Metallica

Staff

View Profile See their activity

Content Count
2,212
Joined
April 21, 2008
Last visited
2 hours ago

4 Followers

About Metallica

Rank
Master of PUPs
Birthday 05/19/1963

Profile Information

Location
Netherlands

Recent Profile Visitors

161,778 profile views

rubberswip

October 12
ncodex

August 5
JBlaz

August 2
Fedor23

June 29
MHN39

May 31
ALEKSEI_J

May 18
ctam

April 26
Destroyer0705

April 18
hlscott1

March 23
amgad47

March 22
Gt-truth

March 13

Removal instructions for Advance PC Protector

Metallica posted a topic in Malware Removal Self-Help Guides

What is Advance PC Protector?The Malwarebytes research team has determined that Advance PC Protector is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Advance PC Protector?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and these screens during "operations":You may see this entry in your list of installed programs:How did Advance PC Protector get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Advance PC Protector?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Advance PC Protector? No, Malwarebytes removes Advance PC Protector completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Advance PC Protector installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (Akick Software Pvt. Ltd.) C:\Program Files (x86)\AKick\Advance PC Protector\app.exe C:\Users\Public\Desktop\Advance PC Protector.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC Protector C:\Program Files (x86)\AKick C:\ProgramData\AKick C:\Users\{username}\AppData\Roaming\Software Inc C:\ProgramData\Software Inc Advance PC Protector (HKLM-x32\...\{B7EA379B-341F-4FC3-A24C-9EE64E5A834E}}_is1) (Version: 2.0 - Advance PC Protector) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector Adds the file apcp.bat"="8/7/2018 1:25 PM, 51 bytes, A Adds the file app.exe"="10/9/2018 2:55 PM, 4840784 bytes, A Adds the file app.vshost.exe"="10/9/2018 2:48 PM, 24224 bytes, A Adds the file Core.dll"="2/24/2015 6:29 PM, 237568 bytes, A Adds the file Interop.NATUPNPLib.dll"="12/20/2014 3:40 PM, 7168 bytes, A Adds the file Interop.NETCONLib.dll"="12/20/2014 3:40 PM, 9728 bytes, A Adds the file Interop.NetFwTypeLib.dll"="12/20/2014 3:40 PM, 19456 bytes, A Adds the file Interop.Shell32.dll"="12/18/2014 3:35 PM, 36864 bytes, A Adds the file Interop.WUApiLib.dll"="12/18/2014 3:35 PM, 73728 bytes, A Adds the file logo.ico"="6/19/2018 1:09 PM, 21662 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="6/3/2014 1:08 AM, 171008 bytes, A Adds the file msvcr120.dll"="12/3/2016 9:09 PM, 970912 bytes, A Adds the file NLog.dll"="6/29/2018 12:42 PM, 480768 bytes, A Adds the file Savapi.NET.dll"="9/6/2018 11:20 AM, 89424 bytes, A Adds the file SharpCompress.dll"="11/13/2015 6:37 PM, 418304 bytes, A Adds the file Sys_Trace.xml"="8/18/2018 11:48 AM, 692 bytes, A Adds the file System.Data.SQLite.dll"="3/26/2018 9:52 AM, 353280 bytes, A Adds the file System.Data.SQLite.EF6.dll"="3/26/2018 9:52 AM, 186880 bytes, A Adds the file System.Data.SQLite.Linq.dll"="3/26/2018 9:52 AM, 186880 bytes, A Adds the file System.Data.SQLite.xml"="3/26/2018 9:52 AM, 1051056 bytes, A Adds the file unins000.dat"="10/19/2018 9:44 AM, 47559 bytes, A Adds the file unins000.exe"="10/19/2018 9:43 AM, 733008 bytes, A Adds the file unins000.msg"="10/19/2018 9:44 AM, 11420 bytes, A Adds the file Uninstaller.exe"="9/12/2018 3:48 PM, 251728 bytes, A Adds the file WpfAnimatedGif.dll"="8/7/2013 11:30 AM, 28160 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\de Adds the file app.resources.dll"="10/9/2018 2:55 PM, 17920 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\en Adds the file app.resources.dll"="10/9/2018 2:55 PM, 16384 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi Adds the file aebb.dll"="7/19/2018 2:46 PM, 71144 bytes, A Adds the file aecore.dll"="7/19/2018 2:46 PM, 278952 bytes, A Adds the file aecrypto.dll"="7/19/2018 2:46 PM, 141800 bytes, A Adds the file aeemu.dll"="7/19/2018 2:46 PM, 420248 bytes, A Adds the file aeexp.dll"="7/19/2018 2:46 PM, 399464 bytes, A Adds the file aegen.dll"="7/19/2018 2:46 PM, 707016 bytes, A Adds the file aehelp.dll"="7/19/2018 2:46 PM, 299728 bytes, A Adds the file aeheur.dll"="7/23/2018 1:26 PM, 11837736 bytes, A Adds the file aeheur_agen.dat"="7/19/2018 2:46 PM, 1278846 bytes, A Adds the file aelibinf.dll"="7/19/2018 2:46 PM, 79464 bytes, A Adds the file aelidb.dat"="7/19/2018 2:46 PM, 88150 bytes, A Adds the file aemobile.dll"="7/19/2018 2:46 PM, 362072 bytes, A Adds the file aemvdb.dat"="7/19/2018 2:46 PM, 1793 bytes, A Adds the file aeoffice.dll"="7/19/2018 2:46 PM, 707016 bytes, A Adds the file aepack.dll"="7/19/2018 2:46 PM, 856632 bytes, A Adds the file aerdl.dll"="7/19/2018 2:46 PM, 1263912 bytes, A Adds the file aesbx.dll"="7/19/2018 2:46 PM, 1667056 bytes, A Adds the file aescn.dll"="7/19/2018 2:46 PM, 158416 bytes, A Adds the file aescript.dll"="7/23/2018 1:26 PM, 1060280 bytes, A Adds the file aeset.dat"="7/23/2018 1:26 PM, 3119 bytes, A Adds the file aevdf.dat"="7/23/2018 2:24 PM, 5482 bytes, A Adds the file aevdf.dll"="7/19/2018 2:46 PM, 154264 bytes, A Adds the file apchash.dll"="10/25/2016 2:24 PM, 24712 bytes, A Adds the file auccert.crt"="7/19/2018 2:46 PM, 1546 bytes, A Adds the file avgio.dll"="3/7/2018 5:26 PM, 61872 bytes, A Adds the file avlode.rdf"="7/19/2018 2:46 PM, 215629 bytes, A Adds the file avreg.yml"="7/19/2018 2:46 PM, 8752 bytes, A Adds the file cacert.crt"="7/19/2018 2:46 PM, 7586 bytes, A Adds the file HBEDV.KEY"="7/18/2018 5:16 PM, 512 bytes, A Adds the file master.idx"="7/19/2018 2:46 PM, 0 bytes, A Adds the file plg_fops_dummy.dll"="10/25/2016 2:24 PM, 23552 bytes, A Adds the file productname.dat"="10/25/2016 2:50 PM, 15 bytes, A Adds the file savapi.conf"="10/25/2016 3:06 PM, 28509 bytes, A Adds the file savapi.dll"="3/9/2018 3:18 PM, 1804680 bytes, A Adds the file savapi_post.bat"="10/25/2016 3:06 PM, 3045 bytes, A Adds the file savapi_pre.bat"="10/25/2016 3:06 PM, 531 bytes, A Adds the file savapi_pretest.bat"="10/25/2016 3:06 PM, 2597 bytes, A Adds the file savapiclient.dll"="10/25/2016 2:24 PM, 216760 bytes, A Adds the file vdfupd.dll"="3/28/2014 10:47 AM, 102480 bytes, A Adds the file xbv00000.vdf"="7/23/2018 2:24 PM, 43855208 bytes, A Adds the file xbv00255.vdf"="7/23/2018 2:24 PM, 2408 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi\idx Adds the file master.idx"="7/23/2018 2:30 PM, 56 bytes, A Adds the file module-vdf.info"="7/23/2018 2:30 PM, 141082 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi\on_access Adds the file on-access-drivers-install.cmd"="10/25/2016 3:06 PM, 3737 bytes, A Adds the file on-access-drivers-uninstall.cmd"="10/25/2016 3:06 PM, 3745 bytes, A Adds the file README"="10/25/2016 3:06 PM, 386 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi\on_access\utils Adds the file on-access-drivers-final.cmd"="10/25/2016 3:06 PM, 902 bytes, A Adds the file on-access-drivers-post.cmd"="10/25/2016 3:06 PM, 3104 bytes, A Adds the file on-access-drivers-pre.cmd"="10/25/2016 3:06 PM, 2637 bytes, A Adds the file sd_inst.exe"="10/25/2016 2:50 PM, 17904 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi\on_access\win32\win8 Adds the file avgntflt.cat"="10/14/2016 12:22 PM, 8179 bytes, A Adds the file avgntflt.inf"="10/17/2016 4:53 PM, 2537 bytes, A Adds the file avgntflt.sys"="10/14/2016 12:22 PM, 126064 bytes, A Adds the file avipbb.cat"="10/14/2016 12:22 PM, 8171 bytes, A Adds the file avipbb.inf"="10/14/2016 12:22 PM, 2051 bytes, A Adds the file avipbb.sys"="10/14/2016 12:22 PM, 151784 bytes, A Adds the file avkmgr.cat"="10/14/2016 12:22 PM, 7736 bytes, A Adds the file avkmgr.inf"="10/14/2016 12:22 PM, 1888 bytes, A Adds the file avkmgr.sys"="10/14/2016 12:22 PM, 44208 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi\on_access\win32\xp Adds the file avgntflt.cat"="10/14/2016 12:22 PM, 718 bytes, A Adds the file avgntflt.inf"="10/17/2016 4:53 PM, 2463 bytes, A Adds the file avgntflt.sys"="10/14/2016 12:22 PM, 119208 bytes, A Adds the file avipbb.cat"="10/14/2016 12:22 PM, 714 bytes, A Adds the file avipbb.inf"="10/14/2016 12:22 PM, 1962 bytes, A Adds the file avipbb.sys"="10/14/2016 12:22 PM, 140272 bytes, A Adds the file avkmgr.cat"="10/14/2016 12:22 PM, 714 bytes, A Adds the file avkmgr.inf"="10/14/2016 12:22 PM, 1889 bytes, A Adds the file avkmgr.sys"="10/14/2016 12:22 PM, 37896 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi\on_access\win64\vista Adds the file avgntflt.cat"="10/14/2016 12:22 PM, 8197 bytes, A Adds the file avgntflt.inf"="10/17/2016 4:53 PM, 2537 bytes, A Adds the file avgntflt.sys"="10/14/2016 12:22 PM, 177432 bytes, A Adds the file avipbb.cat"="10/14/2016 12:22 PM, 8189 bytes, A Adds the file avipbb.inf"="10/14/2016 12:22 PM, 2052 bytes, A Adds the file avipbb.sys"="10/14/2016 12:22 PM, 145536 bytes, A Adds the file avkmgr.cat"="10/14/2016 12:22 PM, 8164 bytes, A Adds the file avkmgr.inf"="10/14/2016 12:22 PM, 2000 bytes, A Adds the file avkmgr.sys"="10/14/2016 12:22 PM, 28600 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi\on_access\win64\win8 Adds the file avgntflt.cat"="10/14/2016 12:22 PM, 8211 bytes, A Adds the file avgntflt.inf"="10/17/2016 4:53 PM, 2537 bytes, A Adds the file avgntflt.sys"="10/14/2016 12:22 PM, 151352 bytes, A Adds the file avipbb.cat"="10/14/2016 12:22 PM, 8203 bytes, A Adds the file avipbb.inf"="10/14/2016 12:22 PM, 2052 bytes, A Adds the file avipbb.sys"="10/14/2016 12:22 PM, 153392 bytes, A Adds the file avkmgr.cat"="10/14/2016 12:22 PM, 8202 bytes, A Adds the file avkmgr.inf"="10/14/2016 12:22 PM, 2000 bytes, A Adds the file avkmgr.sys"="10/14/2016 12:22 PM, 35488 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\savapi\on_access\win64\xp Adds the file avgntflt.inf"="10/17/2016 4:53 PM, 2400 bytes, A Adds the file avgntflt.sys"="10/14/2016 12:22 PM, 168672 bytes, A Adds the file avipbb.inf"="10/14/2016 12:22 PM, 1912 bytes, A Adds the file avipbb.sys"="10/14/2016 12:22 PM, 136768 bytes, A Adds the file avkmgr.inf"="10/14/2016 12:22 PM, 1937 bytes, A Adds the file avkmgr.sys"="10/14/2016 12:22 PM, 28600 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\x64 Adds the file SQLite.Interop.dll"="3/26/2018 9:52 AM, 1534464 bytes, A Adds the folder C:\Program Files (x86)\AKick\Advance PC Protector\x86 Adds the file SQLite.Interop.dll"="3/26/2018 9:52 AM, 1149440 bytes, A Adds the folder C:\ProgramData\AKick Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC Protector Adds the file Advance PC Protector.lnk"="10/19/2018 9:44 AM, 1296 bytes, A Adds the file Uninstall Advance PC Protector.lnk"="10/19/2018 9:44 AM, 1327 bytes, A Adds the folder C:\ProgramData\Software Inc\Advanced PC Protector\setting Adds the folder C:\Users\{username}\AppData\Roaming\Software Inc\Advanced PC Protector\setting Adds the file aa_pp.vt"="10/19/2018 9:49 AM, 208896 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Advance PC Protector.lnk"="10/19/2018 9:44 AM, 1278 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Akick\Advanced PC Protector\Activation] "fr"="REG_SZ", "ltq0QtDhldHcsZw6b/CXsntHw3cFawpzNVoCyFaiNI8=" "ft"="REG_SZ", "jq19efUBtSDaRwUSS5+nPg==" "Insdate"="REG_SZ", "G6fXCYN/8XYQYFPTiorfcviLAELtAw7OIzkQnwvvptY=" "IsTrack"="REG_SZ", "1" "lap"="REG_SZ", "ltq0QtDhldHcsZw6b/CXsntHw3cFawpzNVoCyFaiNI8=" "lbdp"="REG_SZ", "ltq0QtDhldHcsZw6b/CXsntHw3cFawpzNVoCyFaiNI8=" "lbp"="REG_SZ", "ltq0QtDhldHcsZw6b/CXsntHw3cFawpzNVoCyFaiNI8=" "lr"="REG_SZ", "RWg21r+eJj60xuNeMECG4lHyecaI7EElkjbLNgrilp4=" "lsp"="REG_SZ", "ltq0QtDhldHcsZw6b/CXsntHw3cFawpzNVoCyFaiNI8=" "Program"="REG_SZ", "Advance PC Protector" "vdfs"="REG_SZ", "0" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7EA379B-341F-4FC3-A24C-9EE64E5A834E}}_is1] "Comments"="REG_SZ", "Advance PC Protector" "Contact"="REG_SZ", "1800-813-3481" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\AKick\Advance PC Protector\logo.ico" "DisplayName"="REG_SZ", "Advance PC Protector" "DisplayVersion"="REG_SZ", "2.0" "EstimatedSize"="REG_DWORD", 38264 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\AKick\Advance PC Protector" "Inno Setup: Icon Group"="REG_SZ", "Advance PC Protector" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20181019" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\AKick\Advance PC Protector\" "MajorVersion"="REG_DWORD", 2 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Advance PC Protector" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\AKick\Advance PC Protector\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\AKick\Advance PC Protector\unins000.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/19/18 Scan Time: 9:56 AM Log File: 892f50d8-d374-11e8-b6c1-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7427 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238268 Threats Detected: 57 Threats Quarantined: 57 Time Elapsed: 2 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\APP.EXE, Quarantined, [702], [582361],1.0.7427 Module: 21 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AECORE.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEHELP.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AERDL.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\APP.EXE, Quarantined, [702], [582361],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEBB.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\X86\SQLITE.INTEROP.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEHEUR.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AESBX.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\MSVCR120.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEGEN.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEPACK.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\SAVAPI.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEEXP.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEOFFICE.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEVDF.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AECRYPTO.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AELIBINF.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AESCN.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEEMU.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEMOBILE.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AESCRIPT.DLL, Quarantined, [702], [584522],1.0.7427 Registry Key: 2 PUP.Optional.AdvancePCProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B7EA379B-341F-4FC3-A24C-9EE64E5A834E}}_IS1, Quarantined, [702], [583930],1.0.7427 PUP.Optional.AdvancePCProtector, HKLM\SOFTWARE\WOW6432NODE\AKICK\Advanced PC Protector, Quarantined, [702], [583929],1.0.7427 Registry Value: 1 PUP.Optional.AdvancePCProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B7EA379B-341F-4FC3-A24C-9EE64E5A834E}}_IS1|DISPLAYNAME, Quarantined, [702], [583930],1.0.7427 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 PUP.Optional.AdvancePCProtector, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADVANCE PC PROTECTOR, Quarantined, [702], [584524],1.0.7427 PUP.Optional.AdvancePCProtector, C:\ProgramData\Software Inc\Advanced PC Protector\setting, Quarantined, [702], [584523],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAMDATA\Software Inc\Advanced PC Protector, Quarantined, [702], [584523],1.0.7427 PUP.Optional.AdvancePCProtector, C:\Users\{username}\AppData\Roaming\Software Inc\Advanced PC Protector\setting, Quarantined, [702], [584523],1.0.7427 PUP.Optional.AdvancePCProtector, C:\USERS\{username}\APPDATA\ROAMING\Software Inc\Advanced PC Protector, Quarantined, [702], [584523],1.0.7427 File: 27 PUP.Optional.AdvancePCProtector, C:\USERS\PUBLIC\DESKTOP\ADVANCE PC PROTECTOR.LNK, Quarantined, [702], [583927],1.0.7427 PUP.Optional.AdvancePCProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC Protector\Advance PC Protector.lnk, Quarantined, [702], [584524],1.0.7427 PUP.Optional.AdvancePCProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC Protector\Uninstall Advance PC Protector.lnk, Quarantined, [702], [584524],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AECORE.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEHELP.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AERDL.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advance PC Protector.lnk, Quarantined, [702], [582361],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\APP.EXE, Quarantined, [702], [582361],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEBB.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\X86\SQLITE.INTEROP.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEHEUR.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AESBX.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\MSVCR120.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEGEN.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEPACK.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\SAVAPI.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEEXP.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEOFFICE.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEVDF.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AECRYPTO.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AELIBINF.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AESCN.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEEMU.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AEMOBILE.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\PROGRAM FILES (X86)\AKICK\ADVANCE PC PROTECTOR\SAVAPI\AESCRIPT.DLL, Quarantined, [702], [584522],1.0.7427 PUP.Optional.AdvancePCProtector, C:\Users\{username}\AppData\Roaming\Software Inc\Advanced PC Protector\setting\aa_pp.vt, Quarantined, [702], [584523],1.0.7427 PUP.Optional.AdvancePCProtector, C:\USERS\{username}\DESKTOP\ADPCPSETUP.EXE, Quarantined, [702], [582361],1.0.7427 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- 2 hours ago
- - pup.optional.advancepcprotector
  - akick
  - (and 3 more)
    Tagged with:
    
    pup.optional.advancepcprotector
    
    akick
    
    1-800-813-3481
    
    18008133481
    
    advancepcprotector.com
Removal instructions for SD Downloader

Metallica posted a topic in Malware Removal Self-Help Guides

What is SD Downloader?The Malwarebytes research team has determined that SD Downloader is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.How do I know if my computer is affected by SD Downloader?You may see this entry in your list of installed Chrome extensions:and these warnings during install:and you will see this icon in your Chrome menu-bar:How did SD Downloader get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:through their website:How do I remove SD Downloader?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SD Downloader? No, Malwarebytes removes SD Downloader completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the SD Downloader hijacker. It would have blocked you before you could visit the website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR Extension: (SD Downloader) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei [2018-10-16] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0 Adds the file bookmarks.html"="6/8/2017 9:25 PM, 451 bytes, A Adds the file manifest.json"="10/16/2018 4:46 PM, 1231 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_locales\en Adds the file messages.json"="10/16/2018 4:46 PM, 1121 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_locales\it Adds the file messages.json"="10/16/2018 4:46 PM, 1175 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_metadata Adds the file computed_hashes.json"="10/16/2018 4:46 PM, 2794 bytes, A Adds the file verified_contents.json"="10/11/2018 1:49 PM, 2824 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\css Adds the file font-awesome.min.css"="6/8/2017 12:33 PM, 17783 bytes, A Adds the file style.css"="6/9/2017 11:16 AM, 1670 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\fonts Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\images Adds the file logo128.png"="10/16/2018 4:46 PM, 8243 bytes, A Adds the file logo16.png"="10/16/2018 4:46 PM, 569 bytes, A Adds the file logo48.png"="10/16/2018 4:46 PM, 2483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\js Adds the file config.js"="6/8/2017 9:38 PM, 742 bytes, A Adds the file functions.js"="5/31/2017 11:18 AM, 1276 bytes, A Adds the file jquery-3.2.1.min.js"="5/31/2017 11:18 AM, 86659 bytes, A Adds the file popup.js"="6/9/2017 11:33 AM, 4276 bytes, A Adds the file wheesbee.js"="10/11/2018 1:49 PM, 598 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmofklodkbiklgbefobdaoipecmcjeei Adds the file 000003.log"="10/16/2018 4:47 PM, 417 bytes, A Adds the file CURRENT"="10/16/2018 4:46 PM, 16 bytes, A Adds the file LOCK"="10/16/2018 4:46 PM, 0 bytes, A Adds the file LOG"="10/16/2018 4:48 PM, 412 bytes, A Adds the file LOG.old"="10/16/2018 4:46 PM, 185 bytes, A Adds the file MANIFEST-000001"="10/16/2018 4:46 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jmofklodkbiklgbefobdaoipecmcjeei"="REG_SZ", "16E8B4088E870F5A1A500C013A6208C652731CB2209C1321FF36EC10715E1BEC" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/18/18 Scan Time: 8:31 AM Log File: 64a5d76d-d29f-11e8-b8c2-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7409 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238220 Threats Detected: 35 Threats Quarantined: 35 Time Elapsed: 2 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Adware.SearchEngineHijack, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jmofklodkbiklgbefobdaoipecmcjeei, Quarantined, [336], [583249],1.0.7409 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_locales\en, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_locales\it, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_metadata, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_locales, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\images, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\fonts, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\css, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\js, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\jmofklodkbiklgbefobdaoipecmcjeei, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\jmofklodkbiklgbefobdaoipecmcjeei, Quarantined, [336], [583249],1.0.7409 File: 23 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\css\font-awesome.min.css, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\css\style.css, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\images\logo128.png, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\images\logo16.png, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\images\logo48.png, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\js\config.js, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\js\functions.js, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\js\jquery-3.2.1.min.js, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\js\popup.js, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\js\wheesbee.js, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_locales\en\messages.json, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_locales\it\messages.json, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_metadata\computed_hashes.json, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\_metadata\verified_contents.json, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\bookmarks.html, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmofklodkbiklgbefobdaoipecmcjeei\3.3.11_0\manifest.json, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmofklodkbiklgbefobdaoipecmcjeei\000003.log, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmofklodkbiklgbefobdaoipecmcjeei\CURRENT, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmofklodkbiklgbefobdaoipecmcjeei\LOCK, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmofklodkbiklgbefobdaoipecmcjeei\LOG, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmofklodkbiklgbefobdaoipecmcjeei\MANIFEST-000001, Quarantined, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [336], [583249],1.0.7409 Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [336], [583249],1.0.7409 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Yesterday at 07:49 AM
- - adware.searchenginehijack
  - jmofklodkbiklgbefobdaoipecmcjeei
  - (and 1 more)
    Tagged with:
    
    adware.searchenginehijack
    
    jmofklodkbiklgbefobdaoipecmcjeei
    
    checktored.com
Removal instructions for Driver Talent

Metallica posted a topic in Malware Removal Self-Help Guides

What is Driver Talent?The Malwarebytes research team has determined that Driver Talent is a "driver updater". These so-called "system optimizers" often use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Driver Talent?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and this screen during "operations":You may see this entry in your list of installed programs:How did Driver Talent get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Driver Talent?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Driver Talent? No, Malwarebytes removes Driver Talent completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Driver Talent installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (OSToto Co., Ltd.) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [160760 2018-08-28] () C:\Users\{username}\AppData\Roaming\DriverTalent C:\OSTotoFolder C:\ProgramData\DriverTalent C:\Users\Public\Desktop\Driver Talent.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent C:\Program Files (x86)\OSTotoSoft Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 7.1.6.26 - OSToto Co., Ltd.) FirewallRules: [{782DF19E-EE7C-4E6D-B511-910FB20F2266}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe FirewallRules: [{E39114CE-EE58-45EC-BF31-73874155F124}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll FirewallRules: [{63E65784-B1D3-4894-8154-6CEBD5BA0531}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe FirewallRules: [{DB3897C6-5ECC-4EE2-928F-32D25AEE637A}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\OSTotoFolder\DriversBackup Adds the folder C:\OSTotoFolder\DriversDownLoad Adds the file DownLoadInfo.db"="10/17/2018 9:08 AM, 4096 bytes, A Adds the folder C:\OSTotoFolder\Pre-download Adds the folder C:\OSTotoFolder\SoftDownLoad Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent Adds the file 7z.dll"="8/28/2018 9:15 AM, 919296 bytes, A Adds the file AdModule.dll"="9/20/2018 6:04 AM, 1101816 bytes, A Adds the file bios.dll"="8/28/2018 9:15 AM, 124408 bytes, A Adds the file detoured.dll"="8/28/2018 9:15 AM, 9064 bytes, A Adds the file DevCfg.dll"="8/28/2018 9:15 AM, 124920 bytes, A Adds the file DIFxAPI.dll"="8/28/2018 9:15 AM, 323464 bytes, A Adds the file DriverTalent.exe"="9/26/2018 2:25 PM, 3429368 bytes, A Adds the file DrvAllRepair.dll"="8/28/2018 9:15 AM, 251896 bytes, A Adds the file drvbak.dll"="8/28/2018 9:15 AM, 237048 bytes, A Adds the file drvget.dll"="8/28/2018 9:15 AM, 261624 bytes, A Adds the file drvsrc.dll"="9/20/2018 6:04 AM, 260600 bytes, A Adds the file DTInstUI.dll"="9/20/2018 6:04 AM, 1440760 bytes, A Adds the file DTLAutoSetup.dll"="8/28/2018 9:15 AM, 647672 bytes, A Adds the file DTLDrvUninst.dll"="8/28/2018 9:15 AM, 1302008 bytes, A Adds the file DtlPlug.dll"="8/28/2018 9:15 AM, 174584 bytes, A Adds the file dtlsdkconfig.dll"="8/28/2018 9:15 AM, 73208 bytes, A Adds the file DTLUI.dll"="8/28/2018 9:15 AM, 880120 bytes, A Adds the file gzipdll.dll"="9/6/2018 10:04 AM, 609272 bytes, A Adds the file HardWare.exe"="8/28/2018 9:15 AM, 783352 bytes, A Adds the file InfDrvSetup.dll"="8/28/2018 9:15 AM, 211960 bytes, A Adds the file key.dat"="8/28/2018 9:15 AM, 32 bytes, A Adds the file LDrvSvc.dll"="8/28/2018 9:15 AM, 160760 bytes, A Adds the file libcurl.dll"="8/28/2018 9:15 AM, 344056 bytes, A Adds the file MonReboot.dll"="8/28/2018 9:15 AM, 206328 bytes, A Adds the file netprtdrv.dll"="8/28/2018 9:15 AM, 276472 bytes, A Adds the file netprtenum.dll"="8/28/2018 9:15 AM, 236536 bytes, A Adds the file nvaudcap32v.dll"="8/28/2018 9:15 AM, 146480 bytes, A Adds the file nvaudcap64v.dll"="8/28/2018 9:15 AM, 29984 bytes, A Adds the file p2spd.dll"="9/27/2018 6:06 AM, 189944 bytes, A Adds the file pcid.dll"="8/28/2018 9:15 AM, 136696 bytes, A Adds the file pcidetect.dll"="8/28/2018 9:15 AM, 328696 bytes, A Adds the file pcidrv.dll"="8/28/2018 9:15 AM, 1146360 bytes, A Adds the file pcioffdrv.dll"="8/28/2018 9:15 AM, 815608 bytes, A Adds the file pnpdrv.dll"="8/28/2018 9:15 AM, 359928 bytes, A Adds the file sqlcache.dll"="8/28/2018 9:15 AM, 167416 bytes, A Adds the file sqlite3.dll"="8/28/2018 9:15 AM, 619000 bytes, A Adds the file substat.dll"="8/28/2018 9:15 AM, 172024 bytes, A Adds the file TrayTool.exe"="8/28/2018 9:15 AM, 596472 bytes, A Adds the file udp.dll"="8/28/2018 9:15 AM, 121336 bytes, A Adds the file Uninst.dar0"="10/17/2018 9:07 AM, 1535 bytes, A Adds the file Uninst.dar1"="10/17/2018 9:07 AM, 24553 bytes, A Adds the file uninstall.dll"="9/20/2018 6:04 AM, 663032 bytes, A Adds the file Uninstall.exe"="9/27/2018 6:06 AM, 539704 bytes, A Adds the file usbenum.dll"="9/20/2018 6:04 AM, 193528 bytes, A Adds the file xldl.dll"="8/28/2018 9:15 AM, 244168 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup Adds the file filter.proc"="8/28/2018 9:15 AM, 478 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\config Adds the file externalapp.xml"="10/17/2018 9:08 AM, 3266 bytes, A Adds the file externalappTemp.xml"="10/17/2018 9:08 AM, 3266 bytes, A Adds the file gamelist.json"="10/17/2018 9:08 AM, 35212 bytes, A Adds the file toolbox_png_ConquerorLive_1.png"="8/28/2018 9:15 AM, 3072 bytes, A Adds the file toolbox_png_ConquerorLive_2.png"="8/28/2018 9:15 AM, 4096 bytes, A Adds the file toolbox_png_HardwareDetection_1.png"="8/28/2018 9:15 AM, 1024 bytes, A Adds the file toolbox_png_HardwareDetection_2.png"="8/28/2018 9:15 AM, 1024 bytes, A Adds the file userconfig.dat"="10/17/2018 9:07 AM, 55 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\download Adds the file atl71.dll"="8/28/2018 9:15 AM, 89600 bytes, A Adds the file dl_peer_id.dll"="8/28/2018 9:15 AM, 92080 bytes, A Adds the file download_engine.dll"="8/28/2018 9:15 AM, 3398088 bytes, A Adds the file id.dat"="8/28/2018 9:15 AM, 22 bytes, A Adds the file MiniThunderPlatform.exe"="8/28/2018 9:15 AM, 248264 bytes, A Adds the file minizip.dll"="8/28/2018 9:15 AM, 19968 bytes, A Adds the file msvcp71.dll"="8/28/2018 9:15 AM, 499712 bytes, A Adds the file msvcr71.dll"="8/28/2018 9:15 AM, 355032 bytes, A Adds the file XLBugHandler.dll"="8/28/2018 9:15 AM, 100808 bytes, A Adds the file XLBugReport.exe"="8/28/2018 9:15 AM, 248264 bytes, A Adds the file zlib1.dll"="8/28/2018 9:15 AM, 59904 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64 Adds the file devcon32.exe"="9/20/2018 6:04 AM, 93688 bytes, A Adds the file devcon64.exe"="9/20/2018 6:04 AM, 97784 bytes, A Adds the file DIFxAPI.dll"="8/28/2018 9:15 AM, 332424 bytes, A Adds the file DIFxAPI64.dll"="8/28/2018 9:15 AM, 519048 bytes, A Adds the file drv32.exe"="8/28/2018 9:15 AM, 171000 bytes, A Adds the file drv64.exe"="8/28/2018 9:15 AM, 208376 bytes, A Adds the file DrvSigner.exe"="8/28/2018 9:15 AM, 161784 bytes, A Adds the file DrvSigner64.exe"="8/28/2018 9:15 AM, 178680 bytes, A Adds the file SignFile.exe"="8/28/2018 9:15 AM, 175608 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\Dtlconfig Adds the file DtlSetup.xml"="8/28/2018 9:15 AM, 6962 bytes, A Adds the file unsetup.xml"="8/28/2018 9:15 AM, 5455 bytes, A Adds the file wndconfigdata.xml"="8/28/2018 9:15 AM, 936 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0 Adds the file drv0.7zz"="8/28/2018 9:15 AM, 64066 bytes, A Adds the file drv1.7zz"="8/28/2018 9:15 AM, 35526 bytes, A Adds the file drv2.7zz"="8/28/2018 9:15 AM, 35513 bytes, A Adds the file drv3.7zz"="8/28/2018 9:15 AM, 29600 bytes, A Adds the file drv4.7zz"="8/28/2018 9:15 AM, 31875 bytes, A Adds the file drv5.7zz"="8/28/2018 9:15 AM, 29602 bytes, A Adds the file drv6.7zz"="8/28/2018 9:15 AM, 35375 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv1 Adds the file drv0.7zz"="8/28/2018 9:15 AM, 126095 bytes, A Adds the file drv1.7zz"="8/28/2018 9:15 AM, 145334 bytes, A Adds the file drv2.7zz"="8/28/2018 9:15 AM, 130677 bytes, A Adds the file drv3.7zz"="8/28/2018 9:15 AM, 150970 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv2 Adds the file drv0.7zz"="8/28/2018 9:15 AM, 149181 bytes, A Adds the file drv1.7zz"="8/28/2018 9:15 AM, 175800 bytes, A Adds the file drv2.7zz"="8/28/2018 9:15 AM, 148313 bytes, A Adds the file drv3.7zz"="8/28/2018 9:15 AM, 175825 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3 Adds the file drv0.7zz"="8/28/2018 9:15 AM, 35201 bytes, A Adds the file drv1.7zz"="8/28/2018 9:15 AM, 50958 bytes, A Adds the file drv2.7zz"="8/28/2018 9:15 AM, 63574 bytes, A Adds the file drv3.7zz"="8/28/2018 9:15 AM, 59567 bytes, A Adds the file drv4.7zz"="8/28/2018 9:15 AM, 75348 bytes, A Adds the file drv5.7zz"="8/28/2018 9:15 AM, 59484 bytes, A Adds the file drv6.7zz"="8/28/2018 9:15 AM, 72860 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win7_x64 Adds the file wdmaudio.inf"="8/28/2018 9:15 AM, 9180 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win7_x86 Adds the file wdmaudio.inf"="8/28/2018 9:15 AM, 9172 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8.1_x64 Adds the file wdmaudio.inf"="8/28/2018 9:15 AM, 24704 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8.1_x86 Adds the file wdmaudio.inf"="8/28/2018 9:15 AM, 24696 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8_x64 Adds the file wdmaudio.inf"="8/28/2018 9:15 AM, 19574 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8_x86 Adds the file wdmaudio.inf"="8/28/2018 9:15 AM, 19566 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLPlugs Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare Adds the file VR_INFO.xml"="8/28/2018 9:15 AM, 3260 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\HWInfo Adds the file cpuidsdk.dll"="8/28/2018 9:15 AM, 1405104 bytes, A Adds the file cpuidsdk64.dll"="8/28/2018 9:15 AM, 1681072 bytes, A Adds the file DeviceManuf.db3"="8/28/2018 9:15 AM, 136192 bytes, A Adds the file HardwareInfo.dll"="8/28/2018 9:15 AM, 1312944 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan Adds the file language_HardWare.ini"="8/28/2018 9:15 AM, 3416 bytes, A Adds the file language_HardWare_arabic.ini"="8/28/2018 9:15 AM, 3460 bytes, A Adds the file language_HardWare_armenian.ini"="8/28/2018 9:15 AM, 3698 bytes, A Adds the file language_HardWare_french.ini"="8/28/2018 9:15 AM, 3702 bytes, A Adds the file language_HardWare_german.ini"="8/28/2018 9:15 AM, 3618 bytes, A Adds the file language_HardWare_japanese.ini"="8/28/2018 9:15 AM, 3010 bytes, A Adds the file language_HardWare_portuguese.ini"="8/28/2018 9:15 AM, 3624 bytes, A Adds the file language_HardWare_russian.ini"="8/28/2018 9:15 AM, 3612 bytes, A Adds the file language_HardWare_spanish.ini"="8/28/2018 9:15 AM, 3726 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan Adds the file arabic.ini"="8/28/2018 9:15 AM, 95736 bytes, A Adds the file armenian.ini"="8/28/2018 9:15 AM, 119814 bytes, A Adds the file bulgarian.ini"="8/28/2018 9:15 AM, 107292 bytes, A Adds the file english.ini"="8/29/2018 1:23 PM, 99340 bytes, A Adds the file french.ini"="8/28/2018 9:15 AM, 111962 bytes, A Adds the file german.ini"="8/28/2018 9:15 AM, 126554 bytes, A Adds the file greek.ini"="8/28/2018 9:15 AM, 112338 bytes, A Adds the file japanese.ini"="8/28/2018 9:15 AM, 81176 bytes, A Adds the file korean.ini"="8/28/2018 9:15 AM, 78262 bytes, A Adds the file language_UserFeedBack.ini"="8/28/2018 9:15 AM, 1632 bytes, A Adds the file language_UserFeedBack_arabic.ini"="8/28/2018 9:15 AM, 4086 bytes, A Adds the file language_UserFeedBack_armenian.ini"="8/28/2018 9:15 AM, 4046 bytes, A Adds the file language_UserFeedBack_bulgarian.ini"="8/28/2018 9:15 AM, 4310 bytes, A Adds the file language_UserFeedBack_french.ini"="8/28/2018 9:15 AM, 4510 bytes, A Adds the file language_UserFeedBack_german.ini"="8/28/2018 9:15 AM, 4442 bytes, A Adds the file language_UserFeedBack_greek.ini"="8/28/2018 9:15 AM, 3548 bytes, A Adds the file language_UserFeedBack_japanese.ini"="8/28/2018 9:15 AM, 3514 bytes, A Adds the file language_UserFeedBack_korean.ini"="8/28/2018 9:15 AM, 2704 bytes, A Adds the file language_UserFeedBack_polish.ini"="8/28/2018 9:15 AM, 4238 bytes, A Adds the file language_UserFeedBack_portuguese.ini"="8/28/2018 9:15 AM, 4628 bytes, A Adds the file language_UserFeedBack_russian.ini"="8/28/2018 9:15 AM, 4430 bytes, A Adds the file language_UserFeedBack_spanish.ini"="8/28/2018 9:15 AM, 4544 bytes, A Adds the file language_UserFeedBack_turkish.ini"="8/28/2018 9:15 AM, 4334 bytes, A Adds the file persian.ini"="8/28/2018 9:15 AM, 101918 bytes, A Adds the file polish.ini"="8/28/2018 9:15 AM, 107944 bytes, A Adds the file portuguese.ini"="8/28/2018 9:15 AM, 121754 bytes, A Adds the file readme.txt"="8/28/2018 9:15 AM, 852 bytes, A Adds the file russian.ini"="8/28/2018 9:15 AM, 122998 bytes, A Adds the file slovenian.ini"="8/28/2018 9:15 AM, 106666 bytes, A Adds the file spanish.ini"="8/28/2018 9:15 AM, 108212 bytes, A Adds the file systemlan.xml"="8/28/2018 9:15 AM, 865 bytes, A Adds the file turkish.ini"="8/28/2018 9:15 AM, 103084 bytes, A Adds the file UserConfig.dat"="10/17/2018 9:08 AM, 40 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\updater Adds the file CheckUpdate.dll"="8/28/2018 9:15 AM, 278184 bytes, A Adds the file Upg.exe"="8/28/2018 9:15 AM, 537448 bytes, A Adds the folder C:\Program Files (x86)\OSTotoSoft\DriverTalent\webad Adds the file DTLUI.dll"="8/28/2018 9:15 AM, 721400 bytes, A Adds the file WebADShowTool.exe"="8/28/2018 9:15 AM, 601592 bytes, A Adds the file wke.dll"="8/28/2018 9:15 AM, 11474432 bytes, A Adds the folder C:\ProgramData\DriverTalent Adds the file BackupList.dat"="10/17/2018 9:08 AM, 41 bytes, A Adds the file dtldrvcache101040022.db"="10/17/2018 9:08 AM, 13312 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent Adds the file Driver Talent.lnk"="10/17/2018 9:07 AM, 1124 bytes, A Adds the file Uninstall Driver Talent.lnk"="10/17/2018 9:07 AM, 1109 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\DriverTalent\Config Adds the file UserConfig.dat"="10/17/2018 9:09 AM, 217 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Driver Talent.lnk"="10/17/2018 9:07 AM, 1106 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION] "DriverTalent.exe"="REG_DWORD", 8000 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe" "DisplayName"="REG_SZ", "Driver Talent" "DisplayVersion"="REG_SZ", "7.1.6.26" "EstimatedSize"="REG_DWORD", 36388 "HelpLink"="REG_SZ", "http://bbs.160.com/forum-66-1.html" "InstallDate"="REG_SZ", "20181017" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\OSTotoSoft\DriverTalent" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "OSToto Co., Ltd." "UninstallString"="REG_SZ", "C:\Program Files (x86)\OSTotoSoft\DriverTalent\Uninstall.exe -m=control" "URLInfoAbout"="REG_SZ", "http://www.drivethelife.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost] "LocalDriverService"="REG_MULTI_SZ, "LDrvSvc " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OSTotoSoft\DriverTalent] "AppPath"="REG_SZ", "C:\Program Files (x86)\OSTotoSoft\DriverTalent" "OemID"="REG_DWORD", 1 "UnionId"="REG_DWORD", 2548 "UserID"="REG_BINARY, (zero length data) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LDrvSvc] "Description"="REG_SZ", "System device driver service. Any reliant services would be disabled without it turning on." "DisplayName"="REG_SZ", "Local Driver Service" "ErrorControl"="REG_DWORD", 1 "FailureActions"="REG_BINARY, ...................... "FailureCommand"="REG_SZ", ""C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe" /start_to_service" "ImagePath"="REG_EXPAND_SZ, "%SystemRoot%\System32\svchost.exe -k LocalDriverService" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 32 "WOW64"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LDrvSvc\Parameters] "ServiceDll"="REG_EXPAND_SZ, "C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll" [HKEY_CURRENT_USER\Software\OSTotoSoft\DriverTalent] "AppPath"="REG_SZ", "C:\Program Files (x86)\OSTotoSoft\DriverTalent" "OemID"="REG_DWORD", 1 "UnionId"="REG_DWORD", 2548 "UserID"="REG_BINARY, (zero length data) "Version"="REG_DWORD", 701060026 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/17/18 Scan Time: 9:17 AM Log File: aaf4455b-d1dc-11e8-9ecc-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7395 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238253 Threats Detected: 239 Threats Quarantined: 239 Time Elapsed: 3 min, 27 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe, Quarantined, [405], [475790],1.0.7395 Module: 30 PUP.Optional.DriveTheLife, C:\PROGRAM FILES (X86)\OSTOTOSOFT\DRIVERTALENT\LDRVSVC.DLL, Quarantined, [405], [475816],1.0.7395 PUP.Optional.DriveTheLife, C:\PROGRAM FILES (X86)\OSTOTOSOFT\DRIVERTALENT\LDRVSVC.DLL, Quarantined, [405], [475816],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\updater\CheckUpdate.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLAutoSetup.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\libcurl.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\libcurl.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DevCfg.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drvbak.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drvget.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drvsrc.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLDrvUninst.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DtlPlug.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtlsdkconfig.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLUI.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\gzipdll.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\netprtdrv.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\netprtenum.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\p2spd.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pcidetect.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pcidrv.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pcioffdrv.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pnpdrv.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\sqlcache.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\sqlite3.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\substat.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\substat.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\udp.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\udp.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\usbenum.dll, Quarantined, [405], [475790],1.0.7395 Registry Key: 4 PUP.Optional.DriveTheLife, HKLM\SOFTWARE\WOW6432NODE\OSTOTOSOFT\DRIVERTALENT, Quarantined, [405], [475857],1.0.7395 PUP.Optional.DriveTheLife, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LDRVSVC, Quarantined, [405], [475816],1.0.7395 PUP.Optional.DriveTheLife, HKCU\SOFTWARE\OSTOTOSOFT\DRIVERTALENT, Quarantined, [405], [475860],1.0.7395 PUP.Optional.DriveTheLife, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1, Quarantined, [405], [475790],1.0.7395 Registry Value: 4 PUP.Optional.DriveTheLife, HKLM\SOFTWARE\WOW6432NODE\OSTOTOSOFT\DRIVERTALENT|APPPATH, Quarantined, [405], [475857],1.0.7395 PUP.Optional.DriveTheLife, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LDRVSVC|FAILURECOMMAND, Quarantined, [405], [475816],1.0.7395 PUP.Optional.DriveTheLife, HKCU\SOFTWARE\OSTOTOSOFT\DRIVERTALENT|APPPATH, Quarantined, [405], [475860],1.0.7395 PUP.Optional.DriveTheLife, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE, Quarantined, [405], [478671],1.0.7395 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 31 PUP.Optional.DriveTheLife, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER TALENT, Quarantined, [405], [475797],1.0.7395 PUP.Optional.DriveTheLife, C:\PROGRAMDATA\DRIVERTALENT, Quarantined, [405], [475796],1.0.7395 PUP.Optional.DriveTheLife, C:\Users\{username}\AppData\Roaming\DriverTalent\Config, Quarantined, [405], [475805],1.0.7395 PUP.Optional.DriveTheLife, C:\USERS\{username}\APPDATA\ROAMING\DRIVERTALENT, Quarantined, [405], [475805],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8.1_x64, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8.1_x86, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win7_x64, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win7_x86, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8_x64, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8_x86, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\HWInfo, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv1, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv2, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Dtlconfig, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLPlugs, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\updater, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\cache, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\webad, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\PROGRAM FILES (X86)\OSTOTOSOFT\DRIVERTALENT, Quarantined, [405], [475790],1.0.7395 File: 169 PUP.Optional.DriveTheLife, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER TALENT\DRIVER TALENT.LNK, Quarantined, [405], [475797],1.0.7395 PUP.Optional.DriveTheLife, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent\Uninstall Driver Talent.lnk, Quarantined, [405], [475797],1.0.7395 PUP.Optional.DriveTheLife, C:\USERS\PUBLIC\DESKTOP\DRIVER TALENT.LNK, Quarantined, [405], [475806],1.0.7395 PUP.Optional.DriveTheLife, C:\PROGRAMDATA\DRIVERTALENT\BACKUPLIST.DAT, Quarantined, [405], [475796],1.0.7395 PUP.Optional.DriveTheLife, C:\ProgramData\DriverTalent\dtldrvcache101040022.db, Quarantined, [405], [475796],1.0.7395 PUP.Optional.DriveTheLife, C:\USERS\{username}\APPDATA\ROAMING\DRIVERTALENT\CONFIG\USERCONFIG.DAT, Quarantined, [405], [475805],1.0.7395 PUP.Optional.DriveTheLife, C:\PROGRAM FILES (X86)\OSTOTOSOFT\DRIVERTALENT\LDRVSVC.DLL, Quarantined, [405], [475816],1.0.7395 PUP.Optional.DriveTheLife, C:\PROGRAM FILES (X86)\OSTOTOSOFT\DRIVERTALENT\LAN\LANGUAGE_USERFEEDBACK.INI, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup\filter.proc, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-1.png, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-10.png, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-2.png, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-5.png, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config\externalapp.xml, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config\externalappTemp.xml, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config\gamelist.json, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config\toolbox_png_ConquerorLive_1.png, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config\toolbox_png_ConquerorLive_2.png, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config\toolbox_png_HardwareDetection_1.png, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config\toolbox_png_HardwareDetection_2.png, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\config\userconfig.dat, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\atl71.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\dl_peer_id.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\download_engine.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\id.dat, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\minizip.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\msvcp71.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\msvcr71.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\XLBugHandler.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\XLBugReport.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\zlib1.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\devcon32.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\devcon64.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\DIFxAPI.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\DIFxAPI64.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\drv32.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\drv64.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\DrvSigner.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\DrvSigner64.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drv64\SignFile.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Dtlconfig\DtlSetup.xml, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Dtlconfig\unsetup.xml, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Dtlconfig\wndconfigdata.xml, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0\drv0.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0\drv1.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0\drv2.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0\drv3.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0\drv4.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0\drv5.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv0\drv6.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv1\drv0.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv1\drv1.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv1\drv2.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv1\drv3.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv2\drv0.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv2\drv1.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv2\drv2.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv2\drv3.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3\drv0.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3\drv1.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3\drv2.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3\drv3.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3\drv4.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3\drv5.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\dtldrv3\drv6.7zz, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win7_x64\wdmaudio.inf, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win7_x86\wdmaudio.inf, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8.1_x64\wdmaudio.inf, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8.1_x86\wdmaudio.inf, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8_x64\wdmaudio.inf, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtldrv\wdmaudio\win8_x86\wdmaudio.inf, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\HWInfo\cpuidsdk.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\HWInfo\cpuidsdk64.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\HWInfo\DeviceManuf.db3, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\HWInfo\HardwareInfo.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare_arabic.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare_armenian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare_french.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare_german.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare_japanese.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare_portuguese.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare_russian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\lan\language_HardWare_spanish.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare\VR_INFO.xml, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_arabic.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\arabic.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\armenian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\bulgarian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\english.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\french.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\german.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\greek.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\japanese.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\korean.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_armenian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_bulgarian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_french.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_german.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_greek.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_japanese.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_korean.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_polish.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_portuguese.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_russian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_spanish.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\language_UserFeedBack_turkish.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\persian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\polish.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\portuguese.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\readme.txt, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\russian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\slovenian.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\spanish.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\systemlan.xml, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\turkish.ini, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\lan\UserConfig.dat, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\updater\CheckUpdate.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\updater\Upg.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\webad\DTLUI.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\webad\WebADShowTool.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\webad\wke.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLAutoSetup.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\libcurl.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\7z.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\AdModule.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\bios.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\detoured.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DevCfg.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DIFxAPI.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DrvAllRepair.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drvbak.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drvget.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\drvsrc.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTInstUI.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLDrvUninst.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DtlPlug.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\dtlsdkconfig.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLUI.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\gzipdll.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\HardWare.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\InfDrvSetup.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\key.dat, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\MonReboot.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\netprtdrv.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\netprtenum.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\nvaudcap32v.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\nvaudcap64v.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\p2spd.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pcid.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pcidetect.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pcidrv.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pcioffdrv.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\pnpdrv.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\sqlcache.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\sqlite3.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\substat.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\TrayTool.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\udp.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Uninst.dar0, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Uninst.dar1, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\uninstall.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\Uninstall.exe, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\usbenum.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\Program Files (x86)\OSTotoSoft\DriverTalent\xldl.dll, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Driver Talent.lnk, Quarantined, [405], [475790],1.0.7395 PUP.Optional.DriveTheLife, C:\USERS\{username}\DESKTOP\DRIVERTALENT_SETUP.EXE, Quarantined, [405], [475783],1.0.7395 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Wednesday at 09:18 AM
- - pup.optional.drivethelife
  - drivethelife.com
  - (and 2 more)
    Tagged with:
    
    pup.optional.drivethelife
    
    drivethelife.com
    
    ldrvsvc
    
    ostoto co.
Removal instructions for AbsoluteConverter

Metallica posted a topic in Malware Removal Self-Help Guides

What is AbsoluteConverter?The Malwarebytes research team has determined that AbsoluteConverter is a bundler. These bundlers install other PUPs or adware on the affected computer.This particualr one installs the AppMaster PUP that behaves like adware.How do I know if my computer is affected by AbsoluteConverter?This is the main window of the program:and this is the icon you may see on your desktop and in your start-menu:and you may see this entry in your list of installed Programs and Features:and these processes in the Task Manager:How did AbsoluteConverter get on my computer?Adware applications use different methods for distributing themselves. This particular one was downloaded from their website:How do I remove AbsoluteConverter?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of AbsoluteConverter? No, Malwarebytes removes AbsoluteConverter completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate these PUPs.As you can see below the full version of Malwarebytes would have protected you against the AbsoluteConverter bundler. It would have blocked their domain, stopping the download. Technical details for expertsPossible signs in FRST logs: () C:\Users\{username}\AppData\Local\Temp\IXP000.TMP\AppMaster.exe HKLM-x32\...\RunOnce: [wextract_cleanup0] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\{username}1\AppData\Local\Temp\IXP000.TMP\" <===== ATTENTION C:\Users\{username}\Desktop\AbsoluteConverter.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\AbsoluteConverter.lnk C:\Users\{username}\AppData\Roaming\AppMaster (Microsoft Corporation) C:\Users\{username}\Desktop\AbsoluteConverter.exe AbsoluteConverter (HKCU\...\AbsoluteConverter) (Version: 10.0.0 - AbsoluteConverter) Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\AppMaster Adds the file AbsoluteConverter.ico"="7/1/2018 3:22 PM, 34060 bytes, A Adds the file AppMaster.exe"="7/1/2018 3:30 PM, 2103760 bytes Adds the file AppMaster.exe.config"="12/8/2017 9:42 AM, 242 bytes Adds the file apps.txt"="10/16/2018 10:08 AM, 19 bytes, A Adds the file pref.txt"="10/16/2018 10:08 AM, 264 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu Adds the file AbsoluteConverter.lnk"="10/16/2018 10:08 AM, 1991 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file AbsoluteConverter.lnk"="10/16/2018 10:08 AM, 2011 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "wextract_cleanup0"="REG_SZ", "rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\{username}1\AppData\Local\Temp\IXP000.TMP\"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AbsoluteConverter] "ApplicationVersion"="REG_SZ", "10.0.0" "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Roaming\AppMaster\AbsoluteConverter.ico" "DisplayName"="REG_SZ", "AbsoluteConverter" "DisplayVersion"="REG_SZ", "10.0.0" "EstimatedSize"="REG_DWORD", 2054 "InstallDate"="REG_SZ", "20181016" "Publisher"="REG_SZ", "AbsoluteConverter" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Roaming\AppMaster\AppMaster.exe uninstall force://uninstall?guid=AbsoluteConverter" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/16/18 Scan Time: 10:22 AM Log File: a043b048-d11c-11e8-9407-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7377 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238220 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.AppMaster.TskLnk, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AbsoluteConverter, Quarantined, [769], [581511],1.0.7377 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.AppMaster.TskLnk, C:\USERS\{username}\APPDATA\ROAMING\APPMASTER, Quarantined, [769], [581511],1.0.7377 File: 9 PUP.Optional.AppMaster.TskLnk, C:\Users\{username}\AppData\Roaming\AppMaster\AbsoluteConverter.ico, Quarantined, [769], [581511],1.0.7377 PUP.Optional.AppMaster.TskLnk, C:\Users\{username}\AppData\Roaming\AppMaster\AppMaster.exe, Quarantined, [769], [581511],1.0.7377 PUP.Optional.AppMaster.TskLnk, C:\Users\{username}\AppData\Roaming\AppMaster\AppMaster.exe.config, Quarantined, [769], [581511],1.0.7377 PUP.Optional.AppMaster.TskLnk, C:\Users\{username}\AppData\Roaming\AppMaster\apps.txt, Quarantined, [769], [581511],1.0.7377 PUP.Optional.AppMaster.TskLnk, C:\Users\{username}\AppData\Roaming\AppMaster\pref.txt, Quarantined, [769], [581511],1.0.7377 PUP.Optional.AppMaster.TskLnk, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Windows\Start Menu\AbsoluteConverter.lnk, Quarantined, [769], [581511],1.0.7377 PUP.Optional.AppMaster.TskLnk, C:\USERS\{username}\DESKTOP\AbsoluteConverter.lnk, Quarantined, [769], [581511],1.0.7377 PUP.Optional.AppMaster.TskLnk, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Windows\Recent\apps.txt.lnk, Quarantined, [769], [581511],1.0.7377 PUP.Optional.AppMaster.TskLnk, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Windows\Recent\pref.txt.lnk, Quarantined, [769], [581511],1.0.7377 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Tuesday at 09:06 AM
- - pup.optional.appmaster
  - absoluteconverter.com
  - (and 1 more)
    Tagged with:
    
    pup.optional.appmaster
    
    absoluteconverter.com
    
    pup.optional.appmaster.tsklnk
Removal instructions for dipladoks.org

Metallica posted a topic in Malware Removal Self-Help Guides

What is dipladoks.org?The Malwarebytes research team has determined that dipladoks.org is adware. These adware applications display advertisements not originating from the sites you are browsing.This particular one opens a browser window to the domain dipladoks.org which acts as a redirector.How do I know if my computer is affected by dipladoks.org?You may see this task in your Scheduled Tasks:How did dipladoks.org get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed by a bundler.How do I remove dipladoks.org?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of dipladoks.org? No, Malwarebytes removes dipladoks.org completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the dipladoks.org adware. We block the bundlers and some of their domains.Technical details for expertsPossible signs in FRST logs: HKCU\...\Run: [dell] => cmd.exe /c start www.dipladoks.org C:\Windows\System32\Tasks\dell Task: {0838094B-0398-42F9-A31F-F4FC641775E2} - System32\Tasks\dell => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v dell /t REG_SZ /d "cmd.exe /c start www.dipladoks.org" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/15/18 Scan Time: 8:54 AM Log File: 2579e182-d047-11e8-9cbb-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7353 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238293 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 2 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 3 Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\dell, Quarantined, [1064], [582223],1.0.7353 Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0838094B-0398-42F9-A31F-F4FC641775E2}, Quarantined, [1064], [582223],1.0.7353 Adware.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0838094B-0398-42F9-A31F-F4FC641775E2}, Quarantined, [1064], [582223],1.0.7353 Registry Value: 1 Adware.StartPage.USACVAR, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DELL, Quarantined, [6526], [582222],1.0.7353 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Adware.StartPage, C:\WINDOWS\SYSTEM32\TASKS\dell, Quarantined, [1064], [582223],1.0.7353 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Monday at 08:57 AM
- - adware.startpage
  - dell
  - (and 1 more)
    Tagged with:
    
    adware.startpage
    
    dell
    
    dipladoks.org
ANSWERED www.bgadvocaten.nl (198.20.107.90)

Metallica replied to ict-concept-noc's topic in Website Blocking

Hi Alrik, From what I can tell from our logs the problem was with the Wordpress part of your site and that seems to have been fixed. I'll ask our web protection team to have another expert look and remove the block if this is true. Best regards, Pieter
- October 12
- 2 replies
Removal instructions for Steam Frenzy

Metallica posted a topic in Malware Removal Self-Help Guides

What is Steam Frenzy?The Malwarebytes research team has determined that Steam Frenzy is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Steam Frenzy is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Steam Frenzy?You may see this browser extension:these warnings during install:You may see this changed setting:and this newtab-page in the affected browsers:How did Steam Frenzy get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was promoted by their website:and the Chrome extension was downloaded from the webstore:How do I remove Steam Frenzy?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Steam Frenzy? No, Malwarebytes' Anti-Malware removes Steam Frenzy completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Steam Frenzy hijacker. It would have blocked traffic to their domains: Technical details for expertsPossible signs in a FRST log: CHR Extension: (StreamFrenzy) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb [2018-10-12] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0 Adds the file manifest.json"="10/12/2018 10:34 AM, 2490 bytes, A Adds the file newtabproduct.html"="9/5/2018 10:47 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_locales\en Adds the file messages.json"="10/12/2018 10:34 AM, 230 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_metadata Adds the file computed_hashes.json"="10/12/2018 10:34 AM, 4688 bytes, A Adds the file verified_contents.json"="9/6/2018 5:35 PM, 5540 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\config Adds the file config.json"="9/6/2018 5:35 PM, 2050 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons Adds the file icon128.png"="10/12/2018 10:34 AM, 9147 bytes, A Adds the file icon16.png"="9/5/2018 10:47 PM, 798 bytes, A Adds the file icon19disabled.png"="9/5/2018 10:47 PM, 554 bytes, A Adds the file icon19on.png"="10/12/2018 10:34 AM, 1152 bytes, A Adds the file icon48.png"="10/12/2018 10:34 AM, 4938 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js Adds the file ajax.js"="9/5/2018 10:47 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="9/5/2018 10:47 PM, 11186 bytes, A Adds the file background.js"="9/6/2018 5:34 PM, 23420 bytes, A Adds the file browserUtils.js"="9/5/2018 10:47 PM, 912 bytes, A Adds the file chrome.js"="9/5/2018 10:47 PM, 146 bytes, A Adds the file content_script.js"="9/5/2018 10:47 PM, 2151 bytes, A Adds the file dlp.js"="9/5/2018 10:47 PM, 5659 bytes, A Adds the file dlpHelper.js"="9/5/2018 10:47 PM, 1799 bytes, A Adds the file extension_detect.js"="9/5/2018 10:47 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="9/5/2018 10:47 PM, 2855 bytes, A Adds the file index.js"="9/5/2018 10:47 PM, 49 bytes, A Adds the file initOfferCEF.js"="9/5/2018 10:47 PM, 8802 bytes, A Adds the file logger.js"="9/5/2018 10:47 PM, 541 bytes, A Adds the file offerService.js"="9/5/2018 10:47 PM, 10337 bytes, A Adds the file pageUtils.js"="9/5/2018 10:47 PM, 2805 bytes, A Adds the file PartnerId.js"="9/5/2018 10:47 PM, 16402 bytes, A Adds the file product.js"="9/5/2018 10:47 PM, 8403 bytes, A Adds the file splashPageLocalStorageSetter.js"="9/5/2018 10:47 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="9/5/2018 10:47 PM, 2868 bytes, A Adds the file storage.js"="9/5/2018 10:47 PM, 1640 bytes, A Adds the file TabManager.js"="9/5/2018 10:47 PM, 151 bytes, A Adds the file TemplateParser.js"="9/5/2018 10:47 PM, 3038 bytes, A Adds the file ul.js"="9/5/2018 10:47 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="9/5/2018 10:47 PM, 1631 bytes, A Adds the file urlUtils.js"="9/5/2018 10:47 PM, 5349 bytes, A Adds the file util.js"="9/5/2018 10:47 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="9/5/2018 10:47 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="9/5/2018 10:47 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb Adds the file 000003.log"="10/12/2018 10:40 AM, 4930 bytes, A Adds the file CURRENT"="10/12/2018 10:34 AM, 16 bytes, A Adds the file LOCK"="10/12/2018 10:34 AM, 0 bytes, A Adds the file LOG"="10/12/2018 10:36 AM, 412 bytes, A Adds the file LOG.old"="10/12/2018 10:34 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/12/2018 10:34 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fmpkhjobgenhkejocohgfcgigbfnhakb"="REG_SZ", "12D42DAD42B9D7413AAF12C538CFE073F2BACB906A2476599A119FCDED1AC4B4" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/12/18 Scan Time: 10:43 AM Log File: e69b85b9-cdfa-11e8-a26e-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7309 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238437 Threats Detected: 58 Threats Quarantined: 58 Time Elapsed: 2 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_locales\en, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_metadata, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_locales, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\config, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMPKHJOBGENHKEJOCOHGFCGIGBFNHAKB, Quarantined, [1700], [467555],1.0.7309 File: 47 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\000003.log, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\CURRENT, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\LOCK, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\LOG, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\LOG.old, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\MANIFEST-000001, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMPKHJOBGENHKEJOCOHGFCGIGBFNHAKB\13.809.15.2824_0\MANIFEST.JSON, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\config\config.json, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon128.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon16.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon19disabled.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon19on.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon48.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\logger.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\ajax.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\b2b-partner-tracking.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\background.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\browserUtils.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\chrome.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\content_script.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\dlp.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\dlpHelper.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\extension_detect.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\genericLoadRemoteSettings.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\index.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\initOfferCEF.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\offerService.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\pageUtils.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\PartnerId.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\product.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\splashPageLocalStorageSetter.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\splashPageRedirectHandler.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\storage.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\TabManager.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\TemplateParser.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\ul.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\urlFragmentActions.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\urlUtils.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\util.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\webtooltabAPI.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\webTooltabAPIProxy.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_locales\en\messages.json, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_metadata\computed_hashes.json, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_metadata\verified_contents.json, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\newtabproduct.html, Quarantined, [1700], [467555],1.0.7309 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 12
- - pup.optional.mindspark
  - fmpkhjobgenhkejocohgfcgigbfnhakb
  - (and 3 more)
    Tagged with:
    
    pup.optional.mindspark
    
    fmpkhjobgenhkejocohgfcgigbfnhakb
    
    streamfrenzy.com
    
    apn llc
    
    linkury
Removal instructions for FunSafeTab

Metallica posted a topic in Malware Removal Self-Help Guides

What is FunSafeTab?The Malwarebytes research team has determined that FunSafeTab is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.How do I know if my computer is affected by FunSafeTab?You may see these browser extensions/add-ons:and these warnings during install:and you will see this icon in your browsers menu-bar:How did FunSafeTab get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website:the Chrome extension through the webstore:How do I remove FunSafeTab?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of FunSafeTab? No, Malwarebytes removes FunSafeTab completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the FunSafeTab hijacker. It would have blocked access to the domain, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\{3ec925f3-200e-4b55-9daf-18fa4b383d89}.xpi [2018-10-11] CHR DefaultSearchURL: Default -> hxxps://search.funsafetabsearch.com/?src=FunSafeTab_ds&q={searchTerms} CHR DefaultSearchKeyword: Default -> keyword.FunSafeTab CHR Extension: (FunSafeTab) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh [2018-10-11] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0 Adds the file background.js"="3/28/2017 10:56 AM, 4038 bytes, A Adds the file logo.png"="10/11/2018 11:14 AM, 5604 bytes, A Adds the file manifest.json"="10/11/2018 11:14 AM, 2217 bytes, A Adds the file popup.html"="3/28/2017 10:56 AM, 680 bytes, A Adds the file redirect.html"="3/28/2017 10:56 AM, 52 bytes, A Adds the file redirect.js"="9/9/2018 12:13 PM, 3292 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\_metadata Adds the file computed_hashes.json"="10/11/2018 11:14 AM, 452 bytes, A Adds the file verified_contents.json"="9/9/2018 12:13 PM, 1844 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file {3ec925f3-200e-4b55-9daf-18fa4b383d89}.xpi"="10/11/2018 11:09 AM, 25008 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jiaefckccjamabimeaecinjilddlfmlh"="REG_SZ", "F52F1C299838420A9CB6F86E12B620CCB4FC255059615B02ED01A6C050CC58CF" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/11/18 Scan Time: 11:21 AM Log File: 02538811-cd37-11e8-9d51-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7291 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238427 Threats Detected: 14 Threats Quarantined: 14 Time Elapsed: 2 min, 41 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\_metadata, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIAEFCKCCJAMABIMEAECINJILDDLFMLH, Quarantined, [14326], [495186],1.0.7291 File: 11 PUP.Optional.FunSafeTab, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\{3EC925F3-200E-4B55-9DAF-18FA4B383D89}.XPI, Quarantined, [2122], [491255],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIAEFCKCCJAMABIMEAECINJILDDLFMLH\1.1_0\MANIFEST.JSON, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\_metadata\computed_hashes.json, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\_metadata\verified_contents.json, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\background.js, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\logo.png, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\popup.html, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\redirect.html, Quarantined, [14326], [495186],1.0.7291 PUP.Optional.FunSafeTab.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaefckccjamabimeaecinjilddlfmlh\1.1_0\redirect.js, Quarantined, [14326], [495186],1.0.7291 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 11
- - pup.optional.funsafetab
  - jiaefckccjamabimeaecinjilddlfmlh
  - (and 3 more)
    Tagged with:
    
    pup.optional.funsafetab
    
    jiaefckccjamabimeaecinjilddlfmlh
    
    {3ec925f3-200e-4b55-9daf-18fa4b383d89}.xpi
    
    funsafetab.com
    
    imali media
Removal instructions for Driver Whiz

Metallica posted a topic in Malware Removal Self-Help Guides

What is Driver Whiz?The Malwarebytes research team has determined that Driver Whiz is a "driver updater". These so-called "system optimizers" sometimes use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Driver Whiz?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and these screens during "operations":You may see this entry in your list of installed programs:and these tasks in your list of Scheduled Tasks:How did Driver Whiz get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Driver Whiz?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Driver Whiz? No, Malwarebytes removes Driver Whiz completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Driver Whiz installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsYou may see these entries in FRST logs: () C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe C:\Windows\System32\Tasks\DriverWhiz_ScheduledScan C:\Windows\System32\Tasks\DriverWhiz_DailyScan C:\Program Files (x86)\DriverWhiz C:\Users\Public\Desktop\DriverWhiz.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverWhiz (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS (383 Media, Inc.) C:\Users\{username}\Desktop\Driverwhiz.exe C:\Users\{username}\AppData\Local\Temp\DWHelper_installFinish.exe C:\Users\{username}\AppData\Local\Temp\DWHelper_installStart.exe Driver Whiz (HKLM\...\Driver Whiz) (Version: 2.8.2 - 383 Media, Inc.) Task: {1F5C6870-6F5C-43F8-9528-4111CC6B948D} - System32\Tasks\DriverWhiz_ScheduledScan => C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe [2017-01-14] () Task: {9FE25769-79BF-42B9-9210-B4B75751D08F} - System32\Tasks\DriverWhiz_DailyScan => C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe [2017-01-14] () () C:\Program Files (x86)\DriverWhiz\DriversScanner.dll Significant alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\DriverWhiz Adds the file DPInst32.exe"="1/13/2017 1:06 PM, 795104 bytes, A Adds the file DPInst64.exe"="1/13/2017 1:06 PM, 930272 bytes, A Adds the file Driver Whiz.url"="10/10/2018 8:48 AM, 51 bytes, A Adds the file DriverResults.xml"="10/10/2018 8:49 AM, 25086 bytes, A Adds the file DriverScan.xml"="10/10/2018 8:49 AM, 44044 bytes, A Adds the file DriverScan.xml.gzip"="10/10/2018 8:49 AM, 7568 bytes, A Adds the file DriversScanner.dll"="1/14/2017 8:57 AM, 92792 bytes, A Adds the file DriverWhiz.exe"="1/14/2017 8:57 AM, 747128 bytes, A Adds the file DriverWhiz.exe.config"="1/13/2017 1:08 PM, 862 bytes, A Adds the file dwc.dll"="1/14/2017 8:57 AM, 803960 bytes, A Adds the file DWUninstall.exe"="1/14/2017 9:01 AM, 439008 bytes, A Adds the file icon.ico"="1/13/2017 1:08 PM, 16958 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="1/14/2017 8:57 AM, 55416 bytes, A Adds the file Interop.Shell32.dll"="1/14/2017 8:57 AM, 55416 bytes, A Adds the file Language.txt"="1/13/2017 1:06 PM, 16478 bytes, A Adds the file Language-bp.txt"="1/13/2017 1:06 PM, 16840 bytes, A Adds the file Language-de.txt"="1/13/2017 1:06 PM, 14895 bytes, A Adds the file Language-en.txt"="1/13/2017 1:06 PM, 16478 bytes, A Adds the file Language-fr.txt"="1/13/2017 1:06 PM, 15690 bytes, A Adds the file Language-it.txt"="1/13/2017 1:06 PM, 15310 bytes, A Adds the file log_20181010084910212.txt"="10/10/2018 8:49 AM, 1234 bytes, A Adds the file log_pre_20181010084906861.txt"="10/10/2018 8:49 AM, 395 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="1/14/2017 8:57 AM, 177272 bytes, A Adds the file Newtonsoft.Json.dll"="1/14/2017 8:57 AM, 376440 bytes, A Adds the file schtasks.bin"="10/10/2018 8:49 AM, 886 bytes, A Adds the file settings.xml"="10/10/2018 8:49 AM, 1713 bytes, A Adds the file unrar.dll"="1/14/2017 8:57 AM, 167032 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\Downloads Adds the folder C:\Program Files (x86)\DriverWhiz\driver Adds the file DrvAgent64.cat"="1/13/2017 1:08 PM, 7707 bytes, A Adds the file DrvAgent64.inf"="1/13/2017 1:08 PM, 1676 bytes, A Adds the file DrvAgent64.sys"="1/13/2017 1:08 PM, 20872 bytes, A Adds the file install_driver.exe"="1/13/2017 1:08 PM, 54872 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\DTD Adds the file xhtml1-strict.dtd"="1/13/2017 1:06 PM, 26054 bytes, A Adds the file xhtml-lat1.ent"="1/13/2017 1:06 PM, 11775 bytes, A Adds the file xhtml-special.ent"="1/13/2017 1:06 PM, 4131 bytes, A Adds the file xhtml-symbol.ent"="1/13/2017 1:06 PM, 13848 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en Adds the file about.html"="1/14/2017 9:01 AM, 3405 bytes, A Adds the file en.txt"="1/14/2017 9:01 AM, 3 bytes, A Adds the file enGUI.txt"="1/14/2017 9:01 AM, 1242 bytes, A Adds the file iframe.html"="1/14/2017 9:01 AM, 3 bytes, A Adds the file Language-en.txt"="1/14/2017 9:01 AM, 16478 bytes, A Adds the file main.html"="1/14/2017 9:01 AM, 4656 bytes, A Adds the file overview.html"="1/14/2017 9:01 AM, 3270 bytes, A Adds the file settings.html"="1/14/2017 9:01 AM, 11519 bytes, A Adds the file system_scan.html"="1/14/2017 9:01 AM, 5298 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\timepicker Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\Donut Adds the file DonutChart.js"="1/14/2017 9:01 AM, 1838 bytes, A Adds the file excanvas.js"="1/14/2017 9:01 AM, 43531 bytes, A Adds the file jqplot.donutRenderer.min.js"="1/14/2017 9:01 AM, 15277 bytes, A Adds the file jquery.jqplot.min.css"="1/14/2017 9:01 AM, 3522 bytes, A Adds the file jquery.jqplot.min.js"="1/14/2017 9:01 AM, 199634 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\fonts Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\images Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master Adds the file component.json"="1/14/2017 9:01 AM, 353 bytes, A Adds the file customSelect-arrow.gif"="1/14/2017 9:01 AM, 47 bytes, A Adds the file customSelect-arrow.png"="1/14/2017 9:01 AM, 1207 bytes, A Adds the file dropdown_bg.jpg"="1/14/2017 9:01 AM, 2748 bytes, A Adds the file dropdown_bg_grey.jpg"="1/14/2017 9:01 AM, 1511 bytes, A Adds the file dropdown_bg-1.jpg"="1/14/2017 9:01 AM, 2451 bytes, A Adds the file index.html"="1/14/2017 9:01 AM, 2139 bytes, A Adds the file jquery.customSelect.js"="1/14/2017 9:01 AM, 4667 bytes, A Adds the file jquery.customSelect.min.js"="1/14/2017 9:01 AM, 1792 bytes, A Adds the file README"="1/14/2017 9:01 AM, 1830 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js Adds the file csharpglue.js"="1/14/2017 9:01 AM, 4792 bytes, A Adds the file expand.js"="1/14/2017 9:01 AM, 3140 bytes, A Adds the file jquery.mCustomScrollbar.concat.min.js"="1/14/2017 9:01 AM, 25989 bytes, A Adds the file jquery.mCustomScrollbar.css"="1/14/2017 9:01 AM, 16347 bytes, A Adds the file jquery.min.js"="1/14/2017 9:01 AM, 72331 bytes, A Adds the file jquery-1.10.2.min.js"="1/14/2017 9:01 AM, 93116 bytes, A Adds the file main_router.js"="1/14/2017 9:01 AM, 8518 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\About Adds the file AboutlView.js"="1/14/2017 9:01 AM, 856 bytes, A Adds the file Events.js"="1/14/2017 9:01 AM, 1224 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 796 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Main Adds the file Events.js"="1/14/2017 9:01 AM, 2915 bytes, A Adds the file MainView.js"="1/14/2017 9:01 AM, 1059 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 524 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Overview Adds the file BannerView.js"="1/14/2017 9:01 AM, 1885 bytes, A Adds the file BottomView.js"="1/14/2017 9:01 AM, 1576 bytes, A Adds the file ContentView.js"="1/14/2017 9:01 AM, 4646 bytes, A Adds the file Events.js"="1/14/2017 9:01 AM, 1492 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 1469 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\Activation Adds the file Activation.js"="1/14/2017 9:01 AM, 774 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\Feedback Adds the file Events.js"="1/14/2017 9:01 AM, 4274 bytes, A Adds the file FeedbackView.js"="1/14/2017 9:01 AM, 9517 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 1076 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\QuestionForm Adds the file QuestionForm.js"="1/14/2017 9:01 AM, 3154 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\RegisterNow Adds the file RegisterNow.js"="1/14/2017 9:01 AM, 3122 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\RegistrationFlow Adds the file ActionView.js"="1/14/2017 9:01 AM, 2474 bytes, A Adds the file BottomView.js"="1/14/2017 9:01 AM, 2065 bytes, A Adds the file ContainerView.js"="1/14/2017 9:01 AM, 2445 bytes, A Adds the file Events.js"="1/14/2017 9:01 AM, 2909 bytes, A Adds the file LeftContentView.js"="1/14/2017 9:01 AM, 2025 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 980 bytes, A Adds the file RightContentView.js"="1/14/2017 9:01 AM, 2948 bytes, A Adds the file TopView.js"="1/14/2017 9:01 AM, 3115 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\TechSupport Adds the file Events.js"="1/14/2017 9:01 AM, 804 bytes, A Adds the file TechSupport.js"="1/14/2017 9:01 AM, 317 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\UpdateDrivers Adds the file Events.js"="1/14/2017 9:01 AM, 3251 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 1418 bytes, A Adds the file UpdateDriversView.js"="1/14/2017 9:01 AM, 8766 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Settings Adds the file settings.js"="1/14/2017 9:01 AM, 23356 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\SystemScan Adds the file DriversView.js"="1/14/2017 9:01 AM, 16664 bytes, A Adds the file Events.js"="1/14/2017 9:01 AM, 2752 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 1423 bytes, A Adds the file ProgressView.js"="1/14/2017 9:01 AM, 8384 bytes, A Adds the file ScanSummaryView.js"="1/14/2017 9:01 AM, 2733 bytes, A Adds the file SystemInfoView.js"="1/14/2017 9:01 AM, 3165 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\InstallAvailable Adds the file Events.js"="1/14/2017 9:01 AM, 1055 bytes, A Adds the file InstallAvailableView.js"="1/14/2017 9:01 AM, 366 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 720 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdateFromFolder Adds the file Model.js"="1/14/2017 9:01 AM, 387 bytes, A Adds the file UpdateFromFolderView.js"="1/14/2017 9:01 AM, 706 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdateFromWeb Adds the file Model.js"="1/14/2017 9:01 AM, 380 bytes, A Adds the file UpdateFromWebView.js"="1/14/2017 9:01 AM, 1760 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdatesAvailable Adds the file Events.js"="1/14/2017 9:01 AM, 1652 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 979 bytes, A Adds the file UpdatesAvailableView.js"="1/14/2017 9:01 AM, 2134 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Update Adds the file Events.js"="1/14/2017 9:01 AM, 1349 bytes, A Adds the file Model.js"="1/14/2017 9:01 AM, 808 bytes, A Adds the file UpdateView.js"="1/14/2017 9:01 AM, 1616 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts Adds the file custom.js"="1/14/2017 9:01 AM, 2305 bytes, A Adds the file expand.js"="1/14/2017 9:01 AM, 3140 bytes, A Adds the file html5shiv.js"="1/14/2017 9:01 AM, 2457 bytes, A Adds the file jquery.json-2.4.min.js"="1/14/2017 9:01 AM, 2286 bytes, A Adds the file jquery.min.js"="1/14/2017 9:01 AM, 93642 bytes, A Adds the file jquery.spritely.js"="1/14/2017 9:01 AM, 25099 bytes, A Adds the file jquery.timeentry.js"="1/14/2017 9:01 AM, 45054 bytes, A Adds the file jquery-ui-1.10.4.custom.min.js"="1/14/2017 9:01 AM, 12808 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\roundcorners Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\timepicker Adds the file jquery.datepick.js"="1/14/2017 9:01 AM, 105224 bytes, A Adds the file jquery.strings.js"="1/14/2017 9:01 AM, 12434 bytes, A Adds the file jquery.ui.all.js"="1/14/2017 9:01 AM, 204136 bytes, A Adds the file jquery.utils.js"="1/14/2017 9:01 AM, 11302 bytes, A Adds the file ui.timepickr.js"="1/14/2017 9:01 AM, 13499 bytes, A Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\popups Adds the folder C:\Program Files (x86)\DriverWhiz\WebUI\en\toasters Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverWhiz Adds the file DriverWhiz.lnk"="10/10/2018 8:48 AM, 1049 bytes, A Adds the file Uninstall.lnk"="10/10/2018 8:48 AM, 836 bytes, A Adds the file Website.lnk"="10/10/2018 8:48 AM, 1054 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file DriverWhiz.lnk"="10/10/2018 8:48 AM, 1031 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file DriverWhiz_DailyScan"="10/10/2018 8:49 AM, 3560 bytes, A Adds the file DriverWhiz_ScheduledScan"="10/10/2018 8:49 AM, 3710 bytes, A In the existing folder C:\Windows\SysWOW64\drivers Adds the file DrvAgent64.SYS"="1/13/2017 1:08 PM, 20872 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\DriverWhiz] "ClickID"="REG_EXPAND_SZ, "3161380653" "UID"="REG_SZ", "{511C1DDC-18E7-43EC-937C-217322186761}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverWhiz.exe] "(Default)"="REG_SZ", "C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Whiz] "Contact"="REG_SZ", "support@DriverWhiz.com" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe" "DisplayName"="REG_SZ", "Driver Whiz" "DisplayVersion"="REG_SZ", "2.8.2" "Publisher"="REG_SZ", "383 Media, Inc." "UninstallString"="REG_SZ", "C:\Program Files (x86)\DriverWhiz\DWUninstall.exe" "URLInfoAbout"="REG_SZ", "http://www.DriverWhiz.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DrvAgent64] "DisplayName"="REG_SZ", "DrvAgent64" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "\??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS" "Start"="REG_DWORD", 3 "Type"="REG_DWORD", 1 "WOW64"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DrvAgent64\Enum] "0"="REG_SZ", "Root\LEGACY_DRVAGENT64\0000" "Count"="REG_DWORD", 1 "NextInstance"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\DriverWhiz] "FirstScanDateTime"="REG_SZ", "2018-10-10T08:49:06.8612351+02:00" Excerpt of the Malwarebytes log (full log available on request): Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/10/18 Scan Time: 8:58 AM Log File: f63c2092-cc59-11e8-b726-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7275 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238643 Threats Detected: 687 Threats Quarantined: 687 Time Elapsed: 3 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe, Quarantined, [4512], [262199],1.0.7275 Module: 5 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriversScanner.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\dwc.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Microsoft.Win32.TaskScheduler.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Newtonsoft.Json.dll, Quarantined, [4512], [262199],1.0.7275 Registry Key: 13 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DriverWhiz_DailyScan, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9FE25769-79BF-42B9-9210-B4B75751D08F}, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{9FE25769-79BF-42B9-9210-B4B75751D08F}, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DriverWhiz_ScheduledScan, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1F5C6870-6F5C-43F8-9528-4111CC6B948D}, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{1F5C6870-6F5C-43F8-9528-4111CC6B948D}, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Driver Whiz, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, HKCU\SOFTWARE\DriverWhiz, Quarantined, [4512], [262206],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\DriverWhiz, Quarantined, [4512], [262207],1.0.7275 PUP.Optional.DriverWhiz, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\DriverWhiz_RASAPI32, Quarantined, [5675], [336788],1.0.7275 PUP.Optional.DriverWhiz, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\DriverWhiz_RASMANCS, Quarantined, [5675], [336788],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe, Quarantined, [4512], [262208],1.0.7275 PUP.Optional.383Media, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\DriverWhiz.exe, Quarantined, [4512], [262208],1.0.7275 Registry Value: 1 PUP.Optional.383Media, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DRIVER WHIZ|PUBLISHER, Quarantined, [4512], [262209],1.0.7275 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 77 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdateFromFolder, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\InstallAvailable, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdatesAvailable, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\RegistrationFlow, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdateFromWeb, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\UpdateDrivers, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\QuestionForm, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\RegisterNow, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\TechSupport, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\Activation, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\roundcorners, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\timepicker, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\Feedback, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\timepicker, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\SystemScan, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Settings, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Overview, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Update, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\About, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Main, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\images, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\fonts, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\Donut, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\toasters, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Downloads, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\driver, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DTD, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\PROGRAM FILES (X86)\DRIVERWHIZ, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.DriverWhiz, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVERWHIZ, Quarantined, [5675], [336787],1.0.7275 File: 590 PUP.Optional.383Media, C:\PROGRAM FILES (X86)\DRIVERWHIZ\LANGUAGE.TXT, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\driver\DrvAgent64.cat, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\driver\DrvAgent64.inf, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\driver\DrvAgent64.sys, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\driver\install_driver.exe, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DTD\xhtml-lat1.ent, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DTD\xhtml-special.ent, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DTD\xhtml-symbol.ent, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DTD\xhtml1-strict.dtd, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\timepicker\jquery.datepick.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\timepicker\ui.core.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\timepicker\ui.timepickr.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\CustomScrollbar.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\jquery.timeentry.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\main.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\style.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\css\style_old.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\Donut\DonutChart.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\Donut\excanvas.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\Donut\jqplot.donutRenderer.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\Donut\jquery.jqplot.min.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\Donut\jquery.jqplot.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\fonts\helveticaneue-bolditalic-webfont.svg, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\fonts\helvetica_neue-webfont.ttf, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\images\bg\abour_menu_shadow.png, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\images\tabs.png, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\component.json, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\customSelect-arrow.gif, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\customSelect-arrow.png, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\dropdown_bg-1.jpg, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\dropdown_bg.jpg, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\dropdown_bg_grey.jpg, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\index.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\jquery.customSelect.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\jquery.customSelect.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\jquery.customSelect-master\README, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\About\AboutlView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\About\Events.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\About\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Main\Events.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Main\MainView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Main\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Overview\BannerView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Overview\BottomView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Overview\ContentView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Overview\Events.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Overview\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\Activation\Activation.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Popups\UpdateDrivers\UpdateDriversView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Settings\settings.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\SystemScan\DriversView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\SystemScan\Events.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\SystemScan\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\SystemScan\ProgressView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\SystemScan\ScanSummaryView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\SystemScan\SystemInfoView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\InstallAvailable\Events.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\InstallAvailable\InstallAvailableView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\InstallAvailable\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdateFromFolder\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdateFromFolder\UpdateFromFolderView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdateFromWeb\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdateFromWeb\UpdateFromWebView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdatesAvailable\Events.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdatesAvailable\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Toasters\UpdatesAvailable\UpdatesAvailableView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Update\Events.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Update\Model.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\Update\UpdateView.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\csharpglue.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\expand.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\jquery-1.10.2.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\jquery.mCustomScrollbar.concat.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\jquery.mCustomScrollbar.css, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\jquery.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\js\main_router.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\timepicker\jquery.datepick.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\timepicker\jquery.strings.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\timepicker\jquery.ui.all.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\timepicker\jquery.utils.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\timepicker\ui.timepickr.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\custom.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\expand.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\html5shiv.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\jquery-ui-1.10.4.custom.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\jquery.json-2.4.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\jquery.min.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\jquery.spritely.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\lib\scripts\jquery.timeentry.js, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups\activation_lightbox.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups\feedback.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups\question_form.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups\register_now.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups\registration_flow.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups\tech_support.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups\update.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\popups\update_driver.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\toasters\installavailable.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\toasters\updatefromfolder.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\toasters\updatefromweb.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\toasters\updatesavailable.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\about.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\en.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\enGUI.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\iframe.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\Language-en.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\main.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\overview.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\settings.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\WebUI\en\system_scan.html, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DPInst32.exe, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DPInst64.exe, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Driver Whiz.url, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriverResults.xml, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriverScan.xml, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriverScan.xml.gzip, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriversScanner.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe.config, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\dwc.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\DWUninstall.exe, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\icon.ico, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Interop.IWshRuntimeLibrary.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Interop.Shell32.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Language-bp.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Language-de.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Language-en.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Language-fr.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Language-it.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\log_20181010084910212.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\log_pre_20181010084906861.txt, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Microsoft.Win32.TaskScheduler.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\Newtonsoft.Json.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\schtasks.bin, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\settings.xml, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\Program Files (x86)\DriverWhiz\unrar.dll, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\WINDOWS\SYSTEM32\TASKS\DriverWhiz_DailyScan, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\WINDOWS\SYSTEM32\TASKS\DriverWhiz_ScheduledScan, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\DriverWhiz.lnk, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.383Media, C:\USERS\PUBLIC\DESKTOP\DriverWhiz.lnk, Quarantined, [4512], [262199],1.0.7275 PUP.Optional.DriverWhiz, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVERWHIZ\WEBSITE.LNK, Quarantined, [5675], [336787],1.0.7275 PUP.Optional.DriverWhiz, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverWhiz\DriverWhiz.lnk, Quarantined, [5675], [336787],1.0.7275 PUP.Optional.DriverWhiz, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverWhiz\Uninstall.lnk, Quarantined, [5675], [336787],1.0.7275 PUP.Optional.383Media, C:\USERS\{username}\DESKTOP\DRIVERWHIZ.EXE, Quarantined, [4512], [448609],1.0.7275 PUP.Optional.383Media, C:\USERS\{username}\APPDATA\LOCAL\TEMP\DWHELPER_INSTALLSTART.EXE, Quarantined, [4512], [120647],1.0.7275 PUP.Optional.383Media, C:\USERS\{username}\APPDATA\LOCAL\TEMP\DWHELPER_INSTALLFINISH.EXE, Quarantined, [4512], [120647],1.0.7275 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 10
- - pup.optional.383media
  - 383 media inc.
  - (and 1 more)
    Tagged with:
    
    pup.optional.383media
    
    383 media inc.
    
    driverwhiz.com
Removal instructions for GamingHub

Metallica posted a topic in Malware Removal Self-Help Guides

What is GamingHub?The Malwarebytes research team has determined that GamingHub is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This one also runs at logon.How do I know if my computer is affected by GamingHub?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You may see this changed setting:this new startpage:and you will see this icon in your Chrome menu-bar:How did GamingHub get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website:through the webstore:How do I remove GamingHub?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GamingHub? No, Malwarebytes removes GamingHub completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the GamingHub hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: HKCU\...\Run: [GoogleChromeAutoLaunch_3332BBCF0B575FD73CBC7F043B799440] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.) CHR Extension: (GamingHub) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin [2018-10-09] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0 Adds the file background.html"="4/3/2018 3:12 PM, 514 bytes, A Adds the file manifest.json"="10/9/2018 9:52 AM, 1508 bytes, A Adds the file newtab.html"="4/3/2018 4:11 PM, 4280 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\_metadata Adds the file computed_hashes.json"="10/9/2018 9:52 AM, 243781 bytes, A Adds the file verified_contents.json"="4/8/2018 4:41 PM, 15105 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\bgs Adds the file default.jpg"="2/20/2017 6:23 PM, 5222587 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\css Adds the file font-awesome.min.css"="3/12/2018 7:51 PM, 31004 bytes, A Adds the file googlefonts.css"="3/18/2018 2:39 PM, 9528 bytes, A Adds the file newtab.css"="3/12/2018 7:51 PM, 13847 bytes, A Adds the file normalize.css"="3/12/2018 7:51 PM, 8514 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\fonts Adds the file FontAwesome.otf"="3/12/2018 7:51 PM, 134808 bytes, A Adds the file fontawesome-webfont.eot"="3/12/2018 7:51 PM, 165742 bytes, A Adds the file fontawesome-webfont.svg"="3/12/2018 7:51 PM, 447050 bytes, A Adds the file fontawesome-webfont.ttf"="3/12/2018 7:51 PM, 165548 bytes, A Adds the file fontawesome-webfont.woff"="3/12/2018 7:51 PM, 98024 bytes, A Adds the file fontawesome-webfont.woff2"="3/12/2018 7:51 PM, 77160 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js Adds the file app.js"="3/12/2018 7:51 PM, 1381 bytes, A Adds the file apps.js"="3/12/2018 7:51 PM, 1063 bytes, A Adds the file bgbg.js"="2/20/2017 6:23 PM, 680 bytes, A Adds the file bghelper.js"="2/20/2017 6:23 PM, 2356 bytes, A Adds the file fs.js"="2/20/2017 6:23 PM, 4370 bytes, A Adds the file ga.js"="4/8/2018 4:38 PM, 4970 bytes, A Adds the file sort.js"="3/1/2017 5:17 PM, 997 bytes, A Adds the file sp.js"="4/3/2018 7:08 PM, 3283 bytes, A Adds the file spd.js"="2/20/2018 9:51 PM, 445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\controllers Adds the file appCtrl.js"="3/25/2018 10:28 AM, 1900 bytes, A Adds the file appsCtrl.js"="3/12/2018 7:51 PM, 3745 bytes, A Adds the file privacyCtrl.js"="3/12/2018 7:51 PM, 525 bytes, A Adds the file searchCtrl.js"="3/12/2018 7:51 PM, 3692 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\directives Adds the file hubsDirective.js"="3/25/2018 10:26 AM, 201 bytes, A Adds the file onFinishRender.js"="3/12/2018 7:51 PM, 1081 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\services Adds the file autoSuggestService.js"="3/12/2018 7:51 PM, 10430 bytes, A Adds the file bgService.js"="3/20/2018 10:09 AM, 2537 bytes, A Adds the file chromeTabsService.js"="3/12/2018 7:51 PM, 1121 bytes, A Adds the file multiHubService.js"="3/25/2018 10:25 AM, 4000 bytes, A Adds the file searchService.js"="3/12/2018 7:51 PM, 9756 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors Adds the file ajaxUtility.js"="3/12/2018 7:51 PM, 2854 bytes, A Adds the file analytics.js"="3/12/2018 7:54 PM, 46275 bytes, A Adds the file angular.min.js"="3/12/2018 8:31 PM, 1249863 bytes, A Adds the file angular-ui-router.min.js"="3/12/2018 8:32 PM, 175484 bytes, A Adds the file hotkeys.min.js"="3/12/2018 8:33 PM, 53486 bytes, A Adds the file jquery.js"="3/12/2018 7:55 PM, 268039 bytes, A Adds the file seasonal.js"="3/12/2018 7:51 PM, 4132 bytes, A Adds the file sortable.js"="3/12/2018 7:51 PM, 34411 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\views Adds the file apps.html"="3/12/2018 7:51 PM, 38 bytes, A Adds the file hubs.html"="3/25/2018 10:27 AM, 135 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "eafoaklfmpnpdecnhhaailihkdbhkgin"="REG_SZ", "C2E93F8F1BB3156CD1543F615AA30F645E0413944381175EA739B8E1E690EBA2" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_3332BBCF0B575FD73CBC7F043B799440"="REG_SZ", ""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/9/18 Scan Time: 9:59 AM Log File: 469bc072-cb99-11e8-90e6-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7259 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238552 Threats Detected: 136 Threats Quarantined: 136 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 13 PUP.Optional.GamingHub, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\controllers, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\directives, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\services, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\_metadata, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\fonts, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\views, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\bgs, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\css, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EAFOAKLFMPNPDECNHHAAILIHKDBHKGIN\1.0.22_0, Quarantined, [14336], [578668],1.0.7259 File: 123 PUP.Optional.GamingHub, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EAFOAKLFMPNPDECNHHAAILIHKDBHKGIN\1.0.22_0\MANIFEST.JSON, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\bgs\default.jpg, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\css\font-awesome.min.css, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\css\googlefonts.css, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\css\newtab.css, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\css\normalize.css, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\fonts\fontawesome-webfont.eot, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\fonts\fontawesome-webfont.svg, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\fonts\fontawesome-webfont.ttf, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\fonts\fontawesome-webfont.woff, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\fonts\fontawesome-webfont.woff2, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\fonts\FontAwesome.otf, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\candy.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\messenger.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\shopVector.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\500.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\aliexpress.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\amazon.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\americanas.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\angrybirds.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\appsVector.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\arrowLeft.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\arrowRight.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\bahia.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\bing.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\bookmarksVector.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\clash.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\connectVector.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\criminal.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\dafiti.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\default.jpg, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\dragon.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\ebay.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\etsy.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\facebook.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\farmville.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\fireClear.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\fireWhite.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\flipkart.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\gamingVector.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\GenresClear.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\GenresWhite.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\google.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\hangouts.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\hayday.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\historyVector.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\icon128.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\icon16.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\icon256.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\icon48.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\icon96.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\instagram.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\lock.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\mercado.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\mobly.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\musicVector.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\netshoes.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\newegg.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\periscope.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\playlistClear.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\playlistWhite.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\poker.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\pool.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\refresh.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\remix.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\search.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\shoptime.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\skype.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\soccer.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\song-placeholder.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\songpop.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\starClear.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\starWhite.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\taobao.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\target.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\temp-playing.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\Thumbs.db, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\tmall.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\topeleven.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\twitter.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\walmart.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\wechat.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\whatsapp.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\wish.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\words.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\yahoo.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\img\youtube.png, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\controllers\appCtrl.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\controllers\appsCtrl.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\controllers\privacyCtrl.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\controllers\searchCtrl.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\directives\hubsDirective.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\directives\onFinishRender.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\services\autoSuggestService.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\services\bgService.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\services\chromeTabsService.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\services\multiHubService.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\services\searchService.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors\ajaxUtility.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors\analytics.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors\angular-ui-router.min.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors\angular.min.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors\hotkeys.min.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors\jquery.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors\seasonal.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\vendors\sortable.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\app.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\apps.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\bgbg.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\bghelper.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\fs.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\ga.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\sort.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\sp.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\js\spd.js, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\views\apps.html, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\views\hubs.html, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\_metadata\computed_hashes.json, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\_metadata\verified_contents.json, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\background.html, Quarantined, [14336], [578668],1.0.7259 PUP.Optional.GamingHub, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafoaklfmpnpdecnhhaailihkdbhkgin\1.0.22_0\newtab.html, Quarantined, [14336], [578668],1.0.7259 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 9
- - pup.optional.gaminghub
  - eafoaklfmpnpdecnhhaailihkdbhkgin
  - (and 1 more)
    Tagged with:
    
    pup.optional.gaminghub
    
    eafoaklfmpnpdecnhhaailihkdbhkgin
    
    gaminghub.online
Removal instructions for Sports Addict

Metallica posted a topic in Malware Removal Self-Help Guides

What is Sports Addict?The Malwarebytes research team has determined that Sports Addict is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Sports Addict is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Sports Addict?You may see these browser extensions/add-ons:these warnings during install:and this new setting:You will see this icon in your browsers menu-bar:and this new homepage in the affected browsers:How did Sports Addict get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their websiteand the Chrome extension was also available in the webstore:How do I remove Sports Addict?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Sports Addict? No, Malwarebytes' Anti-Malware removes Sports Addict completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Sports Addict hijacker. It would have blocked traffic to their domains: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_oqMembers_@sportsaddict.thewhizproducts.com.xpi [2018-10-08] CHR Extension: (Sports Addict) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal [2018-10-08] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0 Adds the file dynamicNewTab.html"="4/10/2018 9:22 AM, 1136 bytes, A Adds the file manifest.json"="10/8/2018 10:17 AM, 2594 bytes, A Adds the file productnewtab.html"="4/10/2018 9:22 AM, 1136 bytes, A Adds the file stubby.html"="4/10/2018 9:22 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata Adds the file computed_hashes.json"="10/8/2018 10:17 AM, 4670 bytes, A Adds the file verified_contents.json"="4/10/2018 9:22 AM, 5391 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config Adds the file config.json"="4/10/2018 9:22 AM, 1972 bytes, A Adds the file extension-config.json"="4/10/2018 9:22 AM, 1114 bytes, A Adds the file extension-dev-config.json"="4/10/2018 9:22 AM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons Adds the file icon128.png"="10/8/2018 10:17 AM, 4217 bytes, A Adds the file icon16.png"="4/10/2018 9:22 AM, 562 bytes, A Adds the file icon19disabled.png"="4/10/2018 9:22 AM, 344 bytes, A Adds the file icon19on.png"="10/8/2018 10:17 AM, 715 bytes, A Adds the file icon48.png"="10/8/2018 10:17 AM, 2108 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js Adds the file ajax.js"="4/10/2018 9:22 AM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="4/10/2018 9:22 AM, 11023 bytes, A Adds the file background.js"="4/10/2018 9:22 AM, 21158 bytes, A Adds the file chrome.js"="4/10/2018 9:22 AM, 180 bytes, A Adds the file content_script.js"="4/10/2018 9:22 AM, 5815 bytes, A Adds the file dlp.js"="4/10/2018 9:22 AM, 5690 bytes, A Adds the file dlpHelper.js"="4/10/2018 9:22 AM, 1836 bytes, A Adds the file extension_detect.js"="4/10/2018 9:22 AM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/10/2018 9:22 AM, 2908 bytes, A Adds the file index.js"="4/10/2018 9:22 AM, 82 bytes, A Adds the file initOfferCEF.js"="4/10/2018 9:22 AM, 8991 bytes, A Adds the file logger.js"="4/10/2018 9:22 AM, 575 bytes, A Adds the file offerService.js"="4/10/2018 9:22 AM, 13159 bytes, A Adds the file pageUtils.js"="4/10/2018 9:22 AM, 1811 bytes, A Adds the file PartnerId.js"="4/10/2018 9:22 AM, 16439 bytes, A Adds the file product.js"="4/10/2018 9:22 AM, 4511 bytes, A Adds the file storage.js"="4/10/2018 9:22 AM, 1675 bytes, A Adds the file TabManager.js"="4/10/2018 9:22 AM, 189 bytes, A Adds the file TemplateParser.js"="4/10/2018 9:22 AM, 3080 bytes, A Adds the file ul.js"="4/10/2018 9:22 AM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/10/2018 9:22 AM, 2521 bytes, A Adds the file urlUtils.js"="4/10/2018 9:22 AM, 5385 bytes, A Adds the file util.js"="4/10/2018 9:22 AM, 4027 bytes, A Adds the file webtooltabAPI.js"="4/10/2018 9:22 AM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal Adds the file 000003.log"="10/8/2018 10:18 AM, 5584 bytes, A Adds the file CURRENT"="10/8/2018 10:17 AM, 16 bytes, A Adds the file LOCK"="10/8/2018 10:17 AM, 0 bytes, A Adds the file LOG"="10/8/2018 10:18 AM, 412 bytes, A Adds the file LOG.old"="10/8/2018 10:17 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/8/2018 10:17 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oqMembers_@sportsaddict.thewhizproducts.com Adds the file storage.js"="10/8/2018 10:18 AM, 2717 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _oqMembers_@sportsaddict.thewhizproducts.com.xpi"="10/8/2018 10:17 AM, 50256 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ophjmddaoidnhjpfjiipefgmjcjfbgal"="REG_SZ", "59B5791C85F86789C627FFC406FAAE922720796DF74BB66E59718503E133833A" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/8/18 Scan Time: 10:08 AM Log File: 46094d32-cad1-11e8-ad3f-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7239 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238649 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 2 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_oqMembers_@sportsaddict.thewhizproducts.com, Quarantined, [1702], [468075],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OPHJMDDAOIDNHJPFJIIPEFGMJCJFBGAL, Quarantined, [1702], [467555],1.0.7239 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_oqMembers_@sportsaddict.thewhizproducts.com.xpi, Quarantined, [1702], [457930],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oqMembers_@sportsaddict.thewhizproducts.com\storage.js, Quarantined, [1702], [468075],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\000003.log, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\CURRENT, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\LOCK, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\LOG, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\MANIFEST-000001, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OPHJMDDAOIDNHJPFJIIPEFGMJCJFBGAL\13.421.12.64295_0\MANIFEST.JSON, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\extension-config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\extension-dev-config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon128.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon16.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon19disabled.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon19on.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon48.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\logger.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\ajax.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\b2b-partner-tracking.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\background.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\chrome.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\content_script.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\dlp.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\dlpHelper.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\extension_detect.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\genericLoadRemoteSettings.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\index.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\initOfferCEF.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\offerService.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\pageUtils.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\PartnerId.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\product.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\storage.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\TabManager.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\TemplateParser.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\ul.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\urlFragmentActions.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\urlUtils.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\util.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\webtooltabAPI.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata\computed_hashes.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata\verified_contents.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\dynamicNewTab.html, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\productnewtab.html, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\stubby.html, Quarantined, [1702], [467555],1.0.7239 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 8
- - pup.optional.mindspark
  - ophjmddaoidnhjpfjiipefgmjcjfbgal
  - (and 3 more)
    Tagged with:
    
    pup.optional.mindspark
    
    ophjmddaoidnhjpfjiipefgmjcjfbgal
    
    _oqmembers_@sportsaddict.thewhizproducts.com
    
    thewhizproducts.com
    
    mysearch
Removal instructions for Searchband

Metallica posted a topic in Malware Removal Self-Help Guides

What is Searchband?The Malwarebytes research team has determined that Searchband is a swearch hijacker. These so-called "hijackers" manipulate your searches, for example to change your startpage or searchscopes.This particular one creates a search box in your Windows taskbar.How do I know if my computer is affected by Searchband?You may see this entry in your list of installed software:and this warning during install:this Scheduled Task:and you will see this search box in your taskbar:How did Searchband get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.How do I remove Searchband?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Searchband? No, Malwarebytes removes Searchband completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Searchband hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: (Yandex LLC) C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandapp64.exe HKCU\...\Run: [YandexSearchBand] => C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandapp64.exe [3623928 2018-08-21] (Yandex LLC) C:\Windows\System32\Tasks\Yandex.Stroka.User.S-1-5-21-{userid} C:\Users\{username}\AppData\Roaming\Yandex C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Голосовой помощник Алиса C:\Users\{username}\AppData\Local\Yandex (Microsoft Corporation) C:\Users\{username}\Desktop\yandex-alice.exe Голосовой помощник Алиса (HKLM-x32\...\{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}) (Version: 4.6.0.1790 - Яндекс) Task: {2D4DC59B-C068-4924-B3EB-21740B8CA1FF} - System32\Tasks\Yandex.Stroka.User.S-1-5-21-{userid} => C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandapp64.exe [2018-08-21] (Yandex LLC) () C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\speechkitlib64.dll Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand Adds the file crashreporter64.exe.log"="10/5/2018 9:01 AM, 356 bytes, A Adds the file searchband64.dll.log"="10/5/2018 9:01 AM, 570 bytes, A Adds the file searchbandapp.exe.log"="10/5/2018 9:01 AM, 1522 bytes, A Adds the file searchbandapp64.exe.log"="10/5/2018 9:03 AM, 1126 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790 Adds the file crashreporter64.exe"="8/21/2018 1:22 PM, 1335800 bytes, A Adds the file searchband64.dll"="8/21/2018 1:22 PM, 6829048 bytes, A Adds the file searchbandapp64.exe"="8/21/2018 1:22 PM, 3623928 bytes, A Adds the file searchbandcf64.exe"="8/21/2018 1:22 PM, 1397752 bytes, A Adds the file speechkitlib64.dll"="8/21/2018 1:22 PM, 5839864 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about Adds the file config.json"="10/5/2018 9:01 AM, 1518 bytes, A Adds the file vendor-fallback.xml"="10/5/2018 9:01 AM, 227 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon Adds the file wakeup.json"="10/5/2018 9:01 AM, 83 bytes, A Adds the file wakeup1.json"="10/5/2018 9:01 AM, 828 bytes, A Adds the file wakeup2.json"="10/5/2018 9:01 AM, 849 bytes, A Adds the file wakeup3.json"="10/5/2018 9:01 AM, 902 bytes, A Adds the file wakeup4.json"="10/5/2018 9:01 AM, 842 bytes, A Adds the file wakeup5.json"="10/5/2018 9:01 AM, 896 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings Adds the file 1.json"="10/5/2018 9:01 AM, 526 bytes, A Adds the file 10.json"="10/5/2018 9:01 AM, 536 bytes, A Adds the file 11.json"="10/5/2018 9:01 AM, 529 bytes, A Adds the file 2.json"="10/5/2018 9:01 AM, 775 bytes, A Adds the file 3.json"="10/5/2018 9:01 AM, 524 bytes, A Adds the file 4.json"="10/5/2018 9:01 AM, 524 bytes, A Adds the file default.json"="10/5/2018 9:01 AM, 522 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software Adds the file answers.data"="10/5/2018 9:01 AM, 84506 bytes, A Adds the file description.data"="10/5/2018 9:01 AM, 1008 bytes, A Adds the file extrawords.data"="10/5/2018 9:01 AM, 23 bytes, A Adds the file inputs.data"="10/5/2018 9:01 AM, 396295 bytes, A Adds the file weights.data"="10/5/2018 9:01 AM, 104974 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo Adds the file defaultThumbs.json"="10/5/2018 9:01 AM, 3641 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voice Adds the file incomplete.txt"="10/5/2018 9:01 AM, 1818 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation Adds the file words.json"="10/5/2018 9:01 AM, 160 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice Adds the file acoustic_model.nnet"="10/5/2018 9:01 AM, 293311 bytes, A Adds the file flags.txt"="10/5/2018 9:01 AM, 406 bytes, A Adds the file words.txt"="10/5/2018 9:01 AM, 85 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex Adds the file acoustic_model.nnet"="10/5/2018 9:01 AM, 1057404 bytes, A Adds the file flags.txt"="10/5/2018 9:01 AM, 408 bytes, A Adds the file lda.mat"="10/5/2018 9:01 AM, 14575 bytes, A Adds the file words.txt"="10/5/2018 9:01 AM, 72 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple Adds the file acoustic_model.nnet"="10/5/2018 9:01 AM, 896370 bytes, A Adds the file flags.txt"="10/5/2018 9:01 AM, 436 bytes, A Adds the file words.txt"="10/5/2018 9:01 AM, 85 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data Adds the file balloon.css"="10/5/2018 9:01 AM, 44282 bytes, A Adds the file balloon.html"="10/5/2018 9:01 AM, 397 bytes, A Adds the file balloon.js"="10/5/2018 9:01 AM, 424974 bytes, A Adds the file main.css"="10/5/2018 9:01 AM, 110219 bytes, A Adds the file main.html"="10/5/2018 9:01 AM, 391 bytes, A Adds the file main.js"="10/5/2018 9:01 AM, 1004874 bytes, A Adds the file preview.css"="10/5/2018 9:01 AM, 18539 bytes, A Adds the file preview.html"="10/5/2018 9:01 AM, 397 bytes, A Adds the file preview.js"="10/5/2018 9:01 AM, 417589 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8 Adds the file index.html"="10/5/2018 9:01 AM, 6305 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i Adds the file logo.png"="10/5/2018 9:01 AM, 7267 bytes, A Adds the file progress-tile.png"="10/5/2018 9:01 AM, 154 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Dumps Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Installer Adds the file branding.zip"="8/21/2018 1:22 PM, 2290919 bytes, A Adds the file crashreporter.exe"="8/21/2018 1:22 PM, 1130488 bytes, A Adds the file crashreporter64.exe"="8/21/2018 1:22 PM, 1335800 bytes, A Adds the file data.zip"="8/21/2018 1:22 PM, 752026 bytes, A Adds the file searchband.dll"="8/21/2018 1:22 PM, 5532152 bytes, A Adds the file searchband64.dll"="8/21/2018 1:22 PM, 6829048 bytes, A Adds the file searchbandapp.exe"="8/21/2018 1:22 PM, 2926072 bytes, A Adds the file searchbandapp64.exe"="8/21/2018 1:22 PM, 3623928 bytes, A Adds the file searchbandcf.exe"="8/21/2018 1:22 PM, 1097208 bytes, A Adds the file searchbandcf64.exe"="8/21/2018 1:22 PM, 1397752 bytes, A Adds the file speechkitlib.dll"="8/21/2018 1:22 PM, 4404216 bytes, A Adds the file speechkitlib64.dll"="8/21/2018 1:22 PM, 5839864 bytes, A Adds the file TBD7B5A.tmp"="8/21/2018 1:22 PM, 2926072 bytes, A Adds the file TBD9540.tmp"="8/21/2018 1:22 PM, 2926072 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Updater Adds the file SearchBand.json"="10/5/2018 9:01 AM, 225 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Updater\Temporary-Files Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData Adds the file Thumbs.json"="10/5/2018 9:29 AM, 14294 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData\Browser Adds the file {0F349F5F-BFF3-403E-8C65-09F2109742DC}-shm"="10/5/2018 9:01 AM, 32768 bytes, A Adds the file {0F349F5F-BFF3-403E-8C65-09F2109742DC}-wal"="10/5/2018 9:01 AM, 0 bytes, A Adds the file {22988AC3-91BF-463C-8BB2-C9255F2BD3CE}-shm"="10/5/2018 9:29 AM, 32768 bytes, A Adds the file {22988AC3-91BF-463C-8BB2-C9255F2BD3CE}-wal"="10/5/2018 9:29 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData\Favicon Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData\JsonStore Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData\Logo Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Installer\{8F2A70BE-546D-47A9-BFF1-D4BC8472134B} Adds the file searchband.ico"="10/5/2018 9:01 AM, 126160 bytes, RA Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Голосовой помощник Алиса Adds the file Голосовой помощник Алиса.lnk"="10/5/2018 9:01 AM, 1517 bytes, A Adds the file Помощь.url"="10/5/2018 9:01 AM, 140 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Yandex Adds the file clids-searchband.xml"="10/5/2018 9:01 AM, 223 bytes, A Adds the file ui"="10/5/2018 8:59 AM, 38 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Yandex.Stroka.User.S-1-5-21-{userid}"="10/5/2018 9:01 AM, 3210 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}] "AuthorizedCDFPrefix"="REG_SZ", "" "Comments"="REG_SZ", "" "Contact"="REG_SZ", "" "DisplayName"="REG_SZ", "Голосовой помощник Алиса" "DisplayVersion"="REG_SZ", "4.6.0.1790" "EstimatedSize"="REG_DWORD", 36294 "HelpLink"="REG_SZ", "" "HelpTelephone"="REG_SZ", "" "InstallDate"="REG_SZ", "20181005" "InstallLocation"="REG_SZ", "" "InstallSource"="REG_SZ", "C:\Users\{username}\AppData\Local\Temp\{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}\" "Language"="REG_DWORD", 1049 "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}" "Publisher"="REG_SZ", "Яндекс" "Readme"="REG_SZ", "" "Size"="REG_SZ", "" "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}" "URLInfoAbout"="REG_SZ", "" "URLUpdateInfo"="REG_SZ", "" "Version"="REG_DWORD", 67502080 "VersionMajor"="REG_DWORD", 4 "VersionMinor"="REG_DWORD", 6 "WindowsInstaller"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Yandex] "UICreated_{username}"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "YandexSearchBand"="REG_SZ", ""C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandapp64.exe" /auto" [HKEY_CURRENT_USER\Software\Microsoft\Windows Media Foundation\SchemeHandlers\yapp-searchband:] "{9EC4B4F9-3029-45AD-947B-344DE2A249E2}"="REG_SZ", "Urlmon Scheme Handler" [HKEY_CURRENT_USER\Software\Yandex\SearchBand] "FirstRun"="REG_DWORD", 0 "InstallSource"="REG_SZ", "Normal" "ProductCode"="REG_SZ", "{8f2a70be-546d-47a9-bff1-d4bc8472134b}" "SpeechUuid"="REG_SZ", "9B78D20045F048C8A48C42D08176CCBA" "Version"="REG_SZ", "4.6.0.1790" "WelcomeShown"="REG_DWORD", 1 "YandexUid"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Yandex\SearchBand\AutoComplete] [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Cef] [HKEY_CURRENT_USER\Software\Yandex\SearchBand\External] "Enabled"="REG_DWORD", 1 "PopupType"="REG_SZ", "TaskBar" "VoiceActivation"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Yandex\SearchBand\InstallerSettings] "BandMode"="REG_SZ", "Band" "BandPosition"="REG_SZ", "StartMenu" "ShowWelcome"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Settings] "BandIndex"="REG_DWORD", 0 "CreateStartMenuItems"="REG_DWORD", 1 "ExpandToEditBoxAfterClick"="REG_DWORD", 0 "ExpandToEditBoxAfterHide"="REG_DWORD", 0 "FileOpenMode"="REG_DWORD", 0 "FullSpotterType"="REG_DWORD", 0 "FullSuggest"="REG_DWORD", 0 "IconMode"="REG_DWORD", 0 "IndexExtensionMode"="REG_DWORD", 1 "LangId"="REG_DWORD", 1049 "Matrixnet.Enabled"="REG_DWORD", 1 "Microphone"="REG_SZ", "" "SearchBandMode"="REG_DWORD", 0 "SearchHotkey"="REG_DWORD", 131264 "ShowTutorialOnFirstRun"="REG_DWORD", 1 "SpeechHotkey"="REG_DWORD", 0 "StartMenuFolder"="REG_SZ", "Голосовой помощник Алиса" "Vocalizer"="REG_DWORD", 1 "VoiceActivation"="REG_DWORD", 0 "VoiceActivation.Reason"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic] "UserId"="REG_SZ", "{62EAAD26-C0DC-445C-A03D-D5BACB2B53CC}" [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\BarNavig] "r1"="REG_SZ", "pgqxfikdthuxbvlrafjuqitfbjnxvvhvmasttmhkpxymynkpaeijvmuvafyxrfevexcbpchfcaoknkbthmsbeodnxqxynamogunvac1dff29110fff4bbb83ad953003bfb1" [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Batch] "LastSendTime"="REG_QWORD, .... [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Browser] "LastUpdateTime"="REG_QWORD, .... [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Clids] "clid1"="REG_SZ", "2309176" "clid100006"="REG_SZ", "2309179" "clid22"="REG_SZ", "2309177" "clid24"="REG_SZ", "2309178" [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Crashes] [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\DayUse] "FirstInstallTime"="REG_QWORD, .... "LastSendTimeKeyName"="REG_QWORD, .... [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Redir] "LastSendTimeKeyName"="REG_QWORD, .... [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Usage] "LastActivation"="REG_QWORD, .... [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Tutorials\MicHint] [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Tutorials\Wakeup] [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Updater] "NextCheckTime"="REG_QWORD, .... [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Updater\SearchBand] [HKEY_CURRENT_USER\Software\Yandex\YandexBrowser] Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/5/18 Scan Time: 9:55 AM Log File: fc9152da-c873-11e8-9de5-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7193 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238865 Threats Detected: 154 Threats Quarantined: 154 Time Elapsed: 2 min, 41 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION\4.6.0.1790\searchbandapp64.exe, Quarantined, [5092], [575166],1.0.7193 Module: 4 PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION\4.6.0.1790\searchbandapp64.exe, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchband64.dll, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchband64.dll, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\speechkitlib64.dll, Quarantined, [5092], [575166],1.0.7193 Registry Key: 6 PUP.Optional.SearchBand.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF}, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF}, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [-1],0.0.0 PUP.Optional.SearchBand.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF}, Quarantined, [5092], [-1],0.0.0 PUP.Optional.SearchBand.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF}, Quarantined, [5092], [-1],0.0.0 Registry Value: 1 PUP.Optional.SearchBand.TskLnk, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YandexSearchBand, Quarantined, [5092], [575166],1.0.7193 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voice, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION, Quarantined, [5092], [575166],1.0.7193 File: 123 PUP.Optional.SearchBand.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION\4.6.0.1790\searchbandapp64.exe, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about\config.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about\vendor-fallback.xml, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup1.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup2.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup3.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup4.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup5.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\1.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\10.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\11.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\2.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\3.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\4.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\default.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\answers.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\description.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\extrawords.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\inputs.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\weights.data, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\afisha.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\auto.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\direct.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\disk.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\img.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\kinopoisk.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\mail.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\maps.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\market.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\metrika.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\money.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\morda.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\music.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\news.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\pogoda.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\radio.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\rasp.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\realty.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\taxi.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\translate.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\tv.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\video.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\defaultThumbs.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voice\incomplete.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\flags.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\words.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\flags.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\lda.mat, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\words.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\flags.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\words.txt, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\words.json, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i\logo.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i\progress-tile.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\index.html, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\05ebde31d097a7cb947e941402987f88.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\09a67bdfb3d6315077ef5bd608586d41.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\0c1ca1fa4ee14fc7d189a6fcc0fee9a0.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\135f8b81c9fe10c0a0abdd714ad2bb88.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\16e2c4c4cae50612e5fed914b6f6bb11.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\18e12bbdd7a3716b43990ee2cb6ac9d1.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\1a402b4c9b17fa169ddbcee02ef3d298.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\354da2a21800375b9f68d0f03e4b7d55.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\365dd4aeeae5279d5cec696951169f4f.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\446208ea1da603f383d8216cd18b54ee.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\45e7c9e1692e4e6df8c2a0d643345732.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\5f6e4fac39fa157b058dfce66ea6d7fa.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\6610a8dc2cfe54de2b19ab4214ead921.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\6e9b93dde9718df37f4e6304b6014ab1.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\7029ca87143ab943537b5eefc95e3785.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\705e136143277c2986432b3617a90ea4.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\7665739267487d44c45b501fc28deffc.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\82914e6e48bde41be1820ae9f01725cb.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\83b9610648bb8e32cc2b3ff26c9fa655.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\843251ab9da9020210c44ec4b6115a57.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\84e614c36b5387bf6811f78cabf97511.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\8aab37c8cce590b49bf63c37ccb9f0d6.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\91c0a7601e9958fef7c3f05a1d5693ca.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\99065624d956ef8a61df41abc594dbb9.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\9d88e20f12a4df66cd3b8b3477c9de95.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a5205d97098c6aef2da90a934d66c150.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a7ea87c33b6715a005cc448f3f129244.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a8c1c69dac3c019bd7016b58dc14ab0e.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\ac587ed0e8ea1139fa0704e707272f44.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\b1c1bfca7034c4201c272afab0794c32.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\b22a7f76af40da6ed9940bbf8c4658e1.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\c6bd8974ea95cd62a4427c3bb283a542.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\c7ebe7cb007f484cedbfb04665012d52.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\ca1c2de513123b9d989dafdb0151172b.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\cb24e221adff8604b5cafba027f67eb2.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\27da3903bb8f8292458cfd3ec9e13caf.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\89207d028c6f4f81b8dde2f26f7c05b9.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\cf982a1997e07c536b52c867148a038f.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d06f80b701405cb4db73c8745dd67190.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d34a00b16e3c44485da521109eb36d15.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d39cf5eced58c4c1c7b686e294282d98.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d536f62048a877be0c1ab666926a7577.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d83248271354a95812977167fd606336.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\dc5f0131e9d900956d1c3655e719161c.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\de2a7ef02ba3694da6fffef0d30ae1e1.png, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\e8d9818135c3fe3b010b3036bd0f7cc5.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\f0e108732dad78b133924628871f6bba.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\f9fa33e3d4f5dc6080093b7826005cbb.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\fa5d20b33de423cdb2aa0f865f00bd26.svg, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.css, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.html, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.js, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.css, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.html, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.js, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.css, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.html, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.js, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\crashreporter64.exe, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchband64.dll, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandcf64.exe, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\speechkitlib64.dll, Quarantined, [5092], [575166],1.0.7193 PUP.Optional.SearchBand.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [-1],0.0.0 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 5
- - pup.optional.searchband.tsklnk
  - yandex
  - (and 1 more)
    Tagged with:
    
    pup.optional.searchband.tsklnk
    
    yandex
    
    голосовой помощник алиса
Removal instructions for Your Daily Trailer

Metallica posted a topic in Malware Removal Self-Help Guides

What is Your Daily Trailer?The Malwarebytes research team has determined that Your Daily Trailer is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Your Daily Trailer is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Your Daily Trailer?You may see these browser extensions/add-ons:these warnings during install:and this new homepage in the affected browsers:How did Your Daily Trailer get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove Your Daily Trailer?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Your Daily Trailer? No, Malwarebytes' Anti-Malware removes Your Daily Trailer completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Your Daily Trailer hijacker. It would have blocked traffic to their domains: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_ooMembers_@yourdailytrailer.yournewtab.com.xpi [2018-10-04] CHR Extension: (Your Daily Trailer) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj [2018-10-04] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0 Adds the file manifest.json"="10/4/2018 8:44 AM, 2472 bytes, A Adds the file newtabproduct.html"="9/25/2018 4:02 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_locales\en Adds the file messages.json"="10/4/2018 8:44 AM, 213 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_metadata Adds the file computed_hashes.json"="10/4/2018 8:44 AM, 4688 bytes, A Adds the file verified_contents.json"="9/25/2018 4:02 PM, 5540 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\config Adds the file config.json"="9/25/2018 4:02 PM, 1999 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons Adds the file icon128.png"="10/4/2018 8:44 AM, 19835 bytes, A Adds the file icon16.png"="9/25/2018 4:02 PM, 847 bytes, A Adds the file icon19disabled.png"="9/25/2018 4:02 PM, 579 bytes, A Adds the file icon19on.png"="10/4/2018 8:44 AM, 1232 bytes, A Adds the file icon48.png"="10/4/2018 8:44 AM, 5688 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js Adds the file ajax.js"="9/25/2018 4:02 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="9/25/2018 4:02 PM, 11186 bytes, A Adds the file background.js"="9/25/2018 4:02 PM, 23425 bytes, A Adds the file browserUtils.js"="9/25/2018 4:02 PM, 912 bytes, A Adds the file chrome.js"="9/25/2018 4:02 PM, 146 bytes, A Adds the file content_script.js"="9/25/2018 4:02 PM, 2151 bytes, A Adds the file dlp.js"="9/25/2018 4:02 PM, 5659 bytes, A Adds the file dlpHelper.js"="9/25/2018 4:02 PM, 1799 bytes, A Adds the file extension_detect.js"="9/25/2018 4:02 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="9/25/2018 4:02 PM, 2855 bytes, A Adds the file index.js"="9/25/2018 4:02 PM, 49 bytes, A Adds the file initOfferCEF.js"="9/25/2018 4:02 PM, 8802 bytes, A Adds the file logger.js"="9/25/2018 4:02 PM, 541 bytes, A Adds the file offerService.js"="9/25/2018 4:02 PM, 10337 bytes, A Adds the file pageUtils.js"="9/25/2018 4:02 PM, 2805 bytes, A Adds the file PartnerId.js"="9/25/2018 4:02 PM, 16402 bytes, A Adds the file product.js"="9/25/2018 4:02 PM, 8403 bytes, A Adds the file splashPageLocalStorageSetter.js"="9/25/2018 4:02 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="9/25/2018 4:02 PM, 2868 bytes, A Adds the file storage.js"="9/25/2018 4:02 PM, 1640 bytes, A Adds the file TabManager.js"="9/25/2018 4:02 PM, 151 bytes, A Adds the file TemplateParser.js"="9/25/2018 4:02 PM, 3038 bytes, A Adds the file ul.js"="9/25/2018 4:02 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="9/25/2018 4:02 PM, 1631 bytes, A Adds the file urlUtils.js"="9/25/2018 4:02 PM, 5349 bytes, A Adds the file util.js"="9/25/2018 4:02 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="9/25/2018 4:02 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="9/25/2018 4:02 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj Adds the file 000003.log"="10/4/2018 8:47 AM, 5680 bytes, A Adds the file CURRENT"="10/4/2018 8:44 AM, 16 bytes, A Adds the file LOCK"="10/4/2018 8:44 AM, 0 bytes, A Adds the file LOG"="10/4/2018 8:45 AM, 412 bytes, A Adds the file LOG.old"="10/4/2018 8:44 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/4/2018 8:44 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_ooMembers_@yourdailytrailer.yournewtab.com Adds the file storage.js"="10/4/2018 8:52 AM, 2739 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _ooMembers_@yourdailytrailer.yournewtab.com.xpi"="10/4/2018 8:49 AM, 66631 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "olnecppbhecjfoffhlfekoeombkegcjj"="REG_SZ", "16DB6B07070DF02BA82DE57047E1C1A3C8D1A6E775FD727332730814FB5C4A82" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/4/18 Scan Time: 8:56 AM Log File: 968571c8-c7a2-11e8-b806-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7173 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 239013 Threats Detected: 59 Threats Quarantined: 59 Time Elapsed: 2 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_ooMembers_@yourdailytrailer.yournewtab.com, Quarantined, [1703], [468075],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_locales\en, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_metadata, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_locales, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\config, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OLNECPPBHECJFOFFHLFEKOEOMBKEGCJJ, Quarantined, [1703], [467555],1.0.7173 File: 49 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_ooMembers_@yourdailytrailer.yournewtab.com.xpi, Quarantined, [1703], [457930],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_ooMembers_@yourdailytrailer.yournewtab.com\storage.js, Quarantined, [1703], [468075],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\000003.log, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\CURRENT, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\LOCK, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\LOG, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\LOG.old, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\MANIFEST-000001, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OLNECPPBHECJFOFFHLFEKOEOMBKEGCJJ\13.809.14.8557_0\MANIFEST.JSON, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\config\config.json, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon128.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon16.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon19disabled.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon19on.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon48.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\initOfferCEF.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\ajax.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\b2b-partner-tracking.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\background.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\browserUtils.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\chrome.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\content_script.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\dlp.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\dlpHelper.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\extension_detect.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\genericLoadRemoteSettings.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\index.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\logger.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\offerService.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\pageUtils.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\PartnerId.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\product.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\splashPageLocalStorageSetter.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\splashPageRedirectHandler.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\storage.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\TabManager.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\TemplateParser.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\ul.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\urlFragmentActions.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\urlUtils.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\util.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\webtooltabAPI.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\webTooltabAPIProxy.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_locales\en\messages.json, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_metadata\computed_hashes.json, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_metadata\verified_contents.json, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\newtabproduct.html, Quarantined, [1703], [467555],1.0.7173 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 4
- - pup.optional.mindspark
  - apn llc
  - (and 4 more)
    Tagged with:
    
    pup.optional.mindspark
    
    apn llc
    
    the whiz
    
    olnecppbhecjfoffhlfekoeombkegcjj
    
    yournewtab.com
    
    _oomembers_@yourdailytrailer.yournewtab.com.xpi
Removal instructions for Music Browsing

Metallica posted a topic in Malware Removal Self-Help Guides

What is Music Browsing?The Malwarebytes research team has determined that Music Browsing is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.How do I know if my computer is affected by Music Browsing?You may see these Chrome extensions:and these warnings during install:You will see these icons in your Chrome menu-bar:this new startpage:and these changed settings:How did Music Browsing get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from one of their websites:through the webstore.How do I remove Music Browsing?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Music Browsing? No, Malwarebytes removes Music Browsing completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Music Browsing hijacker. It would have stopped you from visiting the website. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://search.searchmedia.online/search/?category=web&s=b8ds&vert=music&q={searchTerms} CHR DefaultSearchKeyword: Default -> Music Browsing CHR DefaultSuggestURL: Default -> hxxp://sug.searchmedia.online/search/index_sg.php?q={searchTerms} CHR Extension: (Media Start) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg [2018-10-03] CHR Extension: (Music Browsing) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl [2018-10-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0 Adds the file index.html"="9/5/2018 11:58 AM, 3524 bytes, A Adds the file manifest.json"="10/3/2018 8:36 AM, 1197 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\_metadata Adds the file computed_hashes.json"="10/3/2018 8:36 AM, 12132 bytes, A Adds the file verified_contents.json"="9/5/2018 3:43 PM, 5481 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\css Adds the file style.css"="9/6/2017 4:39 PM, 2210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons Adds the file amazon.png"="9/6/2017 4:39 PM, 2395 bytes, A Adds the file ebay.png"="9/6/2017 4:39 PM, 2510 bytes, A Adds the file facebook.png"="9/6/2017 4:39 PM, 1858 bytes, A Adds the file instagram.png"="9/6/2017 4:39 PM, 2262 bytes, A Adds the file linkedin.png"="9/6/2017 4:39 PM, 2006 bytes, A Adds the file pinterest.png"="9/6/2017 4:39 PM, 2728 bytes, A Adds the file twitter.png"="9/6/2017 4:39 PM, 2159 bytes, A Adds the file yahoo.png"="9/6/2017 4:39 PM, 2222 bytes, A Adds the file youtube.png"="9/6/2017 4:39 PM, 2298 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs Adds the file icon128.png"="10/3/2018 8:36 AM, 3039 bytes, A Adds the file icon16.png"="10/3/2018 8:36 AM, 575 bytes, A Adds the file icon38.png"="10/3/2018 8:36 AM, 1170 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\offers Adds the file action.png"="9/6/2017 4:39 PM, 44375 bytes, A Adds the file adventure.png"="9/6/2017 4:39 PM, 30922 bytes, A Adds the file animation.png"="9/6/2017 4:39 PM, 17787 bytes, A Adds the file comedy.png"="9/6/2017 4:39 PM, 36342 bytes, A Adds the file drama.png"="9/6/2017 4:39 PM, 37476 bytes, A Adds the file romance.png"="9/6/2017 4:39 PM, 39306 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\js Adds the file auto_complete.js"="9/5/2018 3:56 PM, 2612 bytes, A Adds the file background.js"="4/17/2018 5:20 PM, 5479 bytes, A Adds the file bootstrap.min.js"="9/6/2017 4:39 PM, 35607 bytes, A Adds the file config.js"="9/5/2018 3:42 PM, 818 bytes, A Adds the file content.js"="9/5/2018 3:40 PM, 2801 bytes, A Adds the file jquery.min.js"="9/6/2017 4:39 PM, 93104 bytes, A Adds the file jqueryui.min.js"="9/6/2017 4:39 PM, 228013 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical Adds the file icon_vertical.png"="9/5/2018 2:55 PM, 2509 bytes, A Adds the file vertical.js"="9/6/2017 4:39 PM, 447 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\offers Adds the file action.png"="9/6/2017 4:39 PM, 44375 bytes, A Adds the file adventure.png"="9/6/2017 4:39 PM, 30922 bytes, A Adds the file animation.png"="9/6/2017 4:39 PM, 17787 bytes, A Adds the file comedy.png"="9/6/2017 4:39 PM, 36342 bytes, A Adds the file drama.png"="9/6/2017 4:39 PM, 37476 bytes, A Adds the file romance.png"="9/6/2017 4:39 PM, 39306 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0 Adds the file background.js"="9/3/2018 4:27 PM, 8525 bytes, A Adds the file manifest.json"="10/3/2018 8:35 AM, 2253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\_metadata Adds the file computed_hashes.json"="10/3/2018 8:35 AM, 1534 bytes, A Adds the file verified_contents.json"="9/3/2018 4:26 PM, 2152 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\browser_action Adds the file browser_action.html"="8/13/2018 11:32 AM, 2239 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\browser_action\js Adds the file main.js"="9/3/2018 4:29 PM, 366 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\icons Adds the file icon128.png"="10/3/2018 8:35 AM, 1960 bytes, A Adds the file icon16.png"="10/3/2018 8:35 AM, 343 bytes, A Adds the file icon38.png"="10/3/2018 8:35 AM, 801 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\js\jquery Adds the file jquery.min.js"="8/12/2018 10:26 AM, 83100 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "gpfpblkonamkagckocgpmpgbjhjmfijg"="REG_SZ", "D846339C0CE70C8E43E290E8141C1B2444D2EC26B565E11A03095BEF70209088" "lklcbakipdcoeclfpekcebgamelgindl"="REG_SZ", "6C1CF4D5BB3E362FB651F35CA83EEAC70DAE44A9CE0710E5571840A416184A3C" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/3/18 Scan Time: 8:41 AM Log File: 4d77efaf-c6d7-11e8-bc08-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7149 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 239064 Threats Detected: 70 Threats Quarantined: 70 Time Elapsed: 4 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\browser_action\js, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\browser_action, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\js\jquery, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\_metadata, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\icons, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\js, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LKLCBAKIPDCOECLFPEKCEBGAMELGINDL, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GoMovix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\offers, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\offers, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\_metadata, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\css, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\js, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GPFPBLKONAMKAGCKOCGPMPGBJHJMFIJG\1.0.0_0, Quarantined, [14270], [515860],1.0.7149 File: 52 PUP.Optional.GetMedia.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LKLCBAKIPDCOECLFPEKCEBGAMELGINDL\1.0.0_0\MANIFEST.JSON, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\browser_action\js\main.js, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\browser_action\browser_action.html, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\icons\icon128.png, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\icons\icon16.png, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\icons\icon38.png, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\js\jquery\jquery.min.js, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\_metadata\computed_hashes.json, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\_metadata\verified_contents.json, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GetMedia.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lklcbakipdcoeclfpekcebgamelgindl\1.0.0_0\background.js, Quarantined, [14385], [567243],1.0.7149 PUP.Optional.GoMovix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GPFPBLKONAMKAGCKOCGPMPGBJHJMFIJG\1.0.0_0\JS\CONFIG.JS, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\css\style.css, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\amazon.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\ebay.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\facebook.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\instagram.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\linkedin.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\pinterest.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\twitter.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\yahoo.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\icons\youtube.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\offers\action.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\offers\adventure.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\offers\animation.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\offers\comedy.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\offers\drama.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\offers\romance.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\icon128.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\icon16.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\imgs\icon38.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\js\auto_complete.js, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\js\background.js, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\js\bootstrap.min.js, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\js\content.js, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\js\jquery.min.js, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\js\jqueryui.min.js, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\offers\action.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\offers\adventure.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\offers\animation.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\offers\comedy.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\offers\drama.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\offers\romance.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\icon_vertical.png, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\vertical\vertical.js, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\_metadata\computed_hashes.json, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\_metadata\verified_contents.json, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\index.html, Quarantined, [14270], [515860],1.0.7149 PUP.Optional.GoMovix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfpblkonamkagckocgpmpgbjhjmfijg\1.0.0_0\manifest.json, Quarantined, [14270], [515860],1.0.7149 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 3
- - pup.optional.getmedia
  - pup.optional.gomovix
  - (and 3 more)
    Tagged with:
    
    pup.optional.getmedia
    
    pup.optional.gomovix
    
    searchmedia.online
    
    lklcbakipdcoeclfpekcebgamelgindl
    
    gpfpblkonamkagckocgpmpgbjhjmfijg
Removal instructions for Live TV Now

Metallica posted a topic in Malware Removal Self-Help Guides

What is Live TV Now?The Malwarebytes research team has determined that Live TV Now is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Live TV Now is a member of the Spigot family as described in the blogpost Spigot browser hijackers.How do I know if my computer is affected by Live TV Now?You may see this browser add-on:and this new default search provider:You may see this entry in your list of installed software:these warnings during install:and this new startpage in the affected browser(s):How did Live TV Now get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site.How do I remove Live TV Now?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Live TV Now? No, Malwarebytes removes Live TV Now completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Live TV Now hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to their domain.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hlivetvnow.co/?uc=20181002&i_id=tv_spt__1.30&uid={user clsid}&ap=appfocus1&source=-lp0-bb8 SearchScopes: HKCU -> DefaultScope {466FE350-6C13-453E-8AA2-36D2C20EC9FF} URL = hxxp://search.hlivetvnow.co/s?uc=20181002&i_id=tv_spt__1.30&uid={user clsid}&ap=appfocus1&source=-lp0-bb8&query={searchTerms} SearchScopes: HKCU -> {466FE350-6C13-453E-8AA2-36D2C20EC9FF} URL = hxxp://search.hlivetvnow.co/s?uc=20181002&i_id=tv_spt__1.30&uid={user clsid}&ap=appfocus1&source=-lp0-bb8&query={searchTerms} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\web@TV.xpi [2018-10-02] C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Live TV Now (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 4.4.0.3 - SpringTech Ltd.) Changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Adds the file Uninstall.exe"="10/2/2018 9:02 AM, 320256 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\web@TV Adds the file storage.js"="10/2/2018 8:59 AM, 308 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file web@TV.xpi"="10/2/2018 8:59 AM, 14977 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.hlivetvnow.co/?uc=20181002&i_id=tv_spt__1.30&uid={user clsid}&ap=appfocus1&source=-lp0-bb8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{466FE350-6C13-453E-8AA2-36D2C20EC9FF}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{466FE350-6C13-453E-8AA2-36D2C20EC9FF}] "DisplayName"="REG_SZ", "Live TV Now - Powered by Yahoo!" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.hlivetvnow.co/s?uc=20181002&i_id=tv_spt__1.30&uid={user clsid}&ap=appfocus1&source=-lp0-bb8&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "Live TV Now" "DisplayVersion"="REG_SZ", "4.4.0.3" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\" "Publisher"="REG_SZ", "SpringTech Ltd." "UninstallDialog"="REG_DWORD", 2 "UninstallEngineID"="REG_SZ", "{466FE350-6C13-453E-8AA2-36D2C20EC9FF}" "UninstallHomepage"="REG_SZ", "http://search.hlivetvnow.co/?uc=20181002&i_id=tv_spt__1.30&uid={user clsid}&ap=appfocus1&source=-lp0-bb8" "UninstallImpression"="REG_SZ", "http://www.springdwnld2.com/impression.do?domain=hlivetvnow.co&implementation_id=tv_spt__1.30&offer_id=_iei_&source=-lp0-bb8&sub_id=20181002&traffic_source=appfocus1&user_id={user clsid}&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&ts=1538463719&sgn=ad6a2e0822ff0423b39a337b1a7ce4a87bed3f12&subid2=11.0.9600.19129&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall" Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/2/18 Scan Time: 9:10 AM Log File: 3c0e1146-c612-11e8-aaf7-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7131 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 239068 Threats Detected: 6 Threats Quarantined: 6 Time Elapsed: 2 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Quarantined, [170], [373878],1.0.7131 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\{28E56CFB-E30E-4F66-85D8-339885B726B8}, Quarantined, [170], [373878],1.0.7131 PUP.Optional.PolarityTech.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\WEB@TV, Quarantined, [1701], [508613],1.0.7131 File: 3 PUP.Optional.Spigot, C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe, Quarantined, [170], [373878],1.0.7131 PUP.Optional.PolarityTech.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\WEB@TV.XPI, Quarantined, [1701], [509071],1.0.7131 PUP.Optional.PolarityTech.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\WEB@TV\STORAGE.JS, Quarantined, [1701], [508613],1.0.7131 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- October 2
- - pup.optional.spigot
  - pup.optional.polaritytech
  - (and 2 more)
    Tagged with:
    
    pup.optional.spigot
    
    pup.optional.polaritytech
    
    livetvnow.co
    
    web@tv.xpi

4 Followers

About Metallica

Profile Information

Recent Profile Visitors

Important Information