Jump to content

Search the Community

Showing results for tags 'gsearchfinder'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. What is Youndoo? The Malwarebytes research team has determined that Youndoo is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one belongs to the GsearchFinder family that adds an extra Firefox profile. How do I know if my computer is affected by Youndoo? You may see this entry in your list of installed software: this type of Scheduled Task: and you will be hijacked to this search page: and see these settings in your browser(s): Chrome Firefox How did Youndoo get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove Youndoo? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. Due to the nature of this hijack it is better to perform some parts of the removal yourself. You can skip the parts that are for browsers which you don't have installed. Please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-version.exe and follow the prompts to install the program. At the end, be sure a check-mark is placed next to the following: Enable free trial of Malwarebytes Anti-Malware Premium Launch Malwarebytes Anti-Malware Then click Finish. If an update is found, you will be prompted to download and install the latest version. Remove the new Firefox profile, see detailed instructions in the post below this one. Reset Google Chrome settings, see detailed instructions in the post below this one. This is necessary or the new install will inherit the corrupted settings of the infected one. Uninstall Chrome, see detailed instructions in the post below this one. In Malwarebytes Anti-Malware, select Scan Now. Or select the Threat Scan from the Scan menu. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. If you wish to use Chrome again, do a clean Chrome install,see detailed instructions in the post below this one. Is there anything else I need to do to get rid of Youndoo? No, Malwarebytes' Anti-Malware removes Youndoo completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Youndoo hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Please note that some file- and foldernames in the logs below are randomized. Possible signs in FRST logs: HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellExecuteHooks: - {6710C780-E20E-4C49-A87D-321850ED3D7C} - C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Cookies\werrise.dll [388096 2016-06-28] () FF ProfilePath: C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default FF NewTab: hxxp://www.youndoo.com/?z={z1}&from=btp&uid=VBOXXHARDDISK_VB3361b1e7-85c503b7&type=hp FF DefaultSearchEngine: youndoo FF SelectedSearchEngine: youndoo FF Homepage: hxxp://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\searchplugins\xirzzddp.xml [2016-06-29] FF Extension: GsearchFinder - C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-06-28] CHR HomePage: lirosyhizetheratbther -> hxxp://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp CHR StartupUrls: lirosyhizetheratbther -> "hxxp://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp" CHR DefaultSearchURL: lirosyhizetheratbther -> hxxp://www.youndoo.com/search/?q={searchTerms}&z={z1}&from=btp&uid={harddiskID}&type=sp CHR DefaultSearchKeyword: lirosyhizetheratbther -> youndoo S2 plohisAdapterArw.exe; C:\Program Files (x86)\Bevconesy\plohisAdapterArw.exe [708896 2016-06-28] () C:\Windows\System32\Tasks\Plohis Adapter C:\Users\{username}\AppData\Local\grizosyanqshbuzersp C:\Program Files (x86)\Bevconesy youndoo - Uninstall (HKLM-x32\...\{61FC6201-6727-43A3-ADFF-A360F9817331}) (Version: - ) Task: {48BD166D-DC7D-484A-BE0B-B9D487A4D21D} - System32\Tasks\Plohis Adapter => C:\Program Files (x86)\Bevconesy\plohisAdapterGrq.exe [2016-06-28] () () C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Cookies\werrise.dll Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Bevconesy Adds the file AppleVersions.dllbkz"="6/29/2016 8:52 AM, 36 bytes, A Adds the file hiqerward.exee58"="6/29/2016 8:52 AM, 36 bytes, A Adds the file msvcr100.dll"="6/28/2016 3:38 AM, 773968 bytes, A Adds the file Nfccontrols.dll"="6/28/2016 3:38 AM, 471552 bytes, A Adds the file plohisAdapterArw.exe"="6/28/2016 3:37 AM, 708896 bytes, A Adds the file plohisAdapterGrq.exe"="6/28/2016 3:37 AM, 346400 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther Adds the file ChromeDWriteFontCache"="2/10/2016 11:39 AM, 22900556 bytes, A Adds the file Cookies"="6/28/2016 9:18 AM, 12288 bytes, A Adds the file Cookies-journal"="6/28/2016 9:18 AM, 0 bytes, A Adds the file Current Session"="6/28/2016 9:18 AM, 95082 bytes, A Adds the file Current Tabs"="6/28/2016 9:18 AM, 46289 bytes, A Adds the file Extension Cookies"="3/3/2016 10:14 AM, 7168 bytes, A Adds the file Extension Cookies-journal"="3/3/2016 10:14 AM, 0 bytes, A Adds the file Favicons"="5/26/2016 8:25 AM, 20480 bytes, A Adds the file Favicons-journal"="5/26/2016 8:25 AM, 0 bytes, A Adds the file Google Profile.ico"="2/10/2016 11:38 AM, 176873 bytes, A Adds the file History"="6/28/2016 9:17 AM, 94208 bytes, A Adds the file History Provider Cache"="6/28/2016 9:18 AM, 6 bytes, A Adds the file History-journal"="6/28/2016 9:17 AM, 0 bytes, A Adds the file Last Session"="6/28/2016 9:16 AM, 97207 bytes, A Adds the file Last Tabs"="6/28/2016 9:17 AM, 46289 bytes, A Adds the file Login Data"="4/19/2016 1:37 PM, 18432 bytes, A Adds the file Login Data-journal"="4/19/2016 1:37 PM, 0 bytes, A Adds the file Network Action Predictor"="2/10/2016 11:39 AM, 13312 bytes, A Adds the file Network Action Predictor-journal"="2/10/2016 11:39 AM, 0 bytes, A Adds the file Network Persistent State"="6/28/2016 9:18 AM, 40 bytes, A Adds the file Origin Bound Certs"="4/19/2016 1:37 PM, 9216 bytes, A Adds the file Origin Bound Certs-journal"="4/19/2016 1:37 PM, 0 bytes, A Adds the file Preferences"="6/28/2016 9:18 AM, 8686 bytes, A Adds the file QuotaManager"="3/3/2016 10:14 AM, 15360 bytes, A Adds the file QuotaManager-journal"="3/3/2016 10:14 AM, 0 bytes, A Adds the file README"="2/10/2016 11:38 AM, 180 bytes, A Adds the file Secure Preferences"="6/29/2016 8:52 AM, 38194 bytes, A Adds the file Secure Preferenceswipicharozustokacult"="6/28/2016 9:18 AM, 37517 bytes, A Adds the file Shortcuts"="3/3/2016 10:14 AM, 20480 bytes, A Adds the file Shortcuts-journal"="3/3/2016 10:14 AM, 0 bytes, A Adds the file Top Sites"="3/3/2016 10:14 AM, 20480 bytes, A Adds the file Top Sites-journal"="3/3/2016 10:14 AM, 0 bytes, A Adds the file TransportSecurity"="6/17/2016 9:35 AM, 8 bytes, A Adds the file Visited Links"="5/11/2016 8:48 AM, 131072 bytes, A Adds the file Web Data"="3/3/2016 10:14 AM, 63488 bytes, A Adds the file Web Data-journal"="3/3/2016 10:14 AM, 0 bytes, A Adds the file Web Datawipicharozustokacult"="3/3/2016 10:14 AM, 63488 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\Cache Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\data_reduction_proxy_leveldb Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\databases Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\Extension State Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\Extensions Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\GPUCache Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\JumpListIcons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\JumpListIconsOld Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\Local Storage Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\Session Storage Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\Storage\ext\chrome-signin\def\GPUCache Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\lirosyhizetheratbther\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\Caps Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\CertificateTransparency Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\Crashpad Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\Crashpad\reports Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\EVWhitelist Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\data_reduction_proxy_leveldb Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\databases Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\Extension State Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\Extensions Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\Local Storage Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\Session Storage Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\Storage\ext\chrome-signin\def Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\lirosyhizetheratbther\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\PepperFlash Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\pnacl Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\ShaderCache Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\SwiftShader Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\SwReporter Adds the folder C:\Users\{username}\AppData\Local\grizosyanqshbuzersp\WidevineCDM In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox Alters the file profiles.ini 2/10/2016 11:14 AM, 122 bytes, A ==> 6/29/2016 8:52 AM, 210 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\rijercultclozerwardvebeied Adds the file backprofiles.ini"="2/10/2016 11:14 AM, 122 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default Adds the file addons.json"="6/20/2016 10:43 AM, 1453 bytes, A Adds the file blocklist.xml"="6/20/2016 10:45 AM, 235727 bytes, A Adds the file cert8.db"="6/20/2016 1:23 PM, 65536 bytes, A Adds the file compatibility.ini"="6/20/2016 11:24 AM, 228 bytes, A Adds the file content-prefs.sqlite"="2/10/2016 11:14 AM, 229376 bytes, A Adds the file cookies.sqlite"="6/20/2016 1:23 PM, 524288 bytes, A Adds the file extensions.ini"="6/20/2016 11:24 AM, 185 bytes, A Adds the file extensions.json"="6/20/2016 11:24 AM, 4312 bytes, A Adds the file formhistory.sqlite"="5/11/2016 8:46 AM, 196608 bytes, A Adds the file key3.db"="6/20/2016 1:23 PM, 16384 bytes, A Adds the file mimeTypes.rdf"="2/10/2016 11:14 AM, 3739 bytes, A Adds the file parent.lock"="6/20/2016 11:24 AM, 0 bytes, A Adds the file permissions.sqlite"="2/10/2016 11:14 AM, 98304 bytes, A Adds the file places.sqlite"="6/20/2016 11:23 AM, 10485760 bytes, A Adds the file pluginreg.dat"="5/18/2016 9:33 AM, 346 bytes, A Adds the file prefs.js"="6/29/2016 8:52 AM, 11926 bytes, A Adds the file revocations.txt"="6/20/2016 11:24 AM, 7488 bytes, A Adds the file search-metadata.json"="6/29/2016 8:52 AM, 216 bytes, A Adds the file secmod.db"="2/10/2016 11:14 AM, 16384 bytes, A Adds the file sessionCheckpoints.json"="6/20/2016 1:23 PM, 288 bytes, A Adds the file sessionstore.js"="6/20/2016 1:23 PM, 870 bytes, A Adds the file SiteSecurityServiceState.txt"="6/20/2016 1:23 PM, 328 bytes, A Adds the file times.json"="2/10/2016 11:14 AM, 29 bytes, A Adds the file webappsstore.sqlite"="5/18/2016 9:34 AM, 98304 bytes, A Adds the file xulstore.json"="6/20/2016 11:25 AM, 322 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Profiles\kikutionppsecoerkidom Adds the file addons.json"="6/20/2016 10:43 AM, 1453 bytes, A Adds the file blocklist.xml"="6/20/2016 10:45 AM, 235727 bytes, A Adds the file cert8.db"="6/20/2016 1:23 PM, 65536 bytes, A Adds the file compatibility.ini"="6/20/2016 11:24 AM, 228 bytes, A Adds the file content-prefs.sqlite"="2/10/2016 11:14 AM, 229376 bytes, A Adds the file cookies.sqlite"="6/20/2016 1:23 PM, 524288 bytes, A Adds the file extensions.ini"="6/20/2016 11:24 AM, 185 bytes, A Adds the file extensions.json"="6/20/2016 11:24 AM, 4312 bytes, A Adds the file formhistory.sqlite"="5/11/2016 8:46 AM, 196608 bytes, A Adds the file key3.db"="6/20/2016 1:23 PM, 16384 bytes, A Adds the file mimeTypes.rdf"="2/10/2016 11:14 AM, 3739 bytes, A Adds the file parent.lock"="6/20/2016 11:24 AM, 0 bytes, A Adds the file permissions.sqlite"="2/10/2016 11:14 AM, 98304 bytes, A Adds the file places.sqlite"="6/20/2016 11:23 AM, 10485760 bytes, A Adds the file pluginreg.dat"="5/18/2016 9:33 AM, 346 bytes, A Adds the file prefs.js"="6/29/2016 8:52 AM, 11926 bytes, A Adds the file revocations.txt"="6/20/2016 11:24 AM, 7488 bytes, A Adds the file search-metadata.json"="6/29/2016 8:52 AM, 216 bytes, A Adds the file secmod.db"="2/10/2016 11:14 AM, 16384 bytes, A Adds the file sessionCheckpoints.json"="6/20/2016 1:23 PM, 288 bytes, A Adds the file sessionstore.js"="6/20/2016 1:23 PM, 870 bytes, A Adds the file SiteSecurityServiceState.txt"="6/20/2016 1:23 PM, 328 bytes, A Adds the file times.json"="2/10/2016 11:14 AM, 29 bytes, A Adds the file webappsstore.sqlite"="5/18/2016 9:34 AM, 98304 bytes, A Adds the file xulstore.json"="6/20/2016 11:25 AM, 322 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Plohis Adapter"="6/29/2016 8:52 AM, 9020 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\causqo] "day"="REG_SZ", "20160629" "upday"="REG_SZ", "20160629" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}\InProcServer32] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Cookies\werrise.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] "help"="REG_SZ", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{6710C780-E20E-4C49-A87D-321850ED3D7C}"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "EnableShellExecuteHooks"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}] "hp"="REG_SZ", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext" "s"="REG_SZ", "HtTp://d3d5rryrijbudj.cloudfront.net/gzi4nvrb?u=%s&update0=version,%s&update1=sys,%s&update4=ref,%s&update5=mode,%s&update6=sys0,%s&update7=sys1,%s&update8=sys2,%s&update9=sys3,%s&update10=sys4,%s"!!~~~~~~~~~~ie-sucks~~~~~~~~~~~~!! "sp"="REG_SZ", "http://www.youndoo.com/search/?q={searchTerms}&z={z1}&from=btp&uid={harddiskID}&type=sp" "spname"="REG_SZ", "youndoo" "surl"="REG_SZ", "http://www.youndoo.com/search/?&z={z1}&from=btp&uid={harddiskID}&type=sp&q=" "tab"="REG_SZ", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext" "uid"="REG_SZ", "CB75DF05542D4707119BC449A5FA9A4A" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{E6276374-DE18-4AA5-A365-9016A2F98A2D}] "c"="REG_DWORD", 1 "f"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\causqo] "day"="REG_SZ", "20160629" "upday"="REG_SZ", "20160629" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CB75DF05542D4707119BC449A5FA9A4A] "(Default)"="REG_SZ", "{9DC74CD5-24EA-4ADE-9C42-608A8CE17116}" "{9DC74CD5-24EA-4ADE-9C42-608A8CE17116}"="REG_BINARY, ......................................................................................................................................................................................................z.......................................................................................................................................................................................................z..................................................................................................................................................................................................................................................................................................................... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61FC6201-6727-43A3-ADFF-A360F9817331}] "DisplayName"="REG_SZ", "youndoo - Uninstall" "UninstallString"="REG_SZ", "rundll32.exe "C:\Program Files (x86)\Bevconesy\Nfccontrols.dll",u "/k={61FC6201-6727-43A3-ADFF-A360F9817331}"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}] "hp"="REG_SZ", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext" "s"="REG_SZ", "HtTp://d3d5rryrijbudj.cloudfront.net/gzi4nvrb?u=%s&update0=version,%s&update1=sys,%s&update4=ref,%s&update5=mode,%s&update6=sys0,%s&update7=sys1,%s&update8=sys2,%s&update9=sys3,%s&update10=sys4,%s"!!~~~~~~~~~~ie-sucks~~~~~~~~~~~~!! "sp"="REG_SZ", "http://www.youndoo.com/search/?q={searchTerms}&z={z1}&from=btp&uid={harddiskID}&type=sp" "spname"="REG_SZ", "youndoo" "surl"="REG_SZ", "http://www.youndoo.com/search/?&z={z1}&from=btp&uid={harddiskID}&type=sp&q=" "tab"="REG_SZ", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext" "uid"="REG_SZ", "CB75DF05542D4707119BC449A5FA9A4A" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\youndooSoftware\youndoohp] "oem"="REG_SZ", "btp" "Time"="REG_DWORD", 1467183137 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\plohisAdapterArw.exe] "DelayedAutostart"="REG_DWORD", 1 "Description"="REG_SZ", "Receives activation requests over the server and passes them to Plohis." "DisplayName"="REG_SZ", "Plohis Adapter" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files (x86)\Bevconesy\plohisAdapterArw.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116}" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 272 "WOW64"="REG_DWORD", 1 [HKEY_USERS\.DEFAULT\Software\causqo] "day"="REG_SZ", "20160629" "upday"="REG_SZ", "20160629" [HKEY_USERS\.DEFAULT\Software\CB75DF05542D4707119BC449A5FA9A4A] "c"="REG_DWORD", 1 "d"="REG_SZ", "20160629" "o"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\CB75DF05542D4707119BC449A5FA9A4A] "c"="REG_DWORD", 1 "d"="REG_SZ", "20160629" "o"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}] "hp"="REG_SZ", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext" "s"="REG_SZ", "HtTp://d3d5rryrijbudj.cloudfront.net/gzi4nvrb?u=%s&update0=version,%s&update1=sys,%s&update4=ref,%s&update5=mode,%s&update6=sys0,%s&update7=sys1,%s&update8=sys2,%s&update9=sys3,%s&update10=sys4,%s"!!~~~~~~~~~~ie-sucks~~~~~~~~~~~~!! "sp"="REG_SZ", "http://www.youndoo.com/search/?q={searchTerms}&z={z1}&from=btp&uid={harddiskID}&type=sp" "spname"="REG_SZ", "youndoo" "surl"="REG_SZ", "http://www.youndoo.com/search/?&z={z1}&from=btp&uid={harddiskID}&type=sp&q=" "tab"="REG_SZ", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext" "uid"="REG_SZ", "CB75DF05542D4707119BC449A5FA9A4A" Malwarebytes Anti-Malware log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/29/2016 Scan Time: 9:26 AM Logfile: mbamYoundoo.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.29.02 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 314230 Time Elapsed: 8 min, 25 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 7 PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\plohisAdapterArw.exe, Quarantined, [5a5c12f099011f17263fe6eb0ff2867a], PUP.Optional.Youndoo, HKLM\SOFTWARE\CLASSES\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Quarantined, [8234837f6c2e44f2f5813c34c43e54ac], PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [d2e4738f17836bcb9eb5537716ecb64a], PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\youndooSoftware, Quarantined, [d6e034cef9a1bf777e91a129679bf709], PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{61FC6201-6727-43A3-ADFF-A360F9817331}, Quarantined, [892d07fbf4a643f378da1eac0bf77987], PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [7b3bc43e4f4b6fc7084be4e689794ab6], PUP.Optional.Youndoo, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [684e659de0bae74f84cbfeccfe04fa06], Registry Values: 14 PUP.Optional.Youndoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Quarantined, [bdf96c96c1d9af871d590f619d659967], PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext, Quarantined, [d2e4738f17836bcb9eb5537716ecb64a] PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext, Quarantined, [b6003ac84f4b70c6d28112b8a35ff40c] PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.youndoo.com/search/?q={searchTerms}&z={z1}&from=btp&uid={harddiskID}&type=sp, Quarantined, [c4f2af53376342f4054e408acb3739c7] PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.youndoo.com/search/?&z={z1}&from=btp&uid={harddiskID}&type=sp&q=, Quarantined, [8135f70bfc9ebc7ace85a426f90934cc] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{61FC6201-6727-43A3-ADFF-A360F9817331}|DisplayName, youndoo - Uninstall, Quarantined, [892d07fbf4a643f378da1eac0bf77987] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext, Quarantined, [7b3bc43e4f4b6fc7084be4e689794ab6] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext, Quarantined, [694d5ca66832a1950251fdcde81a1ce4] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.youndoo.com/search/?q={searchTerms}&z={z1}&from=btp&uid={harddiskID}&type=sp, Quarantined, [06b047bb8f0be056aba8ca0049b9e51b] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.youndoo.com/search/?&z={z1}&from=btp&uid={harddiskID}&type=sp&q=, Quarantined, [12a4b151603a2e0880d399314bb77c84] PUP.Optional.Youndoo, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext, Quarantined, [684e659de0bae74f84cbfeccfe04fa06] PUP.Optional.Youndoo, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp&mode=ffsengext, Quarantined, [cbeb9969fd9d1521004f8347b54da759] PUP.Optional.Youndoo, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.youndoo.com/search/?q={searchTerms}&z={z1}&from=btp&uid={harddiskID}&type=sp, Quarantined, [fdb9bf431a807db974db43878c766c94] PUP.Optional.Youndoo, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.youndoo.com/search/?&z={z1}&from=btp&uid={harddiskID}&type=sp&q=, Quarantined, [981e0ef4bfdb5ed8a6a9d7f353af8977] Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.GsearchFinder, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\YourGSearchFinder_br, Quarantined, [d0e68979e8b286b05d60ecdc837f43bd], PUP.Optional.Youndoo, C:\Program Files (x86)\Bevconesy, Quarantined, [2b8b29d9a9f12d09eba69c2d56ac55ab], Files: 24 PUP.Optional.YesSearches, C:\Program Files (x86)\Bevconesy\plohisAdapterArw.exe, Quarantined, [5a5c12f099011f17263fe6eb0ff2867a], PUP.Optional.YesSearches, C:\Users\{username}\Desktop\setup.exe, Quarantined, [00b6b84a3a60162066e54f83956c5aa6], PUP.Optional.YesSearches, C:\Program Files (x86)\Bevconesy\plohisAdapterGrq.exe, Quarantined, [971f1fe3aded71c51e479f32e61b09f7], PUP.Optional.YesSearches.Gen, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Cookies\werrise.dll, Delete-on-Reboot, [6353ec16633783b35c4d0ac024dedf21], PUP.Optional.GsearchFinder, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi, Quarantined, [2492e9193367bc7a72b747b74bb810f0], PUP.Optional.GsearchFinder, C:\Users\{username}\AppData\Roaming\Profiles\kikutionppsecoerkidom\extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi, Quarantined, [694d9d6523778bab7dace717ab58f010], PUP.Optional.Youndoo, C:\Program Files (x86)\Bevconesy\AppleVersions.dllbkz, Quarantined, [2b8b29d9a9f12d09eba69c2d56ac55ab], PUP.Optional.Youndoo, C:\Program Files (x86)\Bevconesy\hiqerward.exee58, Quarantined, [2b8b29d9a9f12d09eba69c2d56ac55ab], PUP.Optional.Youndoo, C:\Program Files (x86)\Bevconesy\msvcr100.dll, Quarantined, [2b8b29d9a9f12d09eba69c2d56ac55ab], PUP.Optional.Youndoo, C:\Program Files (x86)\Bevconesy\Nfccontrols.dll, Quarantined, [2b8b29d9a9f12d09eba69c2d56ac55ab], PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp");), Replaced,[2c8a0ff3bcde77bf6e320b93c3417888] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\prefs.js, Good: (), Bad: (reported", 1); user_pref("browser.cache.disk.smart_size.first_run", false); user_pref("browser.cache.disk.smart_size.use_old_max", false); user_pref("browser.cache.frec), Replaced,[2d8960a2b2e880b628787628da2a0df3] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\prefs.js, Good: (), Bad: ( application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("acc), Replaced,[387ed52de3b7bb7b366a3b63a4604fb1] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\prefs.js, Good: (), Bad: (manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.typeaheadfind", true); user_pref("app.update.auto", false); user_pref("app.update.enabled", fal), Replaced,[833308fa49513204bce41d81f70d51af] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\prefs.js, Good: (), Bad: (2211); user_pref("app.update.lastUpdateTime.background-update-timer", 1466411971); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1466412), Replaced,[05b1f40e0892fb3b168ac4da0ef613ed] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\prefs.js, Good: (), Bad: (\"multiprocessCompatible\":false,\"runInSafeMode\":false},\"loop@mozilla.org\":{\"version\":\"1.3.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\fe), Replaced,[9d19fd05fc9e86b0a4fceab4966ea25e] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\prefs.js, Good: (), Bad: (; user_pref("browser.search.searchengine.hp", "http://www.youndoo.com/?z={z1}&from=btp&uid=VBOXXHARDDISK_VB3361b1e7-85c503b), Replaced,[d0e65ba7d5c5aa8cd2ce0e9023e15ba5] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\kikutionppsecoerkidom\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.youndoo.com/?z={z1}&from=btp&uid={harddiskID}&type=hp");), Replaced,[e6d0e61cf9a1092de7b9138b2ada639d] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\kikutionppsecoerkidom\prefs.js, Good: (), Bad: (_bookmarks", false); user_pref("browser.cache.disk.capacity", 358400); user_pref("browser.cache.disk.filesystem_reported", 1); user_pref("browser.cache.disk.smart_size.), Replaced,[b8fed32fb4e6cf67a9f79a0483814fb1] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\kikutionppsecoerkidom\prefs.js, Good: (), Bad: ( application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("acc), Replaced,[7c3ae51d425843f3c0e089156f950bf5] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\kikutionppsecoerkidom\prefs.js, Good: (), Bad: (manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.typeaheadfind", true); user_pref("app.update.auto", false); user_pref("app.update.enabled", fal), Replaced,[f3c353afd4c649ed940c623c2dd72ad6] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\kikutionppsecoerkidom\prefs.js, Good: (), Bad: (2211); user_pref("app.update.lastUpdateTime.background-update-timer", 1466411971); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1466412), Replaced,[ccea05fd5d3d3ef8e1bf1e807292db25] PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\8ntoizyz.default\searchplugins\xirzzddp.xml, Quarantined, [328435cd3a60d16567e83668bc48946c], PUP.Optional.Youndoo, C:\Users\{username}\AppData\Roaming\Profiles\kikutionppsecoerkidom\searchplugins\xirzzddp.xml, Quarantined, [a115be44bbdf072fb8974c52c53f31cf], Physical Sectors: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is HohoSearch? The Malwarebytes research team has determined that HohoSearch is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is affected by HohoSearch? You may see this entry in your list of installed software: and these changes in your browser setttings: this Firefox add-on: this Scheduled Task: and you will see that the shortcuts for Firefox and/or Chrome on your desktop and in your taskbar (pinned) have been changed: How did HohoSearch get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove HohoSearch? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. Please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-version.exe and follow the prompts to install the program. At the end, be sure a check-mark is placed next to the following: Enable free trial of Malwarebytes Anti-Malware Premium Launch Malwarebytes Anti-Malware Then click Finish. If an update is found, you will be prompted to download and install the latest version. Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of HohoSearch? No, Malwarebytes' Anti-Malware removes HohoSearch completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. Look at the first reply to this topic to learn how you can go back to your old Firefox profile We advise you to look at our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the HohoSearch hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: FF ProfilePath: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF NewTab: hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffseng FF DefaultSearchEngine: hohosearch FF SelectedSearchEngine: hohosearch FF Homepage: hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffseng FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-20] FF Extension: GsearchFinder - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-20] CHR HomePage: Default -> hxxp://www.hohosearch.com/?mode=nnnb&ptid=amz&uid=CB75DF05542D4707119BC449A5FA9A4A&v=20160419&ts=AHEqAH4pAHYsAU.. CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=amz&uid=CB75DF05542D4707119BC449A5FA9A4A&v=20160419&ts=AHEqAH4pAHYsAU.." CHR DefaultSearchURL: Default -> hxxp://www.hohosearch.com/chrome.php?q={searchTerms}&ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=nnnb CHR DefaultSearchKeyword: Default -> hohosearch S2 BugreportW; C:\Program Files (x86)\hohobnd\gredity.exe [988904 2016-04-20] () S2 Lnspmekiingcachesrv; C:\Program Files (x86)\Lnspmekiing\Lnspmekiingcachesrv.exe [315616 2016-04-20] () C:\Windows\System32\Tasks\Lnspmekiing Cache C:\Users\Public\Documents\dmp C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 C:\Program Files (x86)\Lnspmekiing C:\Program Files (x86)\hohobnd hohosearch - Uninstall (HKLM-x32\...\Uninstall - amz) (Version: - ) Task: {B56F5EF0-7B18-4C68-8873-ACA0F0928EB0} - System32\Tasks\Lnspmekiing Cache => C:\Program Files (x86)\Lnspmekiing\Lnspmekiingcachetsk.exe [2016-04-20] () ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=scrp ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=scrp ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=scrp ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=scrp ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=scrp ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=scrp ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=scrp Excerpt of the Malwarebytes Anti-Malware log (full log available on request): Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/20/2016 Scan Time: 2:06 PM Logfile: mbamHohoSearch.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.04.20.03 Rootkit Database: v2016.04.17.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 364069 Time Elapsed: 9 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: (No malicious items detected) Modules: (No malicious items detected) Registry Keys: 8 PUP.Optional.YesSearches, HKU\S-1-5-18\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [b75c723f3861241288243c84a55de61a], PUP.Optional.YesSearches, HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [db38eac7c4d5ff37426a08b8a55d9d63], PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [47cc00b1613803330f6f2510808332ce], PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\hohosearchSoftware, Quarantined, [e72c9c152a6f8ea86d10e2538d76a55b], PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UNINSTALL - AMZ, Quarantined, [0f04535ef0a956e0ecb4acffd92b29d7], PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [dd367f3273261422166868cdf40fbb45], PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BugreportW, Quarantined, [32e16d446534f44228eb67457193b050], PUP.Optional.HohoSearch, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [b45fb8f95d3cc3731d5f5dd858abde22], Registry Values: 13 PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffsengext, Quarantined, [47cc00b1613803330f6f2510808332ce] PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffsengext, Quarantined, [4bc8813040596ec8dea01520768d3ac6] PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.hohosearch.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&q={searchTerms}&ts=AHEqAH4pAHYsAU..&v=20160419&mode=ffsengext, Quarantined, [69aa18996a2f90a689f5a491e2210df3] PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.hohosearch.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&ts=AHEqAH4pAHYsAU..&v=20160419&mode=ffexttoolbar&q=, Quarantined, [4cc7a70a0f8a30066f0f0a2b768de11f] PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Uninstall - amz|DisplayName, hohosearch - Uninstall, Quarantined, [0f04535ef0a956e0ecb4acffd92b29d7] PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffsengext, Quarantined, [dd367f3273261422166868cdf40fbb45] PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffsengext, Quarantined, [0b088f22a5f47cba9fdf0233be455ba5] PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.hohosearch.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&q={searchTerms}&ts=AHEqAH4pAHYsAU..&v=20160419&mode=ffsengext, Quarantined, [65ae0ba6742551e5b1cd62d331d2827e] PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.hohosearch.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&ts=AHEqAH4pAHYsAU..&v=20160419&mode=ffexttoolbar&q=, Quarantined, [f320cfe2c0d982b492ec9c99bb4833cd] PUP.Optional.HohoSearch, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffsengext, Quarantined, [b45fb8f95d3cc3731d5f5dd858abde22] PUP.Optional.HohoSearch, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffsengext, Quarantined, [aa699e132a6ffb3b15670134ee1533cd] PUP.Optional.HohoSearch, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.hohosearch.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&q={searchTerms}&ts=AHEqAH4pAHYsAU..&v=20160419&mode=ffsengext, Quarantined, [0112ffb2b6e33501245864d1fe055ba5] PUP.Optional.HohoSearch, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.hohosearch.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&ts=AHEqAH4pAHYsAU..&v=20160419&mode=ffexttoolbar&q=, Quarantined, [868d6a47dfba44f26a1275c0887b6a96] Registry Data: (No malicious items detected) Folders: 474 PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\dmp, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\dmp\CCeuter.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\dmp\gredity.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\dmp\hiqege.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\dmp\Lnspmekiingcachesrv.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\dmp\Lnspmekiingcachetsk.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\databases, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\data_reduction_proxy_leveldb, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\aohghmighlieiainnegkcijnfilokake, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\JumpListIcons, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\JumpListIconsOld, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Local Extension Settings, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Local Storage, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Session Storage, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Storage, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Storage\ext, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Storage\ext\chrome-signin, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Storage\ext\chrome-signin\def, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Applications, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Caps, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Crashpad, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Crashpad\reports, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\EVWhitelist, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\PepperFlash, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\pnacl, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\ShaderCache, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\SwiftShader, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\SwReporter, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\bookmarkbackups, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\crashes, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\crashes\events, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-02, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-03, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-04, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\gmp, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\gmp\WINNT_x86-msvc, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\healthreport, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\minidumps, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\saved-telemetry-pings, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionstore-backups, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\chrome, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\chrome\idb, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\chrome\idb\2918063365piupsah.files, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\moz-safe-about+home, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\moz-safe-about+home\idb, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\webapps, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], Files: 579 PUP.Optional.CrossAd.Gen, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, Quarantined, [fb189d14b6e349ed0e4937010ff42ed2], PUP.Optional.CrossAd.Gen, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, Quarantined, [4ec57d340f8a7bbb99bea98fb84b6898], PUP.Optional.YesSearches, C:\Program Files (x86)\hohobnd\gredity.exe, Quarantined, [32e16d446534f44228eb67457193b050], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\conf.json, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\CCeuter.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\FFeuter.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\hiqege.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\Uninst.exe, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Program Files (x86)\hohobnd\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [36dd2e831b7e1a1ca3498fdd23e212ee], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Secure Preferences, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\ChromeDWriteFontCache, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Cookies, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Cookies-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Current Session, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Current Tabs, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extension Cookies, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extension Cookies-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Favicons, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Favicons-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Google Profile.ico, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\History, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\History Provider Cache, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\History-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Last Session, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Last Tabs, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Login Data, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Login Data-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Network Action Predictor, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Network Action Predictor-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Network Persistent State, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Origin Bound Certs, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Origin Bound Certs-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Preferences, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\QuotaManager, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\QuotaManager-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\README, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Secure Preferencesgbak, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Shortcuts, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Shortcuts-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Top Sites, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Top Sites-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\TransportSecurity, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Visited Links, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Data, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Data-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Datagbak, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\databases\Databases.db, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\databases\Databases.db-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\data_reduction_proxy_leveldb\000003.log, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\data_reduction_proxy_leveldb\CURRENT, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\data_reduction_proxy_leveldb\LOCK, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\data_reduction_proxy_leveldb\LOG, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\data_reduction_proxy_leveldb\LOG.old, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\manifest.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\manifest.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1\manifest.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\manifest.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata\verified_contents.json, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\JumpListIcons\BF4B.tmp, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\JumpListIcons\BF4C.tmp, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\JumpListIconsOld\6A91.tmp, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\JumpListIconsOld\6A92.tmp, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Local Storage\https_www.youtube.com_0.localstorage, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Local Storage\https_www.youtube.com_0.localstorage-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Session Storage\000003.log, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Session Storage\CURRENT, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Session Storage\LOCK, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Session Storage\LOG, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Session Storage\LOG.old, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Session Storage\MANIFEST-000001, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\chrome_shutdown_ms.txt, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\First Run, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Local State, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Bloom, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Bloom Prefix Set, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Cookies, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Cookies-journal, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Csd Whitelist, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Download, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Download Whitelist, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Extension Blacklist, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Inclusion Whitelist, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing IP Blacklist, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing UwS List, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing UwS List Prefix Set, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Crashpad\metadata, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Crashpad\settings.dat, Quarantined, [20f36a476f2a0d291d9fe9838d785ca4], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml, Quarantined, [f320b2ff069315216952b3b9da2b7f81], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\DD1B66D4.xml, Quarantined, [848ff0c11089ff3704b73c30d62f857b], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\addons.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\blocklist.xml, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\cert8.db, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\compatibility.ini, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\content-prefs.sqlite, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\cookies.sqlite, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions.ini, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\healthreport.sqlite, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\key3.db, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\mimeTypes.rdf, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\parent.lock, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\permissions.sqlite, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\places.sqlite, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\pluginreg.dat, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\revocations.txt, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\search-metadata.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\secmod.db, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionCheckpoints.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionstore.js, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\SiteSecurityServiceState.txt, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\times.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\webappsstore.sqlite, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\xulstore.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\crashes\store.json.mozlz4, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\session-state.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\state.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\webapps\webapps.json, Quarantined, [f71cc5ec56436fc7edd43e2eb74efe02], PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.hohosearch.com/?ts=AHEqAH4pAHYsAU..&v=20160419&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=amz&mode=ffseng");), Replaced,[a96a436e5f3aee48b86a6607927339c7] PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (rt_size.first_run", false); user_pref("browser.cache.disk.smart_size.use_old_max", false); user_pref("browser.cache.frecency_experiment", 2); user_pref("browser.do), Replaced,[848ff5bcddbc9a9cd54d68052bda8c74] PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (hile the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user), Replaced,[9d76743d4d4c6dc980a27fee4bbab050] PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (nning, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.typeah), Replaced,[c3504e633366af8754ce5d10d92c04fc] PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: ( user_pref("app.update.lastUpdateTime.background-update-timer", 0); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 0); user_pref(), Replaced,[977c7b36a0f92d0953cf006d23e22ed2] PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: ( user_pref("extensions.autoDisableScopes", 10); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.bootstrappedAddons", "{\"@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924\":{\"versio), Replaced,[8d86694845540630ea38a8c5f80d2dd3] PUP.Optional.HohoSearch, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (la.nextupdatetime", "1461157003769"); user_pref("browser.search.countryCode", "NL"); user_pref("browser.search.defaultenginename", "hohosearch"); user_pref("bro), Replaced,[18fb129ffa9f77bfc35fd19ce61fc13f] Physical Sectors: (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is YesSearches? The Malwarebytes research team has determined that YesSearches is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements and creates a new FireFox profile. How do I know if my computer is affected by YesSearches? You may see this entry in your list of installed software: and this Start/Home-page in your browsers: this browser add-on in Firefox: this type of Scheduled Task: and you will see altered settings in Chrome and Firefox: and the browser shortcuts on your desktop and in your taskbar may have been altered: How did YesSearches get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove YesSearches? Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. Please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-version.exe and follow the prompts to install the program. At the end, be sure a check-mark is placed next to the following: Enable free trial of Malwarebytes Anti-Malware Premium Launch Malwarebytes Anti-Malware Then click Finish. If an update is found, you will be prompted to download and install the latest version. Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of YesSearches? No, Malwarebytes' Anti-Malware removes YesSearches completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. Look at the first reply to this topic to learn how you can go back to your old Firefox profile We advise you to look at our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes Anti-Malware help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the YesSearches hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: FF ProfilePath: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF NewTab: hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffseng FF DefaultSearchEngine: yessearches FF SelectedSearchEngine: yessearches FF Homepage: hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffseng FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-19] FF Extension: GsearchFinder - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-18] CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=obs&uid=CB75DF05542D4707119BC449A5FA9A4A&v=20160415&ts=AHEqAH0oBXYpBU.. CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=obs&uid=CB75DF05542D4707119BC449A5FA9A4A&v=20160415&ts=AHEqAH0oBXYpBU.." CHR DefaultSearchURL: Default -> hxxp://www.yessearches.com/chrome.php?q={searchTerms}&ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=nnnb CHR DefaultSearchKeyword: Default -> yessearches S2 BugreportW; C:\Program Files (x86)\yesbnd\mbat.exe [988176 2016-04-18] () S2 jjcscheduleservice; C:\Program Files (x86)\Jejochclipasp\jjcscheduleservice.exe [310768 2016-04-18] () C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 C:\Windows\System32\Tasks\Jejochclipasp Schedule C:\Users\Public\Documents\dmp C:\Program Files (x86)\yesbnd C:\Program Files (x86)\Jejochclipasp yessearches - Uninstall (HKLM-x32\...\Uninstall - obs) (Version: - ) <==== ATTENTION Task: {88210FD6-28C7-4AA9-BC2C-5E3154354AC9} - System32\Tasks\Jejochclipasp Schedule => C:\Program Files (x86)\Jejochclipasp\jjcscheduletask.exe [2016-04-18] () ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=scrp ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=scrp ShortcutWithArgument: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=scrp ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=scrp ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=scrp ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=scrp ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=scrp Excerpt of the Malwarebytes Anti-Malware log (full log available on request): Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/19/2016 Scan Time: 8:53 AM Logfile: mbamYesSearches.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.04.19.02 Rootkit Database: v2016.04.17.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 373439 Time Elapsed: 10 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: (No malicious items detected) Modules: (No malicious items detected) Registry Keys: 11 PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BugreportW, Quarantined, [f9b5327e5a3fa195f5acdf4b679b867a], PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\jjcscheduleservice, Quarantined, [802e0ea2f0a988aece78012b5fa3aa56], PUP.Optional.YesSearches, HKU\S-1-5-18\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [1c92347cb2e78caa30d9ab14c63cb44c], PUP.Optional.YesSearches, HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [1e90b5fb3b5e55e160a9843b89795aa6], PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{88210FD6-28C7-4AA9-BC2C-5E3154354AC9}, Delete-on-Reboot, [496527892f6af640def4ebbf18ec8d73], PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Jejochclipasp Schedule, Delete-on-Reboot, [8925565a801951e506cd4664689cb64a], PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [6d417a363960a0964303e652da295da3], PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\yessearchesSoftware, Quarantined, [723c2a86c7d27abc1cdaadea857f946c], PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UNINSTALL - OBS, Quarantined, [c4ea9719a8f1bd797d6b604971936a96], PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [e0ce9c146c2d81b520261c1c887b8e72], PUP.Optional.YesSearches, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [7836efc1dbbe290d4d9f8616798b1be5], Registry Values: 14 PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{88210FD6-28C7-4AA9-BC2C-5E3154354AC9}|Path, \Jejochclipasp Schedule, Delete-on-Reboot, [496527892f6af640def4ebbf18ec8d73] PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffsengext, Quarantined, [6d417a363960a0964303e652da295da3] PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffsengext, Quarantined, [d3dbeec255446bcb97af1127857e8878] PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&q={searchTerms}&ts=AHEqAH0oBXYpBU..&v=20160415&mode=ffsengext, Quarantined, [446a0ba5752457dfec5a1820d0338c74] PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&ts=AHEqAH0oBXYpBU..&v=20160415&mode=ffexttoolbar&q=, Quarantined, [a8060fa1efaa88ae0a3cbd7b55aecf31] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Uninstall - obs|DisplayName, yessearches - Uninstall, Quarantined, [c4ea9719a8f1bd797d6b604971936a96] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffsengext, Quarantined, [e0ce9c146c2d81b520261c1c887b8e72] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffsengext, Quarantined, [06a8723ec2d79a9c84c284b48c7706fa] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&q={searchTerms}&ts=AHEqAH0oBXYpBU..&v=20160415&mode=ffsengext, Quarantined, [9e10f8b8c6d30036e561d167e51eb54b] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&ts=AHEqAH0oBXYpBU..&v=20160415&mode=ffexttoolbar&q=, Quarantined, [0ba34d6314855fd72e18ce6a798aea16] PUP.Optional.YesSearches, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffsengext, Quarantined, [7836efc1dbbe290d4d9f8616798b1be5] PUP.Optional.YesSearches, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffsengext, Quarantined, [d7d7f2be8712290daf3d1a8232d20af6] PUP.Optional.YesSearches, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&q={searchTerms}&ts=AHEqAH0oBXYpBU..&v=20160415&mode=ffsengext, Quarantined, [9519f3bd4851a591ac40198318ecef11] PUP.Optional.YesSearches, HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&ts=AHEqAH0oBXYpBU..&v=20160415&mode=ffexttoolbar&q=, Quarantined, [535b00b0b7e280b624c8eeaef0146e92] Registry Data: (No malicious items detected) Folders: 476 PUP.Optional.YesSearches, C:\Program Files (x86)\Jejochclipasp, Quarantined, [604ed6da19807bbbce01b0faf50f21df], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br, Quarantined, [01ad5858c8d18aacf3b9b0810102e917], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\dmp, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\dmp\arogegh.exe, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\dmp\CCeuter.exe, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\dmp\jjcscheduleservice.exe, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\dmp\jjcscheduletask.exe, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\dmp\mbat.exe, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\databases, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\data_reduction_proxy_leveldb, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\aohghmighlieiainnegkcijnfilokake, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\_locales, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1\_locales, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\JumpListIcons, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\JumpListIconsOld, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Local Extension Settings, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Local Storage, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Session Storage, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Storage, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Storage\ext, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Storage\ext\chrome-signin, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Storage\ext\chrome-signin\def, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Applications, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Caps, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Crashpad, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Crashpad\reports, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\EVWhitelist, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\PepperFlash, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\pnacl, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\ShaderCache, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\SwiftShader, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\SwReporter, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\WidevineCDM, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], Files: 590 PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\mbat.exe, Quarantined, [f9b5327e5a3fa195f5acdf4b679b867a], PUP.Optional.YesSearches, C:\Program Files (x86)\Jejochclipasp\jjcscheduleservice.exe, Quarantined, [802e0ea2f0a988aece78012b5fa3aa56], PUP.Optional.YesSearches, C:\Program Files (x86)\Jejochclipasp\jjcscheduletask.exe, Quarantined, [49657937d2c72313e56160cc9b67e21e], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\arogegh.exe, Quarantined, [fdb1fdb34455c175f38ff22fae54ba46], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\CCeuter.exe, Quarantined, [8a24a10fe7b247efedb61911c14144bc], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\FFeuter.exe, Quarantined, [545ab6fabcdd48eecf8ece5b6d954cb4], PUP.Optional.CrossAd.Gen, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, Quarantined, [cee0218f0495b2847b1e40f620e335cb], PUP.Optional.CrossAd.Gen, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, Quarantined, [7935c4ec3a5ff93d66331422cd36f50b], PUP.Optional.YesSearches, C:\Program Files (x86)\Jejochclipasp\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [604ed6da19807bbbce01b0faf50f21df], PUP.Optional.YesSearches, C:\Windows\System32\Tasks\Jejochclipasp Schedule, Quarantined, [218d2b854b4e3402af218c1e9f65d22e], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\conf.json, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\Uninst.exe, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Program Files (x86)\yesbnd\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, Quarantined, [8c22fcb478217db9b1384c1efb0a6799], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Default\Secure Preferences, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\chrome_shutdown_ms.txt, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\First Run, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Local State, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Bloom, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Bloom Prefix Set, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Cookies, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Cookies-journal, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Csd Whitelist, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Download, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Download Whitelist, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Extension Blacklist, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing Inclusion Whitelist, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing IP Blacklist, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing UwS List, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Safe Browsing UwS List Prefix Set, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Crashpad\metadata, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108\Crashpad\settings.dat, Quarantined, [cce2ded2d7c268ce24071d4d23e223dd], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml, Quarantined, [dfcfc2ee3465bb7bd514a5c435d0d12f], PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffseng");), Replaced,[406e3977c7d2e84eff0dc9a2858016ea] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (_size.first_run", false); user_pref("browser.cache.disk.smart_size.use_old_max", false); user_pref("browser.cache.frecency_experiment", 2); user_pref("browser.downl), Replaced,[921c436d4a4f1b1b060694d7897c5ba5] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (hile the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_), Replaced,[b3fbd2dea1f81521a26a44270afb9b65] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (nning, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.typeahe), Replaced,[7638d4dc7f1a68ce957707646b9ad32d] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (user_pref("app.update.lastUpdateTime.background-update-timer", 0); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 0); user_pref("a), Replaced,[03ab9c143960280e0ffde18ab94c01ff] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: ( false); user_pref("extensions.autoDisableScopes", 10); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.bootstrappedAddons", "{\"@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924\":{\), Replaced,[317d258b6831b97dc14b5e0d5baa29d7] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (), Bad: (lla.nextupdatetime", "1461051229533"); user_pref("browser.search.countryCode", "NL"); user_pref("browser.search.defaultenginename", "yessearches"); user_pref("br), Replaced,[b7f70ca487124cea36d659129e6758a8] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://www.yessearches.com), Replaced,[e7c7822e0f8a9a9c9294b3b861a409f7] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5FA9A4A&ptid=obs&mode=ffseng");), Replaced,[3a740ca4c4d5280ee3293c2f63a2a759] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Good: (), Bad: (ser_pref("browser.migration.version", 36); user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEqAH0oBXYpBU..&v=20160415&uid=CB75DF05542D4707119BC449A5F), Replaced,[149a3779fb9eb4829d6f34378580a060] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Good: (), Bad: (hile the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_), Replaced,[4e608030f0a99a9c7894afbc24e18a76] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Good: (), Bad: (nning, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.typeahe), Replaced,[05a9763a5f3a95a16aa2f67561a4ca36] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Good: (), Bad: (ref("app.update.lastUpdateTime.xpi-signature-verification", ); user_pref("browser.bookmarks.restore_default_bookmarks", false); user_pref("browser.cache.di), Replaced,[4d614f61712840f6fd0fe9820df8b050] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://www.yessearches.com), Replaced,[7c32dad6d6c377bf28fea5c65ca9b947] PUP.Optional.YesSearches, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\DD1B66D4.xml, Quarantined, [5658e5cbfa9fdb5b50a6aabfcf3614ec], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\addons.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\blocklist.xml, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\cert8.db, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\compatibility.ini, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\content-prefs.sqlite, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\cookies.sqlite, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions.ini, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\healthreport.sqlite, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\key3.db, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\mimeTypes.rdf, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\parent.lock, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\permissions.sqlite, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\places.sqlite, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\pluginreg.dat, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\revocations.txt, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\search-metadata.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\secmod.db, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionCheckpoints.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionstore.js, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\SiteSecurityServiceState.txt, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\times.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\webappsstore.sqlite, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\xulstore.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\crashes\store.json.mozlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\session-state.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\state.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-02\1455099301593.ebc67212-de21-415b-80c8-c736883d8e4e.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-02\1455100734479.96decdd8-f399-4448-8278-35ddb847a58f.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-02\1455731655465.2657f7c7-8555-4b6b-95ac-c8acb7e016ce.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-02\1455797845926.4adefa72-6256-43e8-be60-61b5839b9929.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-02\1456392969084.f1e20e54-f1da-4d60-9107-808aba3adbd6.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-03\1458544859095.ea2f30b8-fc4c-4495-ae05-ef17beded10d.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-04\1459501120814.70c5fcc6-b7f9-4562-b421-1425a5be66c5.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-04\1459501170114.edb3333b-e1d0-47e5-b57a-1ca4227fe697.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-04\1459762965948.122d3735-3c6f-4d37-95d2-5b20b797f4b2.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\datareporting\archived\2016-04\1460360748645.fb95965f-81a9-4d3d-8a6c-ace1159da0ac.main.jsonlz4, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\saved-telemetry-pings\122d3735-3c6f-4d37-95d2-5b20b797f4b2, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\saved-telemetry-pings\70c5fcc6-b7f9-4562-b421-1425a5be66c5, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\saved-telemetry-pings\edb3333b-e1d0-47e5-b57a-1ca4227fe697, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\saved-telemetry-pings\fb95965f-81a9-4d3d-8a6c-ace1159da0ac, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionstore-backups\previous.js, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionstore-backups\recovery.bak, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionstore-backups\recovery.js, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionstore-backups\upgrade.js-20160123151951, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\sessionstore-backups\upgrade.js-20160315153207, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\chrome\.metadata, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\chrome\idb\2918063365piupsah.sqlite, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\moz-safe-about+home\.metadata, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], PUP.Optional.FakeFFProfile, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\webapps\webapps.json, Quarantined, [6b437d33a3f66dc9ae1587e371942ad6], Physical Sectors: (No malicious items detected) (end) As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.