.ini"="4/6/2017 11:53 AM, 22225 bytes, A Adds the file regclean.ini"="4/29/2016 5:52 PM, 42649 bytes, A Adds the file RegList.pcp"="12/1/2015 6:16 PM, 92210 bytes, A Adds the file regopt.ini"="4/29/2016 5:52 PM, 6690 bytes, A Adds the file RequireAdministrator.exe"="4/27/2017 5:59 AM, 226360 bytes, A Adds the file sqlite3.dll"="4/27/2017 5:59 AM, 578000 bytes, A Adds the file sysclean.ini"="4/6/2017 11:53 AM, 12334 bytes, A Adds the file sysfilebackres.ini"="4/29/2016 5:52 PM, 12944 bytes, A Adds the file unins000.dat"="5/12/2017 11:56 AM, 63749 bytes, A Adds the file unins000.exe"="5/12/2017 11:56 AM, 1287736 bytes, A Adds the file unins000.msg"="5/12/2017 11:56 AM, 22701 bytes, A Adds the file unrar.dll"="4/27/2017 5:59 AM, 184376 bytes, A Adds the file ustpcopt.exe"="4/27/2017 5:59 AM, 11655224 bytes, A Adds the file USTSPCO_RC.exe"="4/27/2017 5:59 AM, 995384 bytes, A Adds the file USTSPCOCheckUpdate.exe"="4/27/2017 5:59 AM, 3263032 bytes, A Adds the file USTSPCODefragSrv.exe"="4/27/2017 5:59 AM, 1678392 bytes, A Adds the file USTSPCODefragSrv64.exe"="4/27/2017 5:59 AM, 2266680 bytes, A Adds the file USTSPCODiskOptimizer.exe"="4/27/2017 5:59 AM, 309304 bytes, A Adds the file USTSPCOHelper.dll"="4/27/2017 5:59 AM, 938040 bytes, A Adds the file USTSPCOPrivacyProtector.exe"="4/27/2017 5:59 AM, 1563704 bytes, A Adds the file USTSPCOsys.dll"="4/7/2017 5:33 PM, 2363392 bytes, A Adds the file USTSPCOSysFileBakRes.exe"="4/27/2017 5:59 AM, 598584 bytes, A Adds the file USTSPCOSystemCleaner.exe"="4/27/2017 5:59 AM, 1487416 bytes, A Adds the file xmllite.dll"="4/27/2017 5:59 AM, 142904 bytes, A Adds the file zlibwapi.dll"="4/27/2017 5:59 AM, 130616 bytes, A Adds the folder C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport Adds the file footer_left.jpg"="6/19/2012 12:02 PM, 13605 bytes, A Adds the file footer_middle.jpg"="6/19/2012 12:02 PM, 10048 bytes, A Adds the file footer_right.jpg"="6/19/2012 12:02 PM, 13629 bytes, A Adds the file left_border.jpg"="6/19/2012 12:02 PM, 13367 bytes, A Adds the file line3px_Blue.jpg"="6/19/2012 12:02 PM, 11194 bytes, A Adds the file Report_header_left_image.jpg"="6/19/2012 12:03 PM, 14693 bytes, A Adds the file Report_header_leftText.jpg"="6/19/2012 12:02 PM, 16078 bytes, A Adds the file Report_header_top_middle.jpg"="6/19/2012 12:02 PM, 9915 bytes, A Adds the file Report_header_top_right.jpg"="6/19/2012 12:02 PM, 15608 bytes, A Adds the file right_border.jpg"="6/19/2012 12:03 PM, 13367 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC\PC Optimizer Adds the file MyCleanPC PC Optimizer.lnk"="5/12/2017 11:56 AM, 1321 bytes, A Adds the file Uninstall MyCleanPC PC Optimizer.lnk"="5/12/2017 11:56 AM, 1275 bytes, A Adds the folder C:\ProgramData\USTechSupport\Log Adds the file MyCleanPC_CustomerSupport.log"="5/12/2017 11:55 AM, 0 bytes, A Adds the file MyCleanPC_Debug.log"="5/12/2017 11:56 AM, 12793 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer\Checking for Updates\AppUpdates Adds the file LatestVersion.htm"="5/12/2017 11:57 AM, 112 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer\Registry Cleaner Adds the file log_05-12-2017.log"="5/12/2017 11:59 AM, 0 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file MyCleanPC PC Optimizer.lnk"="5/12/2017 11:56 AM, 1251 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file LAUNCH CDPCO"="5/12/2017 11:57 AM, 2992 bytes, A Adds the file MyCleanPC PC Optimizer"="5/12/2017 11:57 AM, 3156 bytes, A Adds the file USTSPCO-USTSPCOOneClickCare"="5/12/2017 11:57 AM, 3318 bytes, A In the existing folder C:\Windows\Tasks Adds the file USTSPCO-USTSPCOOneClickCare.job"="5/12/2017 11:57 AM, 440 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}] "(Default)"="REG_SZ", "SystemDataCollectorSetCollection" "AppID"="REG_SZ", "{03837503-098b-11d8-9414-505054503030}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\AmrnI] "(Default)"="REG_SZ", "SMezUUSyjStZ_rb]ZDNu" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\InprocServer32] "(Default)"="REG_EXPAND_SZ, "%SystemRoot%\SysWow64\pla.dll" "ThreadingModel"="REG_SZ", "both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\jwVpm] "(Default)"="REG_SZ", "H@|KwH_^jS{HtbePyN" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\kmnSjq] "(Default)"="REG_SZ", "~AplgvEJJNBz\Szq]" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\LocalServer32] "(Default)"="REG_EXPAND_SZ, "%SystemRoot%\SysWow64\plasrv.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\ltgnMhnxkq] "(Default)"="REG_SZ", "]ShwmM]W{W_aM`}g\jAgN\XtJVwV]\US" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\MkcecI] "(Default)"="REG_SZ", "NCRj\TjIRNZ`m{Xz" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\ProgID] "(Default)"="REG_SZ", "PLA.SystemDataCollectorSetCollection.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\RVKgpjt] "(Default)"="REG_SZ", "ppBR]_KP]{uoWIYOsC" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\smpoD] "(Default)"="REG_SZ", "rasyZYYLOhImHLzHFTcd|DP" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\TypeLib] "(Default)"="REG_SZ", "{03837500-098B-11D8-9414-505054503030}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\uswm] "(Default)"="REG_SZ", "gIMuf[~~FopEacPpr`D" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\Version] "(Default)"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\VersionIndependentProgID] "(Default)"="REG_SZ", "PLA.SystemDataCollectorSetCollection" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}\zrez] "(Default)"="REG_SZ", "{hVh`oQRlU~WRBveLPb\hSB^vIn[T" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "USTSPCO-USTSPCOOneClickCare.job"="REG_BINARY, ................................ "USTSPCO-USTSPCOOneClickCare.job.fp"="REG_DWORD", -1758608122 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EBF37B1-7B87-43C8-9DB7-11AD9920E948}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\USTechSupport\MCPPCO\1.ico" "DisplayName"="REG_SZ", "MyCleanPC PC Optimizer" "EstimatedSize"="REG_DWORD", 178384 "HelpLink"="REG_SZ", "http://www.ustechsupport.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\USTechSupport\MCPPCO" "Inno Setup: Icon Group"="REG_SZ", "USTechSupport\MCPPCO" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170512" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\USTechSupport\MCPPCO\" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "USTechSupport" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\USTechSupport\MCPPCO\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\USTechSupport\MCPPCO\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.ustechsupport.com/" "URLUpdateInfo"="REG_SZ", "http://www.ustechsupport.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\USTechSupport\PC Optimizer] "Brand"="REG_SZ", "mcp" "Campaign"="REG_SZ", "mcp_sem_023" "InstallDate"="REG_SZ", "05-12-2017 11:56 am" "InstalledPath"="REG_SZ", "C:\Program Files (x86)\USTechSupport\MCPPCO" "InstalledSuccessfully"="REG_DWORD", 1 "InstallerVersion"="REG_SZ", "1.0.9.0" "InstallPath"="REG_SZ", "<CSIDL_PROGRAMFILES>\USTechSupport\PC Optimizer" "PurchaseURL"="REG_SZ", "https://shop.ustechsupport.com/carts/?sc=mcp_sem_023&pr=pco&sid=b677a010-11c0-0135-4d30-0e794138efc0" "SessionId"="REG_SZ", "b677a010-11c0-0135-4d30-0e794138efc0" "SKU"="REG_SZ", "pcof" "SupportPhoneNumber"="REG_SZ", "(888) 590-8910" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\USTechSupport\PC Optimizer\LANG] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USTSPCODiskOptimizer] "DisplayName"="REG_SZ", "USTSPCODiskOptimizer" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODefragSrv64.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\Disk Defrag\C] [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\LANG] "LangID"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\MyCleanPC PC Optimizer] "FirstRunASO"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\MyCleanPC PC Optimizer\OneClick] "chkAntispyware"="REG_DWORD", 0 "chkDiskDefrag"="REG_DWORD", 1 "chkDriverupdater"="REG_DWORD", 0 "chkJunkFileCleaner"="REG_DWORD", 1 "chkPrivacyProtector"="REG_DWORD", 1 "chkRegClean"="REG_DWORD", 1 "chkRegOptimizer"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\MyCleanPC PC Optimizer\Scheduler\OneClick] "chkAntispyware"="REG_DWORD", 0 "chkAutoShutDown"="REG_DWORD", 0 "chkDiskDefrag"="REG_DWORD", 1 "chkDriverupdater"="REG_DWORD", 0 "chkFixErrorsAuto"="REG_DWORD", 0 "chkJunkFileCleaner"="REG_DWORD", 1 "chkPrivacyProtector"="REG_DWORD", 1 "chkRegClean"="REG_DWORD", 1 "chkRegOptimizer"="REG_DWORD", 1 "chkScheduleSPC"="REG_DWORD", 1 "cmbDay"="REG_DWORD", 5 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\MyCleanPC PC Optimizer\SPC_RESULTS] "Disk Optimizer"="REG_DWORD", 0 "Privacy Protector"="REG_DWORD", 264 "Registry Cleaner"="REG_DWORD", 2 "Registry Optimizer"="REG_DWORD", 0 "System Cleaner"="REG_DWORD", 464 "TotalErrors"="REG_DWORD", 730 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\OneClickCure\Privacy Protector] [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\OneClickCure\PrivPro] "SCANFINISHED"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\OneClickCure\Registry Cleaner] [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\OneClickCure\System Cleaner] [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\OneclickLastScanDetailsPath] "USTSPCO_RC.exe"="REG_DWORD", 2 "USTSPCOPrivacyProtector.exe"="REG_DWORD", 264 "USTSPCOSystemCleaner.exe"="REG_DWORD", 464 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\Privacy Protector] "LastActionStatus"="REG_SZ", "scan" "LastPPCleanDate"="REG_SZ", "Not Performed Yet" "LastPPFileClean_Size"="REG_SZ", "0 Bytes" "LastPPScanDate"="REG_SZ", "12.05.2017 11:57:30 AM" "LastPPScanFileSize"="REG_SZ", "28.66 MB" "LastPPTotalFileCleaned"="REG_DWORD", 0 "LastPPTotalFileFound"="REG_DWORD", 264 "TotalItemClean_InTrial"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\Privacy Protector\PrivacyApplication] "bFBrohis"="REG_DWORD", 1 "bFcache"="REG_DWORD", 1 "bFcookies"="REG_DWORD", 0 "bOcache"="REG_DWORD", 1 "bOcookies"="REG_DWORD", 1 "bOhisofvissit"="REG_DWORD", 0 "bOHistypaddbar"="REG_DWORD", 1 "googlechrome_Cache"="REG_DWORD", 1 "googlechrome_Cookies"="REG_DWORD", 1 "googlechrome_History"="REG_DWORD", 1 "googlechrome_VisitedLinks"="REG_DWORD", 0 "ie8_AddBarHistory"="REG_DWORD", 0 "ie8_Cookies"="REG_DWORD", 1 "ie8_HistoryVS"="REG_DWORD", 1 "ie8_TempIntFileFolder"="REG_DWORD", 1 "wComdiahis"="REG_DWORD", 0 "wDochis"="REG_DWORD", 0 "wFlushrecyclebin"="REG_DWORD", 0 "wMspanrecfillis"="REG_DWORD", 0 "wRuncmdhis"="REG_DWORD", 1 "wWorrecfillis"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\Registry Cleaner] "RegErrsFixedLast"="REG_DWORD", 0 "StrLastScanResults"="REG_SZ", "2" [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\ScanStatusForLauncher\PrivProt] "ErrorCount"="REG_DWORD", 264 "iconStatus"="REG_DWORD", 0 "LastScanDateTime"="REG_SZ", "5/12/2017 11:57:30 AM" "MSG"="REG_SZ", "264 items detected Fri. May 12, 2017. 11:57 AM" "MSGOnHome"="REG_SZ", "264 privacy items detected" [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\ScanStatusForLauncher\RegClean] "ErrorCount"="REG_DWORD", 2 "iconStatus"="REG_DWORD", 0 "LastScanDateTime"="REG_SZ", "5/12/2017 11:59:30 AM" "MSG"="REG_SZ", "2 Errors Found Fri. May 12, 2017. 11:58 AM" "MSGOnHome"="REG_SZ", "2 registry Errors found" [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\ScanStatusForLauncher\SysClean] "ErrorCount"="REG_DWORD", 464 "iconStatus"="REG_DWORD", 0 "LastScanDateTime"="REG_SZ", "5/12/2017 11:57:55 AM" "MSG"="REG_SZ", "464 junk items detected Fri. May 12, 2017. 11:57 AM" "MSGOnHome"="REG_SZ", "464 junk items detected" [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\System Cleaner] "PF_1"="REG_SZ", "Fri. May 12, 2017. 11:57 AM" "PF_2"="REG_SZ", "464" "PF_3"="REG_DWORD", 464 "PF_6"="REG_SZ", "182.26 MB" [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\System Cleaner\Advanced] "ChkEmptyFolders"="REG_DWORD", 0 "ChkExcludeRecentFiles"="REG_DWORD", 1 "chkSkipPersonalFolders"="REG_DWORD", 1 "ChkSkipSystemFiles"="REG_DWORD", 1 "chkSkipSystemFolders"="REG_DWORD", 1 "ChkZeroLenght"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\System Cleaner\IgnoreList] "*pc optimizer*"="REG_SZ", "" "*ustechsupport*"="REG_SZ", "" "c:\users\{username}\appdata\local\microsoft\windows\burn\burn*"="REG_SZ", "" "c:\users\{username}\appdata\roaming\microsoft\windows\network shortcuts*"="REG_SZ", "" "c:\users\{username}\appdata\roaming\microsoft\windows\printer shortcuts*"="REG_SZ", "" "c:\users\{username}\appdata\roaming\microsoft\windows\sendto*"="REG_SZ", "" "c:\users\{username}\favorites*"="REG_SZ", "" [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\System Cleaner\LocationDrives] "0"="REG_SZ", "C: (Local Disk)" [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\System Cleaner\LocationFolders] "0"="REG_SZ", "C:\Windows\Temp" "1"="REG_SZ", "C:\Users\{username}\AppData\Local\Temp" [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\System Cleaner\MaskList] "*.---"="REG_DWORD", 1 "*.$$$"="REG_DWORD", 1 "*.$db"="REG_DWORD", 1 "*.?$?"="REG_DWORD", 0 "*.??$"="REG_DWORD", 1 "*.??~"="REG_DWORD", 1 "*.?~?"="REG_DWORD", 0 "*.^"="REG_DWORD", 0 "*.___"="REG_DWORD", 1 "*._dd"="REG_DWORD", 0 "*._detmp"="REG_DWORD", 0 "*._mp"="REG_DWORD", 1 "*.~*"="REG_DWORD", 1 "*.~mp"="REG_DWORD", 1 "*.aps"="REG_DWORD", 0 "*.bak"="REG_DWORD", 0 "*.chk"="REG_DWORD", 1 "*.db$"="REG_DWORD", 1 "*.dmp"="REG_DWORD", 1 "*.err"="REG_DWORD", 0 "*.ftg"="REG_DWORD", 0 "*.fts"="REG_DWORD", 1 "*.gid"="REG_DWORD", 1 "*.ilk"="REG_DWORD", 0 "*.log"="REG_DWORD", 0 "*.ncb"="REG_DWORD", 0 "*.nch"="REG_DWORD", 0 "*.old"="REG_DWORD", 1 "*.pch"="REG_DWORD", 0 "*.prv"="REG_DWORD", 0 "*.sik"="REG_DWORD", 0 "*.temp"="REG_DWORD", 1 "*.tmp"="REG_DWORD", 1 "*.wbk"="REG_DWORD", 0 "*log.txt"="REG_DWORD", 0 "~*.*"="REG_DWORD", 1 "0*.nch"="REG_DWORD", 0 "chklist.*"="REG_DWORD", 1 "CHKLIST.MS"="REG_DWORD", 0 "mscreate.dir"="REG_DWORD", 1 "thumbs.db"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\USTechSupport\PC Optimizer\System Cleaner\Removal] "DirectFastRemove"="REG_DWORD", 0 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/12/17 Scan Time: 12:09 PM Logfile: mbamMyCleanPC.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1923 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330711 Time Elapsed: 1 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 6 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\ustpcopt.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODefragSrv64.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODiskOptimizer.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOPrivacyProtector.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOSystemCleaner.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCO_RC.exe, Quarantined, [1709], [336562],1.0.1923 Module: 49 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\ustpcopt.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asohtm.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asohtm.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asohtm.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asohtm.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asohtm.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asores.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asores.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asores.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asores.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asores.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100enu.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100enu.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100enu.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100enu.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100enu.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100u.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100u.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100u.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100u.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100u.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcp100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcp100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcp100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcp100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcp100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcr100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcr100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcr100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcr100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcr100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\sqlite3.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODefragSrv64.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODiskOptimizer.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOHelper.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOHelper.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOHelper.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOHelper.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOHelper.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOPrivacyProtector.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOsys.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOsys.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOsys.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOsys.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOsys.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOSystemCleaner.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCO_RC.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\xmllite.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\xmllite.dll, Quarantined, [1709], [336562],1.0.1923 Registry Key: 76 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1EBF37B1-7B87-43C8-9DB7-11AD9920E948}_is1, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\USTSPCODiskOptimizer, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\TYPELIB\{03837500-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{038374FF-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837502-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837506-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{0383750B-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837510-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837512-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837514-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837516-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{0383751a-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837520-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837524-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837533-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837534-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{0383753A-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{0383753D-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837541-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837543-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\INTERFACE\{03837544-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{038374FF-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837502-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837506-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0383750B-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837510-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837512-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837514-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837516-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0383751a-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837520-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837524-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837533-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837534-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0383753A-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0383753D-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837541-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837543-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{03837544-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{038374FF-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837502-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837506-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0383750B-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837510-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837512-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837514-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837516-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0383751a-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837520-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837524-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837533-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837534-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0383753A-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0383753D-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837541-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837543-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03837544-098b-11d8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03837500-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{03837500-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\PLA.SYSTEMDATACOLLECTORSETCOLLECTION.1, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\CLSID\{03837547-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\PLA.SystemDataCollectorSetCollection, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{03837547-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{03837547-098B-11D8-9414-505054503030}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{69869D10-3B1D-E089-CA54-8A93C86DD85D}, Quarantined, [1709], [397953],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B51F4334-7FD9-43CA-88CB-CF81BF314C14}, Quarantined, [1709], [336575],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C1182FB3-D4A8-4D35-A7F9-2E08C426CFA6}, Quarantined, [1709], [336579],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C83AA56C-CBAF-45F3-B6F0-E8BB7E947A01}, Quarantined, [1709], [336570],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LAUNCH CDPCO, Quarantined, [1709], [336578],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MyCleanPC PC Optimizer, Quarantined, [1709], [336573],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\, Quarantined, [1709], [380372],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\, Quarantined, [1709], [380372],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\USTSPCO-USTSPCOOneClickCare, Quarantined, [1709], [336568],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\WOW6432NODE\USTechSupport, Quarantined, [1709], [397954],1.0.1923 PUP.Optional.USTechSupport, HKCU\SOFTWARE\USTechSupport, Quarantined, [1709], [397955],1.0.1923 Registry Value: 4 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B51F4334-7FD9-43CA-88CB-CF81BF314C14}|PATH, Quarantined, [1709], [336575],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C1182FB3-D4A8-4D35-A7F9-2E08C426CFA6}|PATH, Quarantined, [1709], [336579],1.0.1923 PUP.Optional.USTechSupport, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C83AA56C-CBAF-45F3-B6F0-E8BB7E947A01}|PATH, Quarantined, [1709], [336570],1.0.1923 PUP.Optional.USTechSupport, HKCU\SOFTWARE\USTECHSUPPORT\PC OPTIMIZER\ONECLICKLASTSCANDETAILSPATH|USTSPCO_RC.EXE, Quarantined, [1709], [380372],1.0.1923 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 15 PUP.Optional.USTechSupport, C:\ProgramData\USTechSupport\PC Optimizer\Disk Optimizer, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\ProgramData\USTechSupport\PC Optimizer, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\ProgramData\USTechSupport\Log, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\PROGRAMDATA\USTechSupport, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer\Checking for Updates\AppUpdates, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer\Checking for Updates, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer\Registry Cleaner, Delete-on-Reboot, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer\Disk Optimizer, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer, Delete-on-Reboot, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\USERS\{username}\APPDATA\ROAMING\USTechSupport, Delete-on-Reboot, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\PROGRAM FILES (X86)\USTechSupport, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC\PC Optimizer, Quarantined, [1709], [336582],1.0.1923 PUP.Optional.USTechSupport, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MYCLEANPC, Quarantined, [1709], [336582],1.0.1923 File: 83 PUP.Optional.USTechSupport, C:\ProgramData\USTechSupport\Log\MyCleanPC_CustomerSupport.log, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\ProgramData\USTechSupport\Log\MyCleanPC_Debug.log, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer\Checking for Updates\AppUpdates\LatestVersion.htm, Quarantined, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Users\{username}\AppData\Roaming\USTechSupport\PC Optimizer\Registry Cleaner\log_05-12-2017.log, Delete-on-Reboot, [1709], [336563],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\footer_left.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\footer_middle.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\footer_right.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\left_border.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\line3px_Blue.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\Report_header_leftText.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\Report_header_left_image.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\Report_header_top_middle.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\Report_header_top_right.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DefragReport\right_border.jpg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100ita.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\ustpcopt.exe, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\1.ico, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\2.ico, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\3.ico, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\4.ico, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\5.ico, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\6.ico, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\ASEng.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\AsInvoker.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\aso.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asohtm.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\asores.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\atl100.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\checkupdate.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\client.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\DiskOpt.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\Downloader.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\FileList.pcp, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\HighestAvailable.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100chs.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100cht.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100deu.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100enu.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100esn.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100fra.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100jpn.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100kor.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100rus.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\mfc100u.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\Microsoft.VC90.ATL.manifest, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\Microsoft.VC90.CRT.manifest, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\Microsoft.VC90.MFC.manifest, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\Microsoft.VC90.MFCLOC.manifest, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcp100.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\msvcr100.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\privprotector.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\regclean.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\RegList.pcp, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\regopt.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\RequireAdministrator.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\sqlite3.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\sysclean.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\sysfilebackres.ini, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\unins000.dat, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\unins000.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\unins000.msg, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\unrar.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOCheckUpdate.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODefragSrv.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODefragSrv64.exe, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCODiskOptimizer.exe, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOHelper.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOPrivacyProtector.exe, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOsys.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOSysFileBakRes.exe, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCOSystemCleaner.exe, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\USTSPCO_RC.exe, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\xmllite.dll, Delete-on-Reboot, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\Program Files (x86)\USTechSupport\MCPPCO\zlibwapi.dll, Quarantined, [1709], [336562],1.0.1923 PUP.Optional.USTechSupport, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC\PC Optimizer\MyCleanPC PC Optimizer.lnk, Quarantined, [1709], [336582],1.0.1923 PUP.Optional.USTechSupport, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC\PC Optimizer\Uninstall MyCleanPC PC Optimizer.lnk, Quarantined, [1709], [336582],1.0.1923 PUP.Optional.USTechSupport, C:\USERS\{username}\DESKTOP\MYCLEANPC.EXE, Quarantined, [1709], [336585],1.0.1923 PUP.Optional.USTechSupport, C:\USERS\PUBLIC\DESKTOP\MYCLEANPC PC OPTIMIZER.LNK, Quarantined, [1709], [336581],1.0.1923 PUP.Optional.USTechSupport, C:\WINDOWS\TASKS\USTSPCO-USTSPCOONECLICKCARE.JOB, Quarantined, [1709], [336567],1.0.1923 PUP.Optional.USTechSupport, C:\WINDOWS\SYSTEM32\TASKS\MyCleanPC PC Optimizer, Quarantined, [1709], [336572],1.0.1923 PUP.Optional.USTechSupport, C:\WINDOWS\SYSTEM32\TASKS\LAUNCH CDPCO, Quarantined, [1709], [336577],1.0.1923 PUP.Optional.USTechSupport, C:\WINDOWS\SYSTEM32\TASKS\USTSPCO-USTSPCOONECLICKCARE, Quarantined, [1709], [336566],1.0.1923 PUP.Optional.USTechSupport, , Removal Failed, [1709], [380372],1.0.1923 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 12
- - pup.optional.ustechsupport
  - privacyprotector
  - (and 1 more)
    Tagged with:
    
    pup.optional.ustechsupport
    
    privacyprotector
    
    oneclickcare
Removal instructions for MyTransitMapper

Metallica posted a topic in Malware Removal Self-Help Guides

What is MyTransitMapper? The Malwarebytes research team has determined that MyTransitMapper is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. MyTransitMapper is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by MyTransitMapper? You may see this browser extension/add-on: these warnings during install: You may see this entry in your list of installed software: and this new startpage in the affected browsers: How did MyTransitMapper get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove MyTransitMapper? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MyTransitMapper? If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the MyTransitMapper hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/mytransitmapper/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1} FF Homepage: hxxp://hp.myway.com/mytransitmapper/ttab02/index.html?coId={coid}&subId&ln=en&n={n2}&ptb={ptb2}&st=tab&p2={p22}&si FF Extension: MyTransitMapper - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\Extensions\_k9Members_@www.mytransitmapper.com [2017-05-11] C:\Users\{username}\Downloads\MyTransitMapper - Changes.txt C:\Users\{username}\AppData\Local\MyTransitMapperTooltab MyTransitMapper Internet Explorer Homepage and New Tab (HKCU\...\MyTransitMapperTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION The most significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\MyTransitMapperTooltab Adds the file TooltabExtension.dll"="2/15/2017 12:20 AM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com Adds the file bootstrap.js"="5/11/2017 3:17 PM, 24987 bytes, A Adds the file chrome.manifest"="5/11/2017 3:17 PM, 135 bytes, A Adds the file chrome.manifest.restartless"="5/11/2017 3:17 PM, 135 bytes, A Adds the file install.rdf"="5/11/2017 3:17 PM, 1384 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\chrome Adds the file ffxtbr.jar"="5/11/2017 3:17 PM, 345457 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\META-INF Adds the file manifest.mf"="5/11/2017 3:17 PM, 680 bytes, A Adds the file mozilla.rsa"="5/11/2017 3:17 PM, 4193 bytes, A Adds the file mozilla.sf"="5/11/2017 3:17 PM, 121 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\mytransitmapper_k9 Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/mytransitmapper/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyTransitMapperTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "MyTransitMapper Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", ""http://support.mindspark.com/"" "Publisher"="REG_SZ", "Mindspark Interactive Network" "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\MyTransitMapperTooltab\TooltabExtension.dll" U uninstall:MyTransitMapper" "URLInfoAbout"="REG_SZ", ""http://support.mindspark.com/"" [HKEY_CURRENT_USER\Software\MyTransitMapper] "Start Page"="REG_SZ", "http://hp.myway.com/mytransitmapper/ttab02/index.html?n={n1}&p2={p22}&ptb={ptb1}" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/11/17 Scan Time: 3:29 PM Logfile: mbamMyTransitPlanner.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1915 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330645 Time Elapsed: 1 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\MYTRANSITMAPPERTOOLTAB\TOOLTABEXTENSION.DLL, Quarantined, [271], [301125],1.0.1915 Registry Key: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyTransitMapperTooltab Uninstall Internet Explorer, Delete-on-Reboot, [271], [301125],1.0.1915 Registry Value: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyTransitMapperTooltab Uninstall Internet Explorer|PUBLISHER, Delete-on-Reboot, [271], [352442],1.0.1915 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [271], [293497],1.0.1915 Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\META-INF, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\chrome, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\EXTENSIONS\_K9MEMBERS_@WWW.MYTRANSITMAPPER.COM, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MyTransitMapperTooltab, Delete-on-Reboot, [819], [356944],1.0.1915 File: 55 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\MYTRANSITMAPPERTOOLTAB\TOOLTABEXTENSION.DLL, Delete-on-Reboot, [271], [301125],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [319354],1.0.1915 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [819], [356946],1.0.1915 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\MYTRANSITMAPPER.EFD98495046F401BA19B871AAE665712.EXE, Delete-on-Reboot, [271], [365288],1.0.1915 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_mytransitmapper.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [271], [240306],1.0.1915 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_mytransitmapper.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [271], [240306],1.0.1915 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\EXTENSIONS\_K9MEMBERS_@WWW.MYTRANSITMAPPER.COM\INSTALL.RDF, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\chrome\ffxtbr.jar, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\META-INF\manifest.mf, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\META-INF\mozilla.rsa, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\META-INF\mozilla.sf, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\bootstrap.js, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\chrome.manifest, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions\_k9Members_@www.mytransitmapper.com\chrome.manifest.restartless, Delete-on-Reboot, [271], [302304],1.0.1915 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_mytransitmapper.dl.myway.com_0.localstorage, Delete-on-Reboot, [271], [240305],1.0.1915 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_mytransitmapper.dl.myway.com_0.localstorage-journal, Delete-on-Reboot, [271], [240305],1.0.1915 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 11
- - pup.optional.mindspark
  - myway
  - (and 1 more)
    Tagged with:
    
    pup.optional.mindspark
    
    myway
    
    iac
Removal instructions for Magic Pc Cleaner

Metallica posted a topic in Malware Removal Self-Help Guides

What is Magic Pc Cleaner? The Malwarebytes research team has determined that Magic Pc Cleaner is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with Magic Pc Cleaner? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and on your desktop: and see these warnings during "operations": You may see this entry in your list of installed programs: and this Scheduled Task: How did Magic Pc Cleaner get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove Magic Pc Cleaner? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Magic Pc Cleaner? No, Malwarebytes removes Magic Pc Cleaner completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the Magic Pc Cleaner installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domains. Technical details for experts You may see these entries in FRST logs: () C:\Program Files (x86)\SystemOptimizer\MagicPcCleaner.exe () C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\MagicPcCleaner.exe InternetURL: C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemCleaner.url -> file:///C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\MagicPcCleaner.exe C:\Users\{username}\AppData\Local\MagicPcCleaner C:\Users\Public\Desktop\Magic PC Cleaner.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Pc Cleaner C:\Program Files (x86)\Magic Pc Cleaner (Magic Pc Cleaner) C:\Users\{username}\Desktop\MPCSetup.exe C:\Windows\System32\Tasks\Microsoft Essentials C:\Users\{username}\AppData\Roaming\Magic Pc Cleaner C:\Program Files (x86)\SystemOptimizer Magic Pc Cleaner (HKLM-x32\...\{5788EE0A-93E6-4958-AFBD-EB13D1B6558C}) (Version: 1.0.0 - Magic Pc Cleaner) Task: {5E313F6C-5A9D-46F4-BDA7-8A7358B73F91} - System32\Tasks\Microsoft Essentials => C:\Program Files (x86)\SystemOptimizer\MagicPcCleaner.exe [2017-05-04] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner Adds the file MagicPcCleaner.exe"="4/22/2017 11:28 PM, 2603168 bytes, A Adds the file MagicPcCleaner.exe.config"="2/28/2017 8:06 AM, 4371 bytes, A Adds the file Telerik.WinControls.dll"="5/3/2016 8:24 PM, 2840064 bytes, A Adds the file Telerik.WinControls.Themes.HighContrastBlack.dll"="5/3/2016 8:25 PM, 220160 bytes, A Adds the file Telerik.WinControls.UI.dll"="5/3/2016 8:25 PM, 4663296 bytes, A Adds the file TelerikCommon.dll"="5/3/2016 8:24 PM, 340480 bytes, A Adds the file Trial.dll"="4/22/2017 11:30 PM, 609440 bytes, A Adds the file UtilityInfo.xml"="5/10/2017 8:11 AM, 429 bytes, A Adds the folder C:\Program Files (x86)\SystemOptimizer Adds the file GuidInfo.xml"="5/10/2017 8:00 AM, 140 bytes, A Adds the file MagicPcCleaner.exe"="5/4/2017 12:04 PM, 5899752 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Pc Cleaner Adds the file Magic PC Cleaner.lnk"="5/10/2017 8:01 AM, 2154 bytes, A Adds the folder C:\Users\{username}\AppData\Local\MagicPcCleaner\MagicPcCleaner.exe_Url_c555nk35rwj3gbeq3ywwn5witprathsd\1.0.0.0 Adds the file user.config"="5/10/2017 8:11 AM, 2549 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Magic Pc Cleaner\Magic Pc Cleaner 1.0.0\install In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adds the file SystemCleaner.url"="5/10/2017 8:11 AM, 208 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file MPCSetup.exe"="5/10/2017 8:00 AM, 8673600 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Magic PC Cleaner.lnk"="5/10/2017 8:01 AM, 2136 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Microsoft Essentials"="5/10/2017 8:00 AM, 3282 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A4E49A4-F3DC-812D-C381-9A605CC1AA3A}\2552459366] "(Default)"="REG_SZ", "HYNFYFZ45E54G" "{7A4E49A4-F3DC-812D-C381-9A605CC1AA3A}"="REG_SZ", "RX5VQYX9TK8S" "2552459366"="REG_SZ", "E6NFYFZ45E54G" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{22235BA8-0905-B68E-A5A7-0A4D737428CC}\2825635452] "(Default)"="REG_SZ", "RYO4bmh3PwN" "{22235BA8-0905-B68E-A5A7-0A4D737428CC}"="REG_SZ", "Sc62" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Magic Pc Cleaner\"="REG_SZ", "" "C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\"="REG_SZ", "" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Pc Cleaner\"="REG_SZ", "1" "C:\Windows\Installer\{5788EE0A-93E6-4958-AFBD-EB13D1B6558C}\"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Caphyon\Advanced Installer\LZMA\{5788EE0A-93E6-4958-AFBD-EB13D1B6558C}\1.0.0] "AI_ExePath"="REG_SZ", "C:\Users\{username}\Desktop\MPCSetup.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Magic Pc Cleaner\Magic Pc Cleaner] "Path"="REG_SZ", "C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\" "RegistrationDate"="REG_SZ", "" "Version"="REG_SZ", "1.0.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5788EE0A-93E6-4958-AFBD-EB13D1B6558C}] "AuthorizedCDFPrefix"="REG_SZ", "" "Comments"="REG_SZ", "This installer database contains the logic and data required to install Magic Pc Cleaner." "Contact"="REG_SZ", "www.magic-pc-cleaner.com" "DisplayName"="REG_SZ", "Magic Pc Cleaner" "DisplayVersion"="REG_SZ", "1.0.0" "EstimatedSize"="REG_DWORD", 11023 "HelpLink"="REG_EXPAND_SZ, "www.magic-pc-cleaner.com" "HelpTelephone"="REG_SZ", "" "InstallDate"="REG_SZ", "20170510" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\" "InstallSource"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Magic Pc Cleaner\Magic Pc Cleaner 1.0.0\install\" "Language"="REG_DWORD", 1033 "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{5788EE0A-93E6-4958-AFBD-EB13D1B6558C}" "Publisher"="REG_SZ", "Magic Pc Cleaner" "Readme"="REG_SZ", "" "Size"="REG_SZ", "" "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{5788EE0A-93E6-4958-AFBD-EB13D1B6558C}" "URLInfoAbout"="REG_SZ", "www.magic-pc-cleaner.com" "URLUpdateInfo"="REG_SZ", "www.magic-pc-cleaner.com" "Version"="REG_DWORD", 16777216 "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 0 "WindowsInstaller"="REG_DWORD", 1 [HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{7A4E49A4-F3DC-812D-C381-9A605CC1AA3A}\2552459366] "(Default)"="REG_SZ", "HYNFYFZ45E54G" "{7A4E49A4-F3DC-812D-C381-9A605CC1AA3A}"="REG_SZ", "RX5VQYX9TKWS" "2552459366"="REG_SZ", "HYNFYFZ45E54G" [HKEY_USERS\.DEFAULT\Software\Classes\Interface\{22235BA8-0905-B68E-A5A7-0A4D737428CC}\2825635452] "(Default)"="REG_SZ", "RYO4bmh3PwN" "{22235BA8-0905-B68E-A5A7-0A4D737428CC}"="REG_SZ", "Sc62" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7A4E49A4-F3DC-812D-C381-9A605CC1AA3A}\2552459366] "{7A4E49A4-F3DC-812D-C381-9A605CC1AA3A}"="REG_SZ", "RX5VQYX9TK8S" "2552459366"="REG_SZ", "E6NFYFZ45E54G" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/10/17 Scan Time: 8:25 AM Logfile: mbamMagicPCCleaner.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1908 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330426 Time Elapsed: 1 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 2 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\MagicPcCleaner.exe, Quarantined, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\PROGRAM FILES (X86)\SYSTEMOPTIMIZER\MAGICPCCLEANER.EXE, Quarantined, [891], [396750],1.0.1908 Module: 3 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\MagicPcCleaner.exe, Quarantined, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\Trial.dll, Quarantined, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\PROGRAM FILES (X86)\SYSTEMOPTIMIZER\MAGICPCCLEANER.EXE, Quarantined, [891], [396750],1.0.1908 Registry Key: 4 PUP.Optional.MagicPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5788EE0A-93E6-4958-AFBD-EB13D1B6558C}, Delete-on-Reboot, [891], [396761],1.0.1908 PUP.Optional.MagicPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MagicPcCleaner_RASAPI32, Delete-on-Reboot, [891], [396760],1.0.1908 PUP.Optional.MagicPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MagicPcCleaner_RASMANCS, Delete-on-Reboot, [891], [396760],1.0.1908 PUP.Optional.MagicPCCleaner, HKLM\SOFTWARE\WOW6432NODE\Magic Pc Cleaner, Delete-on-Reboot, [891], [396759],1.0.1908 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MagicPCCleaner, C:\Users\{username}\AppData\Roaming\Magic Pc Cleaner\Magic Pc Cleaner 1.0.0\install, Delete-on-Reboot, [891], [396755],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Users\{username}\AppData\Roaming\Magic Pc Cleaner\Magic Pc Cleaner 1.0.0, Delete-on-Reboot, [891], [396755],1.0.1908 PUP.Optional.MagicPCCleaner, C:\USERS\{username}\APPDATA\ROAMING\Magic Pc Cleaner, Delete-on-Reboot, [891], [396755],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\PROGRAM FILES (X86)\Magic Pc Cleaner, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Users\{username}\AppData\Local\MagicPcCleaner\MagicPcCleaner.exe_Url_c555nk35rwj3gbeq3ywwn5witprathsd\1.0.0.0, Delete-on-Reboot, [891], [396756],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Users\{username}\AppData\Local\MagicPcCleaner\MagicPcCleaner.exe_Url_c555nk35rwj3gbeq3ywwn5witprathsd, Delete-on-Reboot, [891], [396756],1.0.1908 PUP.Optional.MagicPCCleaner, C:\USERS\{username}\APPDATA\LOCAL\MagicPcCleaner, Delete-on-Reboot, [891], [396756],1.0.1908 PUP.Optional.MagicPCCleaner, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MAGIC PC CLEANER, Delete-on-Reboot, [891], [396753],1.0.1908 File: 15 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\MagicPcCleaner.exe, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\MagicPcCleaner.exe.config, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\Telerik.WinControls.dll, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\Telerik.WinControls.Themes.HighContrastBlack.dll, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\Telerik.WinControls.UI.dll, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\TelerikCommon.dll, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\Trial.dll, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\UtilityInfo.xml, Delete-on-Reboot, [891], [396752],1.0.1908 PUP.Optional.MagicPCCleaner, C:\Users\{username}\AppData\Local\MagicPcCleaner\MagicPcCleaner.exe_Url_c555nk35rwj3gbeq3ywwn5witprathsd\1.0.0.0\user.config, Delete-on-Reboot, [891], [396756],1.0.1908 PUP.Optional.MagicPCCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Pc Cleaner\Magic PC Cleaner.lnk, Delete-on-Reboot, [891], [396753],1.0.1908 PUP.Optional.MagicPCCleaner, C:\PROGRAM FILES (X86)\SYSTEMOPTIMIZER\MAGICPCCLEANER.EXE, Delete-on-Reboot, [891], [396750],1.0.1908 PUP.Optional.MagicPCCleaner, C:\USERS\{username}\DESKTOP\MPCSETUP.EXE, Delete-on-Reboot, [891], [396751],1.0.1908 PUP.Optional.MagicPCCleaner, C:\USERS\{username}\DESKTOP\MAGICPCCLEANER.EXE, Delete-on-Reboot, [891], [396750],1.0.1908 PUP.Optional.MagicPCCleaner, C:\USERS\PUBLIC\DESKTOP\MAGIC PC CLEANER.LNK, Delete-on-Reboot, [891], [396754],1.0.1908 PUP.Optional.MagicPCCleaner, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\SYSTEMCLEANER.URL, Delete-on-Reboot, [891], [396757],1.0.1908 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 10
- - pup.optional.magicpccleaner
  - softfix
  - (and 1 more)
    Tagged with:
    
    pup.optional.magicpccleaner
    
    softfix
    
    1-866-747-9019
Removal instructions for PC Reg Boost

Metallica posted a topic in Malware Removal Self-Help Guides

What is PC Reg Boost? The Malwarebytes research team has determined that PC Reg Boost is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. More information can be found on our Malwarebytes Labs blog. How do I know if I am infected with PC Reg Boost? This is how the main screen of the sytem optimizer looks: You will find these icons in your taskbar and on your desktop: and see these warnings during install: and these screens during "operations": You may see this entry in your list of installed programs: How did PC Reg Boost get on my computer? These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site. How do I remove PC Reg Boost? Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of PC Reg Boost? No, Malwarebytes removes PC Reg Boost completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this system optimizer. As you can see below the full version of Malwarebytes would have protected you against the PC Reg Boost installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts You may see these entries in FRST logs: () C:\Program Files (x86)\PcRegBoost\PcRegBoost.exe C:\Users\{username}\AppData\Roaming\appud C:\Users\{username}\AppData\Roaming\loc C:\Program Files (x86)\PcRegBoost C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PcRegBoost.lnk C:\Users\Public\Desktop\PcRegBoost.lnk (iNextITNetwork ) C:\Users\{username}\Desktop\PcRegBoost Setup.exe PcRegBoost version 1.3 (HKLM-x32\...\{D4FD61C1-0B3B-44D1-9BBF-12A14B0BF915}_is1) (Version: 1.3 - iNextITNetwork) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\PcRegBoost Adds the file 1b.png"="9/23/2016 3:42 PM, 5383 bytes, A Adds the file 1w.png"="9/23/2016 3:42 PM, 5360 bytes, A Adds the file 2b.png"="9/23/2016 3:42 PM, 4864 bytes, A Adds the file 2w.png"="9/23/2016 3:42 PM, 4846 bytes, A Adds the file 3b.png"="9/23/2016 3:42 PM, 5003 bytes, A Adds the file 3w.png"="9/23/2016 3:42 PM, 4978 bytes, A Adds the file 4b.png"="9/23/2016 3:42 PM, 5529 bytes, A Adds the file 4w.png"="9/23/2016 3:42 PM, 5610 bytes, A Adds the file console.exe"="4/13/2017 1:48 AM, 14072 bytes, A Adds the file data"="5/9/2017 8:19 AM, 5 bytes, A Adds the file defragexec.exe"="9/23/2016 3:42 PM, 52504 bytes, A Adds the file EntityFramework.dll"="9/23/2016 3:42 PM, 4976848 bytes, A Adds the file logo.ico"="9/23/2016 3:42 PM, 32038 bytes, A Adds the file Microsoft.VisualBasic.PowerPacks.Vs.DLL"="9/16/2016 2:03 PM, 259464 bytes, A Adds the file MySql.Data.DLL"="9/16/2016 2:03 PM, 457728 bytes, A Adds the file PcRegBoost.exe"="3/4/2017 1:11 AM, 1811704 bytes, A Adds the file Protect32.dll"="9/23/2016 3:42 PM, 694784 bytes, A Adds the file Protect64.dll"="9/23/2016 3:42 PM, 764416 bytes, A Adds the file restore.exe"="9/23/2016 3:42 PM, 52504 bytes, A Adds the file runpc.exe"="9/23/2016 3:01 PM, 52504 bytes, A Adds the file serve.exe"="4/13/2017 12:09 AM, 17656 bytes, A Adds the file sfc.jpg"="9/23/2016 3:42 PM, 21813 bytes, A Adds the file sldgrn.png"="9/23/2016 3:41 PM, 71706 bytes, A Adds the file SQLite.Interop.dll"="9/23/2016 3:42 PM, 933376 bytes, A Adds the file System.Data.SQLite.DLL"="5/23/2016 11:23 AM, 301056 bytes, A Adds the file Task.exe"="9/23/2016 3:42 PM, 55064 bytes, A Adds the file ud.sqlite"="9/23/2016 3:42 PM, 0 bytes, A Adds the file unins000.dat"="5/9/2017 8:16 AM, 4275 bytes, A Adds the file unins000.exe"="5/9/2017 8:16 AM, 752805 bytes, A Adds the file UpdateChecker.exe"="9/23/2016 3:42 PM, 21272 bytes, A Adds the file Updatetask.exe"="9/23/2016 3:42 PM, 23320 bytes, A Adds the file WindowsGen.exe"="4/13/2017 12:06 AM, 135928 bytes, A Adds the folder C:\Program Files (x86)\PcRegBoost\x64 Adds the file SQLite.Interop.dll"="9/23/2016 3:42 PM, 1405952 bytes, A Adds the folder C:\Program Files (x86)\PcRegBoost\x86 Adds the file SQLite.Interop.dll"="9/23/2016 3:41 PM, 1060864 bytes, A In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs Adds the file PcRegBoost.lnk"="5/9/2017 8:16 AM, 1043 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming Adds the file appud"="5/9/2017 8:19 AM, 5 bytes, A Adds the file loc"="5/9/2017 8:18 AM, 35 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file PcRegBoost.lnk"="5/9/2017 8:16 AM, 1031 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D4FD61C1-0B3B-44D1-9BBF-12A14B0BF915}_is1] "DisplayName"="REG_SZ", "PcRegBoost version 1.3" "DisplayVersion"="REG_SZ", "1.3" "EstimatedSize"="REG_DWORD", 13671 "HelpLink"="REG_SZ", "http://www.pcregboost.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\PcRegBoost" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "(Default)" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20170509" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\PcRegBoost\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 3 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "iNextITNetwork" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\PcRegBoost\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\PcRegBoost\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.pcregboost.com/" "URLUpdateInfo"="REG_SZ", "http://www.pcregboost.com/" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 3 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/9/17 Scan Time: 8:38 AM Logfile: mbamPCRegBoost.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1900 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330164 Time Elapsed: 1 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 5 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\PcRegBoost.exe, Quarantined, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\PcRegBoost.exe, Quarantined, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\PcRegBoost.exe, Quarantined, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\WindowsGen.exe, Quarantined, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\WindowsGen.exe, Quarantined, [69], [391052],1.0.1900 Module: 5 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\PcRegBoost.exe, Quarantined, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\PcRegBoost.exe, Quarantined, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\PcRegBoost.exe, Quarantined, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\WindowsGen.exe, Quarantined, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\WindowsGen.exe, Quarantined, [69], [391052],1.0.1900 Registry Key: 1 PUP.Optional.PCRegBoost, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D4FD61C1-0B3B-44D1-9BBF-12A14B0BF915}_is1, Delete-on-Reboot, [69], [391052],1.0.1900 Registry Value: 1 PUP.Optional.PCRegBoost, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WindowsGen, Delete-on-Reboot, [69], [391052],1.0.1900 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\x64, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\x86, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\PROGRAM FILES (X86)\PCREGBOOST, Delete-on-Reboot, [69], [391052],1.0.1900 File: 36 PUP.Optional.PCRegBoost, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PCREGBOOST.LNK, Delete-on-Reboot, [69], [391050],1.0.1900 PUP.Optional.PCRegBoost, C:\USERS\PUBLIC\DESKTOP\PCREGBOOST.LNK, Delete-on-Reboot, [69], [391051],1.0.1900 PUP.Optional.PCRegBoost, C:\PROGRAM FILES (X86)\PCREGBOOST\UNINS000.DAT, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\x64\SQLite.Interop.dll, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\x86\SQLite.Interop.dll, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\PcRegBoost.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\1b.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\1w.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\2b.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\2w.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\3b.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\3w.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\4b.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\4w.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\console.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\data, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\defragexec.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\EntityFramework.dll, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\logo.ico, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\Microsoft.VisualBasic.PowerPacks.Vs.DLL, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\MySql.Data.DLL, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\Protect32.dll, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\Protect64.dll, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\restore.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\runpc.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\serve.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\sfc.jpg, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\sldgrn.png, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\SQLite.Interop.dll, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\System.Data.SQLite.DLL, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\Task.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\ud.sqlite, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\unins000.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\UpdateChecker.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\Updatetask.exe, Delete-on-Reboot, [69], [391052],1.0.1900 PUP.Optional.PCRegBoost, C:\Program Files (x86)\PcRegBoost\WindowsGen.exe, Delete-on-Reboot, [69], [391052],1.0.1900 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 9
- - pup.optional.pcregboost
  - 1-855-804-1796
  - (and 2 more)
    Tagged with:
    
    pup.optional.pcregboost
    
    1-855-804-1796
    
    (855) 804-1796
    
    18558041796
Removal instructions for uBar

Metallica posted a topic in Malware Removal Self-Help Guides

What is uBar? The Malwarebytes research team has determined that uBar is adware. These adware applications display advertisements not originating from the sites you are browsing. This one is part of a bundler. How do I know if my computer is affected by uBar? You may see these entries in your list of installed programs and features: and these warnings during install: This is the main screen of the uBar torrent downloader: and you may see these icons in your taskbar, your startmenu and on your desktop: and this taskbar popup during "operations": You may also find this (and other) browser extensions: How did uBar get on my computer? Adware applications use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove uBar? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of uBar? No, Malwarebytes removes uBar completely. If your browser(s) were hijacked, you should have a look at our Restore Browser page. You can read there how to fix additional browser redirect methods. Some parts of this bundler create scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the uBar adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. The web protection module also blocks access to their website. Technical details for experts Possible signs in FRST logs: (uBar) C:\ProgramData\uBar\uBar\uBar.exe (BitTorrent, Inc.) C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe (uBar) C:\ProgramData\uBar\uBar\uBar.exe HKCU\...\Run: [uBar] => C:\ProgramData\uBar\uBar\uBar.exe [12888864 2017-05-08] (uBar) CHR HKLM-x32\...\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] - hxxp://clients2.google.com/service/update2/crx C:\Users\{username}\AppData\Local\uTorrent C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uBar.lnk C:\Users\{username}\Desktop\uBar.lnk C:\Users\{username}\AppData\Local\uBar.lnk C:\ProgramData\uBar () C:\Users\{username}\AppData\Local\uBar.lnk C:\Users\{username}\AppData\Local\Temp\ubar-yadownloader.exe uBar (HKCU\...\uBar) (Version: - uBar.pro) FirewallRules: [{6F17FFF2-F052-4ABF-A0FE-A0354E8444B4}] => (Allow) C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe FirewallRules: [{29ACE93A-C439-4784-8A9B-270F868B1151}] => (Allow) C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe Significant alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\ProgramData\uBar\Recovery Adds the file torrent.zip"="5/8/2017 8:45 AM, 911732 bytes, A Adds the folder C:\ProgramData\uBar\uBar Adds the file uBar.exe"="5/8/2017 8:45 AM, 12888864 bytes, A Adds the file uBar.log"="5/8/2017 8:49 AM, 1491 bytes, A Adds the file Uninstall.exe"="5/8/2017 8:45 AM, 4854048 bytes, A Adds the folder C:\ProgramData\uBar\uBar\data Adds the file Param.cfg"="5/8/2017 8:48 AM, 1995 bytes, A Adds the file uBar.db"="5/8/2017 8:50 AM, 24576 bytes, A Adds the folder C:\ProgramData\uBar\uBar\data\uBarWebStore Adds the file ChromeDWriteFontCache"="5/8/2017 8:51 AM, 22900556 bytes, A Adds the file Cookies"="5/8/2017 8:50 AM, 7168 bytes, A Adds the file Cookies-journal"="5/8/2017 8:50 AM, 0 bytes, A Adds the file data_0"="5/8/2017 8:50 AM, 45056 bytes, A Adds the file data_1"="5/8/2017 8:50 AM, 270336 bytes, A Adds the file data_2"="5/8/2017 8:50 AM, 8192 bytes, A Adds the file data_3"="5/8/2017 8:50 AM, 8192 bytes, A Adds the file f_000001"="5/8/2017 8:50 AM, 49079 bytes, A Adds the file index"="5/8/2017 8:50 AM, 524656 bytes, A Adds the folder C:\ProgramData\uBar\uBar\modules In the existing folder C:\Users\{username}\AppData\Local Adds the file uBar.lnk"="5/8/2017 8:48 AM, 757 bytes, A Adds the folder C:\Users\{username}\AppData\Local\uTorrent\Cache In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar Adds the file uBar.lnk"="5/8/2017 8:48 AM, 757 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Adds the file uBar.lnk"="5/8/2017 8:48 AM, 900 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file uBar.lnk"="5/8/2017 8:48 AM, 870 bytes, A Adds the folder C:\Загрузки uBar Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent] "(Default)"="REG_SZ", "uBarTorrent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uBarTorrent\DefaultIcon] "(Default)"="REG_SZ", ""C:\ProgramData\uBar\uBar\uBar.exe", 0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uBarTorrent\shell\open\command] "(Default)"="REG_SZ", ""C:\ProgramData\uBar\uBar\uBar.exe" -runtorrent:"%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jdfonankhfnhihdcpaagpabbaoclnjfp] "install_parameter"="REG_SZ", "clid=2262092-207&win=280&" "update_url"="REG_SZ", "http://clients2.google.com/service/update2/crx" [HKEY_CURRENT_USER\Software\BitTorrent\engine] "controlPortTimestamp"="REG_DWORD", 1494226196 "port"="REG_DWORD", 11609 "portTimestamp"="REG_DWORD", 1494226196 "TrayIcon"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon] "(Default)"="REG_SZ", ""C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe" ",0" [HKEY_CURRENT_USER\Software\Classes\btdna\shell] "(Default)"="REG_SZ", "open" [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command] "(Default)"="REG_SZ", ""C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe" "/DNA"" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "wsTorrent.exe"="REG_DWORD", 8000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "uBar"="REG_SZ", ""C:\ProgramData\uBar\uBar\uBar.exe" -autorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uBar] "DisplayIcon"="REG_SZ", ""C:\ProgramData\uBar\uBar\Uninstall.exe",0" "DisplayName"="REG_SZ", "uBar" "Publisher"="REG_SZ", "uBar.pro" "UninstallString"="REG_SZ", ""C:\ProgramData\uBar\uBar\Uninstall.exe"" [HKEY_CURRENT_USER\Software\uBar\uBar] "DownloadFilesPath"="REG_SZ", "C:\Загрузки uBar\" "Installation directory"="REG_SZ", "C:\ProgramData\uBar\uBar\" "Version"="REG_SZ", "1.9.3.1" "WsTorrentInstallPath"="REG_SZ", "C:\ProgramData\uBar\uBar\modules\torrent\" [HKEY_CURRENT_USER\Software\uBar\uBar\Temporal] [HKEY_CURRENT_USER\Software\uBar_\uBarClientInfo] "ClientID"="REG_SZ", "781207451793782031" [HKEY_CURRENT_USER\Software\uBar_\uBarClientInfo\MiniBarForm] "FormVersion"="REG_DWORD", 0 Malwarebytes log: [b][font='Arial Black'][size=4]What is uBar?[/size][/font][/b] The Malwarebytes research team has determined that [b]uBar[/b] is [url=https://blog.malwarebytes.com/threats/adware/]adware[/url]. These adware applications display advertisements not originating from the sites you are browsing. This one is part of a [url=https://blog.malwarebytes.com/glossary/bundler/]bundler[/url]. [b][font='Arial Black'][size=4]How do I know if my computer is affected by uBar?[/size][/font][/b] You may see these entries in your list of installed programs and features: [img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/warning4.png] and these warnings during install: [img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/warning1.png] [img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/warning2.png] [img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/warning3.png] This is the main screen of the uBar torrent downloader: [img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/main.png] and you may see these icons in your taskbar, your startmenu and on your desktop: [img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/icons.png] and this taskbar popup during "operations": [img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/warning8.png] You may also find this (and other) browser extensions: [img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/warning7.png] [b][font='Arial Black'][size=4]How did uBar get on my computer?[/size][/font][/b] Adware applications use different methods for distributing themselves. This particular one was downloaded from their site. [b][font='Arial Black'][size=4]How do I remove uBar?[/size][/font][/b] Our program Malwarebytes can detect and remove this potentially unwanted program. [LIST] [*]Please download [url=https://www.malwarebytes.com/mwb-download/][color=#0000ff][b]Malwarebytes[/b][/color][/url] to your desktop.[/*] [*]Double-click [b]mb3-setup-consumer-{version}.exe[/b] and follow the prompts to install the program.[/*] [*]Then click [b]Finish[/b].[/*] [*]Once the program has fully updated, select [b]Scan Now[/b] on the [b]Dashboard[/b]. Or select the [b]Threat Scan[/b] from the [b]Scan[/b] menu.[/*] [*]If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.[/*] [*]When the scan is complete, make sure that [b]all Threats[/b] are selected, and click [b]Remove Selected[/b].[/*] [*]Restart your computer when prompted to do so.[/*] [/LIST] [b][font='Arial Black'][size=4]Is there anything else I need to do to get rid of uBar?[/size][/font][/b] [LIST] [*]No, Malwarebytes removes uBar completely.[/*] [*]If your browser(s) were hijacked, you should have a look at our [url=https://www.malwarebytes.org/restorebrowser/index.html]Restore Browser page[/url]. You can read there how to fix additional browser redirect methods.[/*] [*]Some parts of this bundler create scheduled tasks. You can read [url="https://blog.malwarebytes.org/intelligence/2015/03/scheduled-tasks/"]here[/url] how to check for and, if necessary, remove Scheduled Tasks.[/*] [/LIST] [b][font='Arial Black'][size=4]How would the [url=https://store.malwarebytes.org/342/purl-consumer?x-source=guides&x-action=uBar]full version of Malwarebytes[/url][/size][/font] help protect me?[/b] We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes would have protected you against the uBar adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late. [center][img=https://static-cdn.malwarebytes.org/pub_images/uBarInstaller/protection1.png][/center] The [url=https://blog.malwarebytes.com/101/2016/08/explained-the-malwarebytes-website-protection-module/]web protection module[/url] also blocks access to their website. [b][font='Arial Black'][size=4]Technical details for experts[/size][/font][/b] Possible signs in FRST logs: [code=auto:0] (uBar) C:\ProgramData\uBar\uBar\uBar.exe (BitTorrent, Inc.) C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe (uBar) C:\ProgramData\uBar\uBar\uBar.exe HKCU\...\Run: [uBar] => C:\ProgramData\uBar\uBar\uBar.exe [12888864 2017-05-08] (uBar) CHR HKLM-x32\...\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] - hxxp://clients2.google.com/service/update2/crx C:\Users\{username}\AppData\Local\uTorrent C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uBar.lnk C:\Users\{username}\Desktop\uBar.lnk C:\Users\{username}\AppData\Local\uBar.lnk C:\ProgramData\uBar () C:\Users\{username}\AppData\Local\uBar.lnk C:\Users\{username}\AppData\Local\Temp\ubar-yadownloader.exe uBar (HKCU\...\uBar) (Version: - uBar.pro) FirewallRules: [{6F17FFF2-F052-4ABF-A0FE-A0354E8444B4}] => (Allow) C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe FirewallRules: [{29ACE93A-C439-4784-8A9B-270F868B1151}] => (Allow) C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe[/code] Significant alterations made by the installer: [code=auto:0]File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\ProgramData\uBar\Recovery Adds the file torrent.zip"="5/8/2017 8:45 AM, 911732 bytes, A Adds the folder C:\ProgramData\uBar\uBar Adds the file uBar.exe"="5/8/2017 8:45 AM, 12888864 bytes, A Adds the file uBar.log"="5/8/2017 8:49 AM, 1491 bytes, A Adds the file Uninstall.exe"="5/8/2017 8:45 AM, 4854048 bytes, A Adds the folder C:\ProgramData\uBar\uBar\data Adds the file Param.cfg"="5/8/2017 8:48 AM, 1995 bytes, A Adds the file uBar.db"="5/8/2017 8:50 AM, 24576 bytes, A Adds the folder C:\ProgramData\uBar\uBar\data\uBarWebStore Adds the file ChromeDWriteFontCache"="5/8/2017 8:51 AM, 22900556 bytes, A Adds the file Cookies"="5/8/2017 8:50 AM, 7168 bytes, A Adds the file Cookies-journal"="5/8/2017 8:50 AM, 0 bytes, A Adds the file data_0"="5/8/2017 8:50 AM, 45056 bytes, A Adds the file data_1"="5/8/2017 8:50 AM, 270336 bytes, A Adds the file data_2"="5/8/2017 8:50 AM, 8192 bytes, A Adds the file data_3"="5/8/2017 8:50 AM, 8192 bytes, A Adds the file f_000001"="5/8/2017 8:50 AM, 49079 bytes, A Adds the file index"="5/8/2017 8:50 AM, 524656 bytes, A Adds the folder C:\ProgramData\uBar\uBar\modules In the existing folder C:\Users\{username}\AppData\Local Adds the file uBar.lnk"="5/8/2017 8:48 AM, 757 bytes, A Adds the folder C:\Users\{username}\AppData\Local\uTorrent\Cache In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar Adds the file uBar.lnk"="5/8/2017 8:48 AM, 757 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Adds the file uBar.lnk"="5/8/2017 8:48 AM, 900 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file uBar.lnk"="5/8/2017 8:48 AM, 870 bytes, A Adds the folder C:\Загрузки uBar Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent] "(Default)"="REG_SZ", "uBarTorrent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uBarTorrent\DefaultIcon] "(Default)"="REG_SZ", ""C:\ProgramData\uBar\uBar\uBar.exe", 0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uBarTorrent\shell\open\command] "(Default)"="REG_SZ", ""C:\ProgramData\uBar\uBar\uBar.exe" -runtorrent:"%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jdfonankhfnhihdcpaagpabbaoclnjfp] "install_parameter"="REG_SZ", "clid=2262092-207&win=280&" "update_url"="REG_SZ", "http://clients2.google.com/service/update2/crx" [HKEY_CURRENT_USER\Software\BitTorrent\engine] "controlPortTimestamp"="REG_DWORD", 1494226196 "port"="REG_DWORD", 11609 "portTimestamp"="REG_DWORD", 1494226196 "TrayIcon"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon] "(Default)"="REG_SZ", ""C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe" ",0" [HKEY_CURRENT_USER\Software\Classes\btdna\shell] "(Default)"="REG_SZ", "open" [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command] "(Default)"="REG_SZ", ""C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe" "/DNA"" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "wsTorrent.exe"="REG_DWORD", 8000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "uBar"="REG_SZ", ""C:\ProgramData\uBar\uBar\uBar.exe" -autorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uBar] "DisplayIcon"="REG_SZ", ""C:\ProgramData\uBar\uBar\Uninstall.exe",0" "DisplayName"="REG_SZ", "uBar" "Publisher"="REG_SZ", "uBar.pro" "UninstallString"="REG_SZ", ""C:\ProgramData\uBar\uBar\Uninstall.exe"" [HKEY_CURRENT_USER\Software\uBar\uBar] "DownloadFilesPath"="REG_SZ", "C:\Загрузки uBar\" "Installation directory"="REG_SZ", "C:\ProgramData\uBar\uBar\" "Version"="REG_SZ", "1.9.3.1" "WsTorrentInstallPath"="REG_SZ", "C:\ProgramData\uBar\uBar\modules\torrent\" [HKEY_CURRENT_USER\Software\uBar\uBar\Temporal] [HKEY_CURRENT_USER\Software\uBar_\uBarClientInfo] "ClientID"="REG_SZ", "781207451793782031" [HKEY_CURRENT_USER\Software\uBar_\uBarClientInfo\MiniBarForm] "FormVersion"="REG_DWORD", 0 [/code] Malwarebytes log: [code=auto:0]Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/8/17 Scan Time: 5:39 PM Logfile: mbamUBarInstall.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1895 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 330416 Time Elapsed: 2 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 3 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\uBar.exe, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\uBar.exe, Quarantined, [1050], [396466],1.0.1895 Module: 13 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\cef\libcef.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\cef\libcef.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\gui\libqt4_plugin.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libxml_plugin.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\libvlc.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\libvlccore.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\libeay32.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\libeay32.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\ssleay32.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\ssleay32.dll, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\uBar.exe, Quarantined, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\uBar.exe, Quarantined, [1050], [396466],1.0.1895 Registry Key: 5 PUP.Optional.UBar, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uBar, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, HKLM\SOFTWARE\CLASSES\uBarTorrent, Delete-on-Reboot, [1050], [396471],1.0.1895 PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lgdnilodcpljomelbbnpgdogdbmclbni, Delete-on-Reboot, [12], [373994],1.0.1895 PUP.Optional.UBar, HKCU\SOFTWARE\uBar, Delete-on-Reboot, [1050], [396470],1.0.1895 PUP.Optional.UBar, HKCU\SOFTWARE\uBar_, Delete-on-Reboot, [1050], [396469],1.0.1895 Registry Value: 1 PUP.Optional.UBar, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uBar, Delete-on-Reboot, [1050], [396466],1.0.1895 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 251 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\http\css\ui-lightness\images, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\services_discovery, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\http\css\ui-lightness, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\pt_BR\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\bn_IN\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\zh_CN\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\pt_PT\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\en_GB\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\es_MX\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\zh_TW\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ks_IN\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\fur\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\cgg\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\tet\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ckb\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ast\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_splitter, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\mai\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ach\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\be\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access_output, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\my\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ms\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\mr\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\mn\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ml\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_filter, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\text_renderer, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\visualization, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\mk\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ja\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ga\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\or\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\af\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\gd\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\am\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ka\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\an\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\gl\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ar\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\az\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\gu\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\kk\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\bg\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\he\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\bn\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ky\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\br\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\hi\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\bs\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\km\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ca\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\hr\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\co\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\lt\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\cs\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\hu\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\cy\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\da\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\hy\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\de\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\kn\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\el\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ia\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\es\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\et\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\lg\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\eu\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\id\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\fa\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ko\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ff\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\is\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\fi\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\lv\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\fr\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\it\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\nb\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ne\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\nl\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\nn\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\oc\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\pa\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\pl\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ps\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ro\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ru\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\si\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sk\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sl\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sq\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sr\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sv\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ta\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\te\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\th\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\tl\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\tr\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\uk\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\uz\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\vi\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\wa\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\zu\LC_MESSAGES, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_output, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_filter, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\data\uBarWebStore\Local Storage, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_mixer, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\meta_engine, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\http\requests, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\http\dialogs, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\dlimagecache, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\intf\modules, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\meta\fetcher, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\http\images, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\control, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\meta\reader, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\extensions, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\codec, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\http\css, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\meta\art, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\bn_IN, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\playlist, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\AutoLoad, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\Torrents, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\zh_CN, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\pt_BR, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\zh_TW, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\es_MX, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ks_IN, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\en_GB, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\pt_PT, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\modules, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\skins\fonts, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\gui, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\lua, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\http\js, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ast, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\tet, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ach, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\mai, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\cgg, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\fur, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ckb, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\bs, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ro, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ca, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ru, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\co, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\si, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\cs, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sk, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\cy, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sl, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\da, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sq, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\de, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sr, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\el, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\sv, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\et, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ta, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\eu, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\te, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\fa, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ff, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\fi, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\th, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\fr, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\tl, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ga, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\tr, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\gd, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\uk, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\gl, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\uz, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\gu, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\vi, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\he, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\wa, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\hi, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\hr, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\hy, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ia, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\id, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\zu, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\is, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\it, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ka, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\kk, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\km, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\kn, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ko, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ky, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\lg, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\lt, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\lv, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\es, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\mk, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ml, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\mn, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\mr, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ms, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\my, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ja, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\nb, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\or, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ne, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\af, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\nl, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\am, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\nn, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\an, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\oc, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ar, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\pa, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\az, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\pl, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\be, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\ps, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\bg, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\hu, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\bn, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale\br, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\http, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\intf, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\apps, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\meta, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\cef\locales, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua\sd, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\locale, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\data\uBarWebStore, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\skins, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\lua, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\cef, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\data, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\Recovery, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\PROGRAMDATA\UBAR, Delete-on-Reboot, [1050], [396466],1.0.1895 File: 652 PUP.Optional.UBar, C:\PROGRAMDATA\UBAR\UBAR\UBAR.LOG, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\Recovery\torrent.zip, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\cef\pepflashplayer.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\cef\snapshot_blob.bin, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\cef\widevinecdmadapter.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\cef\wow_helper.exe, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\apps\3609FC884502A1DF0AA5D9D160C827BB1BD51FC9.btapp, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\resume.dat, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\settings.dat, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\settings.dat.old, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\webui.zip, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\torrent\wsTorrent.exe, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libdvdnav_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libaccess_bd_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libaccess_mms_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libaccess_realrtsp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libattachment_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libbluray-j2se-0.9.3.jar, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libcdda_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libdshow_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libdtv_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libdvdread_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libfilesystem_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libftp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libhttp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libidummy_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libimem_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\liblibbluray_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\liblive555_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\librar_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\librtp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libscreen_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libsdp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libsftp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libshm_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libsmb_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libtcp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libtimecode_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libudp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libvcd_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libvdr_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access\libzip_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access_output\libaccess_output_dummy_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access_output\libaccess_output_file_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access_output\libaccess_output_http_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access_output\libaccess_output_livehttp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access_output\libaccess_output_shout_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\access_output\libaccess_output_udp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_filter\libugly_resampler_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_mixer\libfloat_mixer_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_mixer\libinteger_mixer_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_output\libadummy_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_output\libafile_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_output\libamem_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_output\libdirectsound_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_output\libmmdevice_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_output\libwasapi_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\audio_output\libwaveout_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\codec\libcvdsub_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\control\libwin_msg_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libdiracsys_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libmod_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libps_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libaiff_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libasf_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libau_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libavi_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libcaf_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libdemuxdump_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libdemux_cdg_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libdemux_stl_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libes_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libflacsys_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libgme_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libh264_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libhevc_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libimage_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libmjpeg_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libmkv_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libmp4_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libmpc_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libmpgv_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libnsc_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libnsv_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libnuv_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libogg_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libplaylist_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libpva_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\librawaud_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\librawdv_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\librawvid_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libreal_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libsid_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libsmf_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libsubtitle_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libts_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libtta_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libty_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libvc1_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libvobsub_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libvoc_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libwav_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\demux\libxa_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\gui\libqt4_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\gui\libskins2_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\lua\liblua_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\meta_engine\libfolder_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\meta_engine\libtaglib_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libaddonsfsstorage_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libaddonsvorepository_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libaudioscrobbler_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libexport_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libfingerprinter_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libgnutls_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\liblogger_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libstats_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libvod_rtsp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\misc\libxml_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_asf_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_avi_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_dummy_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_mp4_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_mpjpeg_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_ogg_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_ps_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_ts_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\mux\libmux_wav_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_copy_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_dirac_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_flac_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_h264_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_hevc_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_mlp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\packetizer\libpacketizer_vc1_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\services_discovery\libmediadirs_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\services_discovery\libpodcast_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\services_discovery\libsap_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\services_discovery\libupnp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\services_discovery\libwindrive_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_filter\libdash_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_filter\libhttplive_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_filter\librecord_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_filter\libsmooth_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_dummy_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_autodel_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_bridge_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_chromaprint_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_delay_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_description_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_display_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_duplicate_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_es_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_gather_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_langfromtelx_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_raop_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_record_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_rtp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_setid_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_smem_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_standard_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_stats_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\stream_out\libstream_out_transcode_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\text_renderer\libfreetype_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\text_renderer\libtdummy_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libchain_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libgrey_yuv_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi420_rgb_mmx_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi420_rgb_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi420_rgb_sse2_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi420_yuy2_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi422_i420_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi422_yuy2_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\librv32_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libswscale_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libyuy2_i420_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_chroma\libyuy2_i422_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libadjust_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libalphamask_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libanaglyph_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libantiflicker_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libatmo_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libaudiobargraph_v_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libball_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libblendbench_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libblend_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libbluescreen_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libcanvas_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libcolorthres_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libcroppadd_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libdeinterlace_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\liberase_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libextract_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libfreeze_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libgaussianblur_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libgradfun_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libgradient_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libgrain_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libhqdn3d_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libinvert_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\liblogo_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libmagnify_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libmirror_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libmosaic_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libmotionblur_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libmotiondetect_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\liboldmovie_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libposterize_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libpostproc_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libpsychedelic_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libpuzzle_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libremoteosd_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libripple_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\librotate_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\librss_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libscale_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libscene_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libsepia_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libsharpen_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libsubsdelay_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libtransform_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libvhs_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libwave_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libyuvp_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_filter\libmarq_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libcaca_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libdirect2d_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libdirect3d_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libdirectdraw_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libdrawable_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libglwin32_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libgl_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libvdummy_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libvmem_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libwingdi_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_output\libyuv_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_splitter\libclone_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_splitter\libpanoramix_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\video_splitter\libwall_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\visualization\libglspectrum_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\visualization\libgoom_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\visualization\libprojectm_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\visualization\libvisual_plugin.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\plugins\plugins.dat, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\skins\fonts\FreeSans.ttf, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\skins\fonts\FreeSansBold.ttf, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\skins\default.vlt, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\skins\skin.catalog, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\skins\skin.dtd, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\skins\winamp2.xml, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\AUTHORS.txt, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\axvlc.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\axvlc.dll.manifest, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\COPYING.txt, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\libvlc.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\libvlc.dll.manifest, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\libvlccore.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\NEWS.txt, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\npvlc.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\npvlc.dll.manifest, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\README.txt, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\spad-setup.exe, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\THANKS.txt, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\vlc-cache-gen.exe, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\vlc.exe, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\vlc.exe.manifest, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\vlc\vlc.ico, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\libeay32.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\modules\ssleay32.dll, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\uBar.exe, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\ProgramData\uBar\uBar\Uninstall.exe, Delete-on-Reboot, [1050], [396466],1.0.1895 PUP.Optional.UBar, C:\USERS\{username}\DESKTOP\UBARINSTALL.EXE, Delete-on-Reboot, [1050], [396473],1.0.1895 PUP.Optional.UBar, C:\USERS\{username}\APPDATA\LOCAL\UBAR.LNK, Delete-on-Reboot, [1050], [396463],1.0.1895 Physical Sector: 0 (No malicious items detected) (end)[/code] As mentioned before the [url=https://store.malwarebytes.org/342/purl-consumer?x-source=guides&x-action=uBar]full version of Malwarebytes[/url] could have protected your computer against this threat. We use different ways of protecting your computer(s): [LIST] [*][b]Dynamically Blocks Malware Sites & Servers[/b][/*] [*][b]Malware Execution Prevention[/b][/*] [/LIST] [size=3][b]Save yourself the hassle and get protected.[/b][/size] As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 8
- - pup.optional.ubar
  - russian bundler
  - (and 1 more)
    Tagged with:
    
    pup.optional.ubar
    
    russian bundler
    
    pup.optional.russad
Removal instructions for GetSports

Metallica posted a topic in Malware Removal Self-Help Guides

What is GetSports? The Malwarebytes research team has determined that GetSports is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. GetSports is a member of the Spigot family as described in the blogpost Spigot browser hijackers. How do I know if my computer is affected by GetSports? You may see these browser extensions/add-ons: and search settings like these: You may see this entry in your list of installed software: these warnings during install: and this new startpage in the affected browser(s): How did GetSports get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove GetSports? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GetSports? If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the GetSports entry. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the GetSports hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.getsports.co/?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30 SearchScopes: HKCU -> DefaultScope {8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1} URL = hxxp://search.getsports.co/s?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30&query={searchTerms} SearchScopes: HKCU -> {8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1} URL = hxxp://search.getsports.co/s?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30&query={searchTerms} FF NewTab: hxxp://search.getsports.co?uid={uid2}&uc={date}&ap=appfocus1&source=-v2-bb8&page=newtab&implementation_id=sports_0.2.0 FF Homepage: hxxp://search.getsports.co?uid={uid2}&uc={date}&ap=appfocus1&source=-v2-bb8&page=homepage&implementation_id=sports_0.2.0 FF Extension: Sports - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\Extensions\@Sports.xpi [2017-05-05] CHR Extension: (Get Sports) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco [2017-05-05] C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Get Sports (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 2.6.0.2 - Cloud Installer) The most significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0 Adds the file background.js"="12/6/2016 1:27 PM, 15293 bytes, A Adds the file contentscript.js"="12/6/2016 1:27 PM, 1238 bytes, A Adds the file icon.png"="5/5/2017 3:10 PM, 9393 bytes, A Adds the file manifest.json"="5/5/2017 3:10 PM, 1394 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_locales\en Adds the file messages.json"="5/5/2017 3:10 PM, 252 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_metadata Adds the file computed_hashes.json"="5/5/2017 3:10 PM, 1176 bytes, A Adds the file verified_contents.json"="12/6/2016 1:27 PM, 2783 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\css Adds the file description.css"="12/6/2016 1:27 PM, 1008 bytes, A Adds the file popup.css"="12/6/2016 1:27 PM, 95 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html\popup Adds the file description.html"="12/6/2016 1:27 PM, 242 bytes, A Adds the file popup.html"="12/6/2016 1:27 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js Adds the file userNewTab.js"="12/6/2016 1:27 PM, 2494 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js\popup Adds the file popup.js"="12/6/2016 1:27 PM, 793 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\newtab Adds the file newtab.html"="12/6/2016 1:27 PM, 190 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlfmljafhfcncnaekjmgnchfapibfmco Adds the file 000003.log"="5/5/2017 3:10 PM, 262 bytes, A Adds the file CURRENT"="5/5/2017 3:10 PM, 16 bytes, A Adds the file LOCK"="5/5/2017 3:10 PM, 0 bytes, A Adds the file LOG"="5/5/2017 3:10 PM, 184 bytes, A Adds the file MANIFEST-000001"="5/5/2017 3:10 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Adds the file Uninstall.exe"="5/5/2017 3:06 PM, 263168 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions Adds the file @Sports.xpi"="5/5/2017 3:08 PM, 43962 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\jetpack\@Sports\simple-storage Adds the file store.json"="5/5/2017 3:09 PM, 327 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.getsports.co/?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1}] "DisplayName"="REG_SZ", "Search" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.getsports.co/s?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "Get Sports" "DisplayVersion"="REG_SZ", "2.6.0.2" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\" "Publisher"="REG_SZ", "Cloud Installer" "UninstallHomepage"="REG_SZ", "http://search.getsports.co/?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30" "UninstallImpression"="REG_SZ", "http://imp.getsports.co/impression.do?source=-v2-bb8&sub_id={date}&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=appfocus1&user_id={uid1}&implementation_id=sports__1.30&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall" Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/5/17 Scan Time: 3:19 PM Logfile: mbamGetSports.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1874 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 329664 Time Elapsed: 2 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [625], [373878],1.0.1874 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1}, Delete-on-Reboot, [1974], [368913],1.0.1874 Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1}|URL, Delete-on-Reboot, [1974], [368913],1.0.1874 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 14 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [625], [373878],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\jetpack\@Sports\simple-storage, Delete-on-Reboot, [1974], [362990],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\JETPACK\@SPORTS, Delete-on-Reboot, [1974], [362990],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_locales\en, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html\popup, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_metadata, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js\popup, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_locales, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\newtab, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\css, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLFMLJAFHFCNCNAEKJMGNCHFAPIBFMCO, Delete-on-Reboot, [1974], [362981],1.0.1874 File: 20 PUP.Optional.Spigot, C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe, Delete-on-Reboot, [625], [373878],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\jetpack\@Sports\simple-storage\store.json, Delete-on-Reboot, [1974], [362990],1.0.1874 PUP.Optional.Spigot, C:\USERS\{username}\DESKTOP\GETSPORTS.EXE, Delete-on-Reboot, [625], [372110],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [1974], [361537],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [1974], [361538],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\EXTENSIONS\@SPORTS.XPI, Delete-on-Reboot, [1974], [362994],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLFMLJAFHFCNCNAEKJMGNCHFAPIBFMCO\4.0_0\BACKGROUND.JS, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\css\description.css, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\css\popup.css, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html\popup\description.html, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html\popup\popup.html, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js\popup\popup.js, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js\userNewTab.js, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\newtab\newtab.html, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_locales\en\messages.json, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_metadata\computed_hashes.json, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_metadata\verified_contents.json, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\contentscript.js, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\icon.png, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\manifest.json, Delete-on-Reboot, [1974], [362981],1.0.1874 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- May 5
- - pup.optional.spigot
  - spigot
  - (and 1 more)
    Tagged with:
    
    pup.optional.spigot
    
    spigot
    
    nlfmljafhfcncnaekjmgnchfapibfmco

Sign In

Metallica

Content count

Joined

Last visited

About Metallica

Contact Methods

Profile Information

Recent Profile Visitors

Gt-truth

LukeP3

l3386490

Aura

roger_m

fr33tux

msherwood

rhabdomantist

djrobison22

nancy999

ferrellr

Removal instructions for ServerTest

Removal instructions for SavingsCool

Removal instructions for GetMaps

Removal instructions for DriverDr

Removal instructions for Gifables

Removal instructions for ScreenUp

Removal instructions for Smart System Care

Removal instructions for FileTour bundler

Removal instructions for Watchdog PC Cleaner

Removal instructions for MyCleanPC

Removal instructions for MyTransitMapper

Removal instructions for Magic Pc Cleaner

Removal instructions for PC Reg Boost

Removal instructions for uBar

Removal instructions for GetSports

Browse

Activity

Malwarebytes.com