Jump to content

Search the Community

Showing results for tags 'pup.optional.mindspark'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 44 results

  1. What is CouponXplorer?The Malwarebytes research team has determined that CouponXplorer is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.CouponXplorer is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by CouponXplorer?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did CouponXplorer get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove CouponXplorer?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of CouponXplorer? No, Malwarebytes' Anti-Malware removes CouponXplorer completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the CouponXplorer hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to their domain: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/couponxplorer/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _5zMembers_@www.couponxplorer.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _5zMembers_@www.couponxplorer.com FF Extension: (CouponXplorer) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_5zMembers_@www.couponxplorer.com.xpi [2019-10-10] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=208153579&version=8.914.15.58963&track=TTAB02&trackRevision=1&fromId=_5zMembers_%40www.couponxplorer.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://dojnbkkcoflcddheladlfifebaieikap/ntp1.html" CHR Extension: (CouponXplorer) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap [2019-10-10] C:\Users\{username}\AppData\Local\CouponXplorerTooltab CouponXplorer Internet Explorer Homepage and New Tab (HKCU\...\CouponXplorerTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\CouponXplorerTooltab Adds the file TooltabExtension.dll"="3/6/2019 4:25 PM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0 Adds the file manifest.json"="10/10/2019 8:49 AM, 2631 bytes, A Adds the file ntp1.html"="9/19/2019 11:38 AM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_metadata Adds the file computed_hashes.json"="10/10/2019 8:49 AM, 5504 bytes, A Adds the file verified_contents.json"="9/19/2019 11:38 AM, 7027 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\config Adds the file config.json"="9/19/2019 11:38 AM, 1433 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\icons Adds the file icon128.png"="10/10/2019 8:49 AM, 13717 bytes, A Adds the file icon16.png"="9/19/2019 11:38 AM, 1711 bytes, A Adds the file icon19disabled.png"="9/19/2019 11:38 AM, 1703 bytes, A Adds the file icon19on.png"="10/10/2019 8:49 AM, 860 bytes, A Adds the file icon48.png"="10/10/2019 8:49 AM, 4192 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js Adds the file ajax.js"="9/19/2019 11:38 AM, 3263 bytes, A Adds the file babAPI.js"="9/19/2019 11:38 AM, 5703 bytes, A Adds the file babClickHandler.js"="9/19/2019 11:38 AM, 11430 bytes, A Adds the file babContentScript.js"="9/19/2019 11:38 AM, 3749 bytes, A Adds the file babContentScriptAPI.js"="9/19/2019 11:38 AM, 9842 bytes, A Adds the file background.js"="9/19/2019 11:38 AM, 18106 bytes, A Adds the file browserUtils.js"="9/19/2019 11:38 AM, 1536 bytes, A Adds the file chrome.js"="9/19/2019 11:38 AM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="9/19/2019 11:38 AM, 22964 bytes, A Adds the file dateTimeUtils.js"="9/19/2019 11:38 AM, 1213 bytes, A Adds the file dlp.js"="9/19/2019 11:38 AM, 5783 bytes, A Adds the file dlpHelper.js"="9/19/2019 11:38 AM, 1835 bytes, A Adds the file extensionDetect.js"="9/19/2019 11:38 AM, 4354 bytes, A Adds the file index.js"="9/19/2019 11:38 AM, 49 bytes, A Adds the file localStorageContentScript.js"="9/19/2019 11:38 AM, 2236 bytes, A Adds the file logger.js"="9/19/2019 11:38 AM, 531 bytes, A Adds the file meta.js"="9/19/2019 11:38 AM, 1610 bytes, A Adds the file offerService.js"="9/19/2019 11:38 AM, 16953 bytes, A Adds the file pageUtils.js"="9/19/2019 11:38 AM, 2905 bytes, A Adds the file PartnerId.js"="9/19/2019 11:38 AM, 16402 bytes, A Adds the file polyfill.js"="9/19/2019 11:38 AM, 875 bytes, A Adds the file product.js"="9/19/2019 11:38 AM, 7830 bytes, A Adds the file remoteConfigLoader.js"="9/19/2019 11:38 AM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="9/19/2019 11:38 AM, 2821 bytes, A Adds the file storageUtils.js"="9/19/2019 11:38 AM, 1718 bytes, A Adds the file TemplateParser.js"="9/19/2019 11:38 AM, 3153 bytes, A Adds the file ul.js"="9/19/2019 11:38 AM, 3969 bytes, A Adds the file urlFragmentActions.js"="9/19/2019 11:38 AM, 2453 bytes, A Adds the file urlUtils.js"="9/19/2019 11:38 AM, 5906 bytes, A Adds the file util.js"="9/19/2019 11:38 AM, 2779 bytes, A Adds the file webtooltabAPI.js"="9/19/2019 11:38 AM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="9/19/2019 11:38 AM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dojnbkkcoflcddheladlfifebaieikap Adds the file 000003.log"="10/10/2019 8:49 AM, 4628 bytes, A Adds the file CURRENT"="10/10/2019 8:49 AM, 16 bytes, A Adds the file LOCK"="10/10/2019 8:49 AM, 0 bytes, A Adds the file LOG"="10/10/2019 8:49 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/10/2019 8:49 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _5zMembers_@www.couponxplorer.com.xpi"="10/10/2019 8:47 AM, 92649 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\CouponXplorer] "Start Page"="REG_SZ", "http://hp.myway.com/couponxplorer/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c={ptb}&ptb={p2}" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "dojnbkkcoflcddheladlfifebaieikap"="REG_SZ", "544A392FEF14652C90DF68F1DFC1DA195A97A699C4C389FBB6D03511152181EE" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/couponxplorer/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CouponXplorerTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "CouponXplorer Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\CouponXplorerTooltab\TooltabExtension.dll" U uninstall:CouponXplorer" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/10/19 Scan Time: 9:00 AM Log File: b273a816-eb2b-11e9-b853-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12837 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234352 Threats Detected: 86 Threats Quarantined: 86 Time Elapsed: 8 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\CouponXplorerTooltab\TooltabExtension.dll, Quarantined, [1782], [356944],1.0.12837 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CouponXplorerTooltab Uninstall Internet Explorer, Quarantined, [1782], [356944],1.0.12837 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\CouponXplorer, Quarantined, [1782], [444113],1.0.12837 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CouponXplorerTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [655], [352442],1.0.12837 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\CouponXplorer|START PAGE, Quarantined, [1782], [444113],1.0.12837 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|dojnbkkcoflcddheladlfifebaieikap, Quarantined, [1782], [443121],1.0.12837 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [655], [293497],1.0.12837 Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\CouponXplorerTooltab, Quarantined, [1782], [356944],1.0.12837 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\dojnbkkcoflcddheladlfifebaieikap, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\es_419, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\pt_BR, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\pt_PT, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\de, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\en, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\es, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\fr, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\it, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\ja, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_metadata, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\config, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\icons, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DOJNBKKCOFLCDDHELADLFIFEBAIEIKAP, Quarantined, [1782], [443121],1.0.12837 File: 61 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\CouponXplorerTooltab\TooltabExtension.dll, Quarantined, [1782], [356944],1.0.12837 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_5zMembers_@www.couponxplorer.com.xpi, Quarantined, [1782], [457930],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dojnbkkcoflcddheladlfifebaieikap\000003.log, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dojnbkkcoflcddheladlfifebaieikap\CURRENT, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dojnbkkcoflcddheladlfifebaieikap\LOCK, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dojnbkkcoflcddheladlfifebaieikap\LOG, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dojnbkkcoflcddheladlfifebaieikap\MANIFEST-000001, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DOJNBKKCOFLCDDHELADLFIFEBAIEIKAP\13.909.16.23352_0\MANIFEST.JSON, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\config\config.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\icons\icon128.png, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\icons\icon16.png, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\icons\icon19disabled.png, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\icons\icon19on.png, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\icons\icon48.png, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\localStorageContentScript.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\ajax.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\babAPI.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\babClickHandler.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\babContentScript.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\babContentScriptAPI.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\background.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\browserUtils.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\chrome.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\contentScriptConnectionManager.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\dateTimeUtils.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\dlp.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\dlpHelper.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\extensionDetect.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\index.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\logger.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\meta.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\offerService.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\pageUtils.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\PartnerId.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\polyfill.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\product.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\remoteConfigLoader.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\splashPageRedirectHandler.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\storageUtils.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\TemplateParser.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\ul.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\urlFragmentActions.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\urlUtils.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\util.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\webtooltabAPI.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\js\webTooltabAPIProxy.js, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\de\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\en\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\es\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\es_419\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\fr\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\it\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\ja\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\pt_BR\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_locales\pt_PT\messages.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_metadata\computed_hashes.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\_metadata\verified_contents.json, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dojnbkkcoflcddheladlfifebaieikap\13.909.16.23352_0\ntp1.html, Quarantined, [1782], [443121],1.0.12837 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\COUPONXPLORER.EXE, Quarantined, [655], [365288],1.0.12837 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is QuickPDFMerger?The Malwarebytes research team has determined that QuickPDFMerger is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.QuickPDFMerger is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by QuickPDFMerger?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did QuickPDFMerger get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove QuickPDFMerger?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of QuickPDFMerger? No, Malwarebytes' Anti-Malware removes QuickPDFMerger completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the QuickPDFMerger hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and both Malwarebytes Premium and Malwarebytes Browser Guard block traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/quickpdfmerger/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _koMembers_@www.quickpdfmerger.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _koMembers_@www.quickpdfmerger.com FF Extension: (QuickPDFMerger) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_koMembers_@www.quickpdfmerger.com.xpi [2019-10-03] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=234782342&version=8.914.16.18334&track=TTAB02&trackRevision=1&fromId=_koMembers_%40www.quickpdfmerger.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://ngamdaobhhgfhjakfmgggafaochpccmc/ntp1.html" CHR Extension: (QuickPDFMerger) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc [2019-10-03] C:\Users\{username}\AppData\Local\QuickPDFMergerTooltab QuickPDFMerger Internet Explorer Homepage and New Tab (HKCU\...\QuickPDFMergerTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0 Adds the file manifest.json"="10/3/2019 9:16 AM, 2636 bytes, A Adds the file ntp1.html"="9/19/2019 7:09 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_metadata Adds the file computed_hashes.json"="10/3/2019 9:16 AM, 5504 bytes, A Adds the file verified_contents.json"="9/19/2019 7:09 PM, 7407 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\config Adds the file config.json"="9/19/2019 7:09 PM, 1515 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\icons Adds the file icon128.png"="10/3/2019 9:16 AM, 3739 bytes, A Adds the file icon16.png"="9/19/2019 7:09 PM, 857 bytes, A Adds the file icon19disabled.png"="9/19/2019 7:09 PM, 837 bytes, A Adds the file icon19on.png"="10/3/2019 9:16 AM, 592 bytes, A Adds the file icon48.png"="10/3/2019 9:16 AM, 1641 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js Adds the file ajax.js"="9/19/2019 7:09 PM, 3263 bytes, A Adds the file babAPI.js"="9/19/2019 7:09 PM, 5703 bytes, A Adds the file babClickHandler.js"="9/19/2019 7:09 PM, 11430 bytes, A Adds the file babContentScript.js"="9/19/2019 7:09 PM, 3749 bytes, A Adds the file babContentScriptAPI.js"="9/19/2019 7:09 PM, 9842 bytes, A Adds the file background.js"="9/19/2019 7:09 PM, 18106 bytes, A Adds the file browserUtils.js"="9/19/2019 7:09 PM, 1536 bytes, A Adds the file chrome.js"="9/19/2019 7:09 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="9/19/2019 7:09 PM, 22964 bytes, A Adds the file dateTimeUtils.js"="9/19/2019 7:09 PM, 1213 bytes, A Adds the file dlp.js"="9/19/2019 7:09 PM, 5783 bytes, A Adds the file dlpHelper.js"="9/19/2019 7:09 PM, 1835 bytes, A Adds the file extensionDetect.js"="9/19/2019 7:09 PM, 4354 bytes, A Adds the file index.js"="9/19/2019 7:09 PM, 49 bytes, A Adds the file localStorageContentScript.js"="9/19/2019 7:09 PM, 2236 bytes, A Adds the file logger.js"="9/19/2019 7:09 PM, 531 bytes, A Adds the file meta.js"="9/19/2019 7:09 PM, 1610 bytes, A Adds the file offerService.js"="9/19/2019 7:09 PM, 16953 bytes, A Adds the file pageUtils.js"="9/19/2019 7:09 PM, 2905 bytes, A Adds the file PartnerId.js"="9/19/2019 7:09 PM, 16402 bytes, A Adds the file polyfill.js"="9/19/2019 7:09 PM, 875 bytes, A Adds the file product.js"="9/19/2019 7:09 PM, 7830 bytes, A Adds the file remoteConfigLoader.js"="9/19/2019 7:09 PM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="9/19/2019 7:09 PM, 2821 bytes, A Adds the file storageUtils.js"="9/19/2019 7:09 PM, 1718 bytes, A Adds the file TemplateParser.js"="9/19/2019 7:09 PM, 3153 bytes, A Adds the file ul.js"="9/19/2019 7:09 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="9/19/2019 7:09 PM, 2453 bytes, A Adds the file urlUtils.js"="9/19/2019 7:09 PM, 5906 bytes, A Adds the file util.js"="9/19/2019 7:09 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="9/19/2019 7:09 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="9/19/2019 7:09 PM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngamdaobhhgfhjakfmgggafaochpccmc Adds the file 000003.log"="10/3/2019 9:16 AM, 4306 bytes, A Adds the file CURRENT"="10/3/2019 9:16 AM, 16 bytes, A Adds the file LOCK"="10/3/2019 9:16 AM, 0 bytes, A Adds the file LOG"="10/3/2019 9:16 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/3/2019 9:16 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\QuickPDFMergerTooltab Adds the file TooltabExtension.dll"="8/30/2019 8:40 PM, 266864 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _koMembers_@www.quickpdfmerger.com.xpi"="10/3/2019 9:13 AM, 77484 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ngamdaobhhgfhjakfmgggafaochpccmc"="REG_SZ", "BC44404CB348ADA80391A22578395C59491F0670D0D53F66E2F4812AC277BAF5" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/quickpdfmerger/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\QuickPDFMergerTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "QuickPDFMerger Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\QuickPDFMergerTooltab\TooltabExtension.dll" U uninstall:QuickPDFMerger" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\QuickPDFMerger] "Start Page"="REG_SZ", "http://hp.myway.com/quickpdfmerger/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=https%3A%2F%2Fhp.myway.com%2Fuo%2Fo1%2Findex.html%3Fc%3D{ptb}%26ptb%3D{p2}" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/3/19 Scan Time: 9:27 AM Log File: 3e159906-e5af-11e9-85ce-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12749 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234774 Threats Detected: 93 Threats Quarantined: 93 Time Elapsed: 9 min, 55 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\QuickPDFMergerTooltab\TooltabExtension.dll, Quarantined, [1782], [356944],1.0.12749 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QuickPDFMergerTooltab Uninstall Internet Explorer, Quarantined, [1782], [356944],1.0.12749 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\QuickPDFMerger, Quarantined, [1782], [444113],1.0.12749 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QuickPDFMergerTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [653], [352442],1.0.12749 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\QuickPDFMerger|START PAGE, Quarantined, [1782], [444113],1.0.12749 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ngamdaobhhgfhjakfmgggafaochpccmc, Quarantined, [1782], [443121],1.0.12749 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [653], [293497],1.0.12749 Data Stream: 0 (No malicious items detected) Folder: 21 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\QuickPDFMergerTooltab, Quarantined, [1782], [356944],1.0.12749 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ngamdaobhhgfhjakfmgggafaochpccmc, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\es_419, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\pt_BR, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\pt_PT, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\ar, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\de, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\en, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\es, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\fr, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\it, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\ja, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\ko, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\nl, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_metadata, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\config, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\icons, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGAMDAOBHHGFHJAKFMGGGAFAOCHPCCMC, Quarantined, [1782], [443121],1.0.12749 File: 65 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\QuickPDFMergerTooltab\TooltabExtension.dll, Quarantined, [1782], [356944],1.0.12749 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_koMembers_@www.quickpdfmerger.com.xpi, Quarantined, [1782], [457930],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngamdaobhhgfhjakfmgggafaochpccmc\000003.log, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngamdaobhhgfhjakfmgggafaochpccmc\CURRENT, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngamdaobhhgfhjakfmgggafaochpccmc\LOCK, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngamdaobhhgfhjakfmgggafaochpccmc\LOG, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ngamdaobhhgfhjakfmgggafaochpccmc\MANIFEST-000001, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGAMDAOBHHGFHJAKFMGGGAFAOCHPCCMC\13.909.16.25464_0\MANIFEST.JSON, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\config\config.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\icons\icon128.png, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\icons\icon16.png, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\icons\icon19disabled.png, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\icons\icon19on.png, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\icons\icon48.png, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\localStorageContentScript.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\ajax.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\babAPI.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\babClickHandler.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\babContentScript.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\babContentScriptAPI.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\background.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\browserUtils.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\chrome.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\contentScriptConnectionManager.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\dateTimeUtils.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\dlp.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\dlpHelper.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\extensionDetect.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\index.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\logger.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\meta.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\offerService.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\pageUtils.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\PartnerId.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\polyfill.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\product.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\remoteConfigLoader.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\splashPageRedirectHandler.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\storageUtils.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\TemplateParser.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\ul.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\urlFragmentActions.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\urlUtils.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\util.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\webtooltabAPI.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\js\webTooltabAPIProxy.js, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\ar\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\de\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\en\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\es\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\es_419\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\fr\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\it\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\ja\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\ko\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\nl\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\pt_BR\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_locales\pt_PT\messages.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_metadata\computed_hashes.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\_metadata\verified_contents.json, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngamdaobhhgfhjakfmgggafaochpccmc\13.909.16.25464_0\ntp1.html, Quarantined, [1782], [443121],1.0.12749 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\QUICKPDFMERGER.EXE, Quarantined, [653], [365288],1.0.12749 PUP.Optional.MindSpark, C:\USERS\{username}\DOWNLOADS\QUICKPDFMERGER.4BD97D4C21924762997C6D91167653DA.EXE, Quarantined, [653], [365288],1.0.12749 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is CinematicFanatic?The Malwarebytes research team has determined that CinematicFanatic is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.CinematicFanatic is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by CinematicFanatic?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:this icon in the menubar of affected browsers:and this new homepage in the affected browsers:How did CinematicFanatic get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove CinematicFanatic?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of CinematicFanatic? No, Malwarebytes' Anti-Malware removes CinematicFanatic completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the CinematicFanatic hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/cinematicfanatic/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _i9Members_@free.cinematicfanatic.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _i9Members_@free.cinematicfanatic.com FF Extension: (CinematicFanatic) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_i9Members_@free.cinematicfanatic.com.xpi [2019-09-20] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=230708697&version=8.914.16.6962&track=TTAB02&trackRevision=1&fromId=_i9Members_%40free.cinematicfanatic.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://gnkmabogpoolndcfgdpifkclkadaloak/ntp.html" CHR Extension: (CinematicFanatic) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak [2019-09-20] C:\Users\{username}\AppData\Local\CinematicFanaticTooltab CinematicFanatic Internet Explorer Homepage and New Tab (HKCU\...\CinematicFanaticTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\CinematicFanaticTooltab Adds the file TooltabExtension.dll"="8/7/2019 10:19 PM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0 Adds the file manifest.json"="9/20/2019 10:37 AM, 2659 bytes, A Adds the file ntp.html"="7/3/2019 10:17 AM, 1423 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\_locales\en Adds the file messages.json"="9/20/2019 10:37 AM, 258 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\_metadata Adds the file computed_hashes.json"="9/20/2019 10:37 AM, 5503 bytes, A Adds the file verified_contents.json"="7/3/2019 10:17 AM, 5999 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\config Adds the file config.json"="7/3/2019 10:17 AM, 1574 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js Adds the file ajax.js"="7/3/2019 10:17 AM, 3263 bytes, A Adds the file babAPI.js"="7/3/2019 10:17 AM, 5703 bytes, A Adds the file babClickHandler.js"="7/3/2019 10:17 AM, 11430 bytes, A Adds the file babContentScript.js"="7/3/2019 10:17 AM, 3749 bytes, A Adds the file babContentScriptAPI.js"="7/3/2019 10:17 AM, 9842 bytes, A Adds the file background.js"="7/3/2019 10:17 AM, 18011 bytes, A Adds the file browserUtils.js"="7/3/2019 10:17 AM, 1536 bytes, A Adds the file chrome.js"="7/3/2019 10:17 AM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="7/3/2019 10:17 AM, 22629 bytes, A Adds the file dateTimeUtils.js"="7/3/2019 10:17 AM, 1213 bytes, A Adds the file dlp.js"="7/3/2019 10:17 AM, 5783 bytes, A Adds the file dlpHelper.js"="7/3/2019 10:17 AM, 1835 bytes, A Adds the file extensionDetect.js"="7/3/2019 10:17 AM, 4354 bytes, A Adds the file index.js"="7/3/2019 10:17 AM, 49 bytes, A Adds the file localStorageContentScript.js"="7/3/2019 10:17 AM, 2236 bytes, A Adds the file logger.js"="7/3/2019 10:17 AM, 531 bytes, A Adds the file meta.js"="7/3/2019 10:17 AM, 1631 bytes, A Adds the file offerService.js"="7/3/2019 10:17 AM, 16953 bytes, A Adds the file pageUtils.js"="7/3/2019 10:17 AM, 3154 bytes, A Adds the file PartnerId.js"="7/3/2019 10:17 AM, 16402 bytes, A Adds the file polyfill.js"="7/3/2019 10:17 AM, 875 bytes, A Adds the file product.js"="7/3/2019 10:17 AM, 7837 bytes, A Adds the file remoteConfigLoader.js"="7/3/2019 10:17 AM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="7/3/2019 10:17 AM, 2821 bytes, A Adds the file storageUtils.js"="7/3/2019 10:17 AM, 1718 bytes, A Adds the file TemplateParser.js"="7/3/2019 10:17 AM, 3153 bytes, A Adds the file ul.js"="7/3/2019 10:17 AM, 3969 bytes, A Adds the file urlFragmentActions.js"="7/3/2019 10:17 AM, 2450 bytes, A Adds the file urlUtils.js"="7/3/2019 10:17 AM, 5906 bytes, A Adds the file util.js"="7/3/2019 10:17 AM, 2779 bytes, A Adds the file webtooltabAPI.js"="7/3/2019 10:17 AM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="7/3/2019 10:17 AM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gnkmabogpoolndcfgdpifkclkadaloak Adds the file 000003.log"="9/20/2019 10:37 AM, 4512 bytes, A Adds the file CURRENT"="9/20/2019 10:37 AM, 16 bytes, A Adds the file LOCK"="9/20/2019 10:37 AM, 0 bytes, A Adds the file LOG"="9/20/2019 10:37 AM, 185 bytes, A Adds the file MANIFEST-000001"="9/20/2019 10:37 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _i9Members_@free.cinematicfanatic.com.xpi"="9/20/2019 10:41 AM, 94715 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\CinematicFanatic] "Start Page"="REG_SZ", "http://hp.myway.com/cinematicfanatic/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c={ptb}&ptb={p2}" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "gnkmabogpoolndcfgdpifkclkadaloak"="REG_SZ", "E4DEF626C7099A555C6ED1EAC7FCB19196FBBE83EB172E4CD97F87D8D6B6AFFF" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/cinematicfanatic/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CinematicFanaticTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "CinematicFanatic Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\CinematicFanaticTooltab\TooltabExtension.dll" U uninstall:CinematicFanatic" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/20/19 Scan Time: 11:07 AM Log File: 1de7ed1a-db86-11e9-87eb-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12571 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235748 Threats Detected: 71 Threats Quarantined: 71 Time Elapsed: 11 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\CinematicFanaticTooltab\TooltabExtension.dll, Quarantined, [1779], [356944],1.0.12571 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CinematicFanaticTooltab Uninstall Internet Explorer, Quarantined, [1779], [356944],1.0.12571 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\CinematicFanatic, Quarantined, [1779], [444113],1.0.12571 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CinematicFanaticTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [650], [352442],1.0.12571 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\CinematicFanatic|START PAGE, Quarantined, [1779], [444113],1.0.12571 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gnkmabogpoolndcfgdpifkclkadaloak, Quarantined, [1779], [443121],1.0.12571 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [650], [293497],1.0.12571 Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\CinematicFanaticTooltab, Quarantined, [1779], [356944],1.0.12571 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\gnkmabogpoolndcfgdpifkclkadaloak, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\_locales\en, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\_metadata, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\_locales, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\config, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\icons, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GNKMABOGPOOLNDCFGDPIFKCLKADALOAK, Quarantined, [1779], [443121],1.0.12571 File: 54 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\CinematicFanaticTooltab\TooltabExtension.dll, Quarantined, [1779], [356944],1.0.12571 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_i9Members_@free.cinematicfanatic.com.xpi, Quarantined, [1779], [457930],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gnkmabogpoolndcfgdpifkclkadaloak\000003.log, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gnkmabogpoolndcfgdpifkclkadaloak\CURRENT, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gnkmabogpoolndcfgdpifkclkadaloak\LOCK, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gnkmabogpoolndcfgdpifkclkadaloak\LOG, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gnkmabogpoolndcfgdpifkclkadaloak\MANIFEST-000001, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GNKMABOGPOOLNDCFGDPIFKCLKADALOAK\13.882.15.56001_0\MANIFEST.JSON, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\config\config.json, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\icons\icon128.png, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\icons\icon16.png, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\icons\icon19disabled.png, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\icons\icon19on.png, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\icons\icon48.png, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\localStorageContentScript.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\ajax.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\babAPI.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\babClickHandler.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\babContentScript.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\babContentScriptAPI.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\background.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\browserUtils.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\chrome.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\contentScriptConnectionManager.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\dateTimeUtils.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\dlp.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\dlpHelper.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\extensionDetect.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\index.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\logger.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\meta.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\offerService.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\pageUtils.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\PartnerId.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\polyfill.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\product.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\remoteConfigLoader.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\splashPageRedirectHandler.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\storageUtils.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\TemplateParser.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\ul.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\urlFragmentActions.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\urlUtils.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\util.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\webtooltabAPI.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\js\webTooltabAPIProxy.js, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\_locales\en\messages.json, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\_metadata\computed_hashes.json, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\_metadata\verified_contents.json, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnkmabogpoolndcfgdpifkclkadaloak\13.882.15.56001_0\ntp.html, Quarantined, [1779], [443121],1.0.12571 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\CINEMATICFANATIC.EXE, Quarantined, [650], [365288],1.0.12571 PUP.Optional.MindSpark, C:\USERS\{username}\DOWNLOADS\CINEMATICFANATIC.85F6F6FAD0EE4BED8FDE821A75B01431.EXE, Quarantined, [650], [365288],1.0.12571 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is MergeDocsNow?The Malwarebytes research team has determined that MergeDocsNow is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.MergeDocsNow is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by MergeDocsNow?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did MergeDocsNow get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove MergeDocsNow?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MergeDocsNow? No, Malwarebytes' Anti-Malware removes MergeDocsNow completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the MergeDocsNow hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/mergedocsnow/ttab02/index.html?n={n1}&p2={p2}&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _hxMembers_@free.mergedocsnow.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _hxMembers_@free.mergedocsnow.com FF Extension: (MergeDocsNow) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_hxMembers_@free.mergedocsnow.com.xpi [2019-08-15] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=230578682&version=8.914.15.59070&track=TTAB02&trackRevision=1&fromId=_hxMembers_%40free.mergedocsnow.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://picpadgnaiehfpanhlnlejeelgohjpid/ntp.html" CHR Extension: (MergeDocsNow) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid [2019-08-15] C:\Users\{username}\AppData\Local\MergeDocsNowTooltab MergeDocsNow Internet Explorer Homepage and New Tab (HKCU\...\MergeDocsNowTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0 Adds the file manifest.json"="8/15/2019 9:19 AM, 2639 bytes, A Adds the file ntp.html"="6/6/2019 6:15 PM, 1423 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\_locales\en Adds the file messages.json"="8/15/2019 9:19 AM, 199 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\_metadata Adds the file computed_hashes.json"="8/15/2019 9:19 AM, 5503 bytes, A Adds the file verified_contents.json"="6/6/2019 6:15 PM, 5999 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\config Adds the file config.json"="6/6/2019 6:15 PM, 1483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\icons Adds the file icon128.png"="8/15/2019 9:19 AM, 11686 bytes, A Adds the file icon16.png"="6/6/2019 6:15 PM, 1466 bytes, A Adds the file icon19disabled.png"="6/6/2019 6:15 PM, 1441 bytes, A Adds the file icon19on.png"="8/15/2019 9:19 AM, 664 bytes, A Adds the file icon48.png"="8/15/2019 9:19 AM, 2844 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js Adds the file ajax.js"="6/6/2019 6:15 PM, 3263 bytes, A Adds the file babAPI.js"="6/6/2019 6:15 PM, 5703 bytes, A Adds the file babClickHandler.js"="6/6/2019 6:15 PM, 11430 bytes, A Adds the file babContentScript.js"="6/6/2019 6:15 PM, 3749 bytes, A Adds the file babContentScriptAPI.js"="6/6/2019 6:15 PM, 9842 bytes, A Adds the file background.js"="6/6/2019 6:15 PM, 18011 bytes, A Adds the file browserUtils.js"="6/6/2019 6:15 PM, 1536 bytes, A Adds the file chrome.js"="6/6/2019 6:15 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/6/2019 6:15 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="6/6/2019 6:15 PM, 1213 bytes, A Adds the file dlp.js"="6/6/2019 6:15 PM, 5783 bytes, A Adds the file dlpHelper.js"="6/6/2019 6:15 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/6/2019 6:15 PM, 4354 bytes, A Adds the file index.js"="6/6/2019 6:15 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/6/2019 6:15 PM, 2236 bytes, A Adds the file logger.js"="6/6/2019 6:15 PM, 531 bytes, A Adds the file meta.js"="6/6/2019 6:15 PM, 1631 bytes, A Adds the file offerService.js"="6/6/2019 6:15 PM, 16953 bytes, A Adds the file pageUtils.js"="6/6/2019 6:15 PM, 3154 bytes, A Adds the file PartnerId.js"="6/6/2019 6:15 PM, 16402 bytes, A Adds the file polyfill.js"="6/6/2019 6:15 PM, 875 bytes, A Adds the file product.js"="6/6/2019 6:15 PM, 7837 bytes, A Adds the file remoteConfigLoader.js"="6/6/2019 6:15 PM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="6/6/2019 6:15 PM, 2821 bytes, A Adds the file storageUtils.js"="6/6/2019 6:15 PM, 1718 bytes, A Adds the file TemplateParser.js"="6/6/2019 6:15 PM, 3153 bytes, A Adds the file ul.js"="6/6/2019 6:15 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="6/6/2019 6:15 PM, 2450 bytes, A Adds the file urlUtils.js"="6/6/2019 6:15 PM, 5906 bytes, A Adds the file util.js"="6/6/2019 6:15 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="6/6/2019 6:15 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="6/6/2019 6:15 PM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\picpadgnaiehfpanhlnlejeelgohjpid Adds the file 000003.log"="8/15/2019 9:19 AM, 4966 bytes, A Adds the file CURRENT"="8/15/2019 9:19 AM, 16 bytes, A Adds the file LOCK"="8/15/2019 9:19 AM, 0 bytes, A Adds the file LOG"="8/15/2019 9:19 AM, 185 bytes, A Adds the file MANIFEST-000001"="8/15/2019 9:19 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\MergeDocsNowTooltab Adds the file TooltabExtension.dll"="3/8/2019 10:49 PM, 266864 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _hxMembers_@free.mergedocsnow.com.xpi"="8/15/2019 9:21 AM, 87849 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "picpadgnaiehfpanhlnlejeelgohjpid"="REG_SZ", "79A10BF7C2918C860F265A98780A0B3C5645E90D1F333F2B48ACA7A38CA72A35" [HKEY_CURRENT_USER\Software\MergeDocsNow] "Start Page"="REG_SZ", "http://hp.myway.com/mergedocsnow/ttab02/index.html?n={n1}&p2={p2}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c={ptb}&ptb={p2}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/mergedocsnow/ttab02/index.html?n={n1}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MergeDocsNowTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "MergeDocsNow Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\MergeDocsNowTooltab\TooltabExtension.dll" U uninstall:MergeDocsNow" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/15/19 Scan Time: 9:27 AM Log File: 34a0b98e-bf2e-11e9-8304-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12017 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236478 Threats Detected: 70 Threats Quarantined: 70 Time Elapsed: 9 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MergeDocsNowTooltab\TooltabExtension.dll, Quarantined, [1768], [356944],1.0.12017 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MergeDocsNowTooltab Uninstall Internet Explorer, Quarantined, [1768], [356944],1.0.12017 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MergeDocsNow, Quarantined, [1768], [444113],1.0.12017 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MergeDocsNow|START PAGE, Quarantined, [1768], [444113],1.0.12017 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MergeDocsNowTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [642], [352442],1.0.12017 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|picpadgnaiehfpanhlnlejeelgohjpid, Quarantined, [1768], [443121],1.0.12017 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [642], [293497],1.0.12017 Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MergeDocsNowTooltab, Quarantined, [1768], [356944],1.0.12017 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\picpadgnaiehfpanhlnlejeelgohjpid, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\_locales\en, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\_metadata, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\_locales, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\config, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\icons, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PICPADGNAIEHFPANHLNLEJEELGOHJPID, Quarantined, [1768], [443121],1.0.12017 File: 53 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MergeDocsNowTooltab\TooltabExtension.dll, Quarantined, [1768], [356944],1.0.12017 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_hxMembers_@free.mergedocsnow.com.xpi, Quarantined, [1768], [457930],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\picpadgnaiehfpanhlnlejeelgohjpid\000003.log, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\picpadgnaiehfpanhlnlejeelgohjpid\CURRENT, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\picpadgnaiehfpanhlnlejeelgohjpid\LOCK, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\picpadgnaiehfpanhlnlejeelgohjpid\LOG, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\picpadgnaiehfpanhlnlejeelgohjpid\MANIFEST-000001, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PICPADGNAIEHFPANHLNLEJEELGOHJPID\13.882.15.38113_0\MANIFEST.JSON, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\config\config.json, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\icons\icon128.png, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\icons\icon16.png, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\icons\icon19disabled.png, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\icons\icon19on.png, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\icons\icon48.png, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\localStorageContentScript.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\ajax.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\babAPI.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\babClickHandler.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\babContentScript.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\babContentScriptAPI.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\background.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\browserUtils.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\chrome.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\contentScriptConnectionManager.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\dateTimeUtils.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\dlp.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\dlpHelper.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\extensionDetect.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\index.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\logger.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\meta.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\offerService.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\pageUtils.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\PartnerId.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\polyfill.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\product.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\remoteConfigLoader.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\splashPageRedirectHandler.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\storageUtils.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\TemplateParser.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\ul.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\urlFragmentActions.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\urlUtils.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\util.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\webtooltabAPI.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\js\webTooltabAPIProxy.js, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\_locales\en\messages.json, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\_metadata\computed_hashes.json, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\_metadata\verified_contents.json, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\picpadgnaiehfpanhlnlejeelgohjpid\13.882.15.38113_0\ntp.html, Quarantined, [1768], [443121],1.0.12017 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\MERGEDOCSNOW.EXE, Quarantined, [642], [365288],1.0.12017 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is MyFunCards?The Malwarebytes research team has determined that MyFunCards is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.MyFunCards is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by MyFunCards?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:this icon in the menu-bar of some of the affected browsers:and this new homepage in the affected browsers:How did MyFunCards get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove MyFunCards?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MyFunCards? No, Malwarebytes' Anti-Malware removes MyFunCards completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the MyFunCards hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/myfuncards/ttab02/index.html?n={n}&p2={ttab}&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _5mMembers_@download.myfuncards.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _5mMembers_@download.myfuncards.com FF Extension: (MyFunCards) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_5mMembers_@download.myfuncards.com.xpi [2019-07-29] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=27560036&version=8.914.15.58874&track=TTAB02&trackRevision=1&fromId=_5mMembers_%40download.myfuncards.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://jkbnhlhcdndaamafgbelomapajcnjpde/ntp.html" CHR Extension: (MyFunCards) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde [2019-07-29] C:\Users\{username}\AppData\Local\MyFunCardsTooltab MyFunCards Internet Explorer Homepage and New Tab (HKCU\...\MyFunCardsTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0 Adds the file manifest.json"="7/29/2019 5:29 PM, 2616 bytes, A Adds the file ntp.html"="6/6/2019 6:22 PM, 1423 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\_locales\en Adds the file messages.json"="7/29/2019 5:29 PM, 257 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\_metadata Adds the file computed_hashes.json"="7/29/2019 5:29 PM, 5503 bytes, A Adds the file verified_contents.json"="6/6/2019 6:22 PM, 5999 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\config Adds the file config.json"="6/6/2019 6:22 PM, 1467 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\icons Adds the file icon128.png"="7/29/2019 5:29 PM, 9225 bytes, A Adds the file icon16.png"="6/6/2019 6:22 PM, 1575 bytes, A Adds the file icon19disabled.png"="6/6/2019 6:22 PM, 1585 bytes, A Adds the file icon19on.png"="7/29/2019 5:29 PM, 794 bytes, A Adds the file icon48.png"="7/29/2019 5:29 PM, 2825 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js Adds the file ajax.js"="6/6/2019 6:22 PM, 3263 bytes, A Adds the file babAPI.js"="6/6/2019 6:22 PM, 5703 bytes, A Adds the file babClickHandler.js"="6/6/2019 6:22 PM, 11430 bytes, A Adds the file babContentScript.js"="6/6/2019 6:22 PM, 3749 bytes, A Adds the file babContentScriptAPI.js"="6/6/2019 6:22 PM, 9842 bytes, A Adds the file background.js"="6/6/2019 6:22 PM, 18011 bytes, A Adds the file browserUtils.js"="6/6/2019 6:22 PM, 1536 bytes, A Adds the file chrome.js"="6/6/2019 6:22 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/6/2019 6:22 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="6/6/2019 6:22 PM, 1213 bytes, A Adds the file dlp.js"="6/6/2019 6:22 PM, 5783 bytes, A Adds the file dlpHelper.js"="6/6/2019 6:22 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/6/2019 6:22 PM, 4354 bytes, A Adds the file index.js"="6/6/2019 6:22 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/6/2019 6:22 PM, 2236 bytes, A Adds the file logger.js"="6/6/2019 6:22 PM, 531 bytes, A Adds the file meta.js"="6/6/2019 6:22 PM, 1631 bytes, A Adds the file offerService.js"="6/6/2019 6:22 PM, 16953 bytes, A Adds the file pageUtils.js"="6/6/2019 6:22 PM, 3154 bytes, A Adds the file PartnerId.js"="6/6/2019 6:22 PM, 16402 bytes, A Adds the file polyfill.js"="6/6/2019 6:22 PM, 875 bytes, A Adds the file product.js"="6/6/2019 6:22 PM, 7837 bytes, A Adds the file remoteConfigLoader.js"="6/6/2019 6:22 PM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="6/6/2019 6:22 PM, 2821 bytes, A Adds the file storageUtils.js"="6/6/2019 6:22 PM, 1718 bytes, A Adds the file TemplateParser.js"="6/6/2019 6:22 PM, 3153 bytes, A Adds the file ul.js"="6/6/2019 6:22 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="6/6/2019 6:22 PM, 2450 bytes, A Adds the file urlUtils.js"="6/6/2019 6:22 PM, 5906 bytes, A Adds the file util.js"="6/6/2019 6:22 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="6/6/2019 6:22 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="6/6/2019 6:22 PM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jkbnhlhcdndaamafgbelomapajcnjpde Adds the file 000003.log"="7/29/2019 5:34 PM, 5371 bytes, A Adds the file CURRENT"="7/29/2019 5:29 PM, 16 bytes, A Adds the file LOCK"="7/29/2019 5:29 PM, 0 bytes, A Adds the file LOG"="7/29/2019 5:34 PM, 412 bytes, A Adds the file LOG.old"="7/29/2019 5:29 PM, 185 bytes, A Adds the file MANIFEST-000001"="7/29/2019 5:29 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\MyFunCardsTooltab Adds the file TooltabExtension.dll"="3/5/2019 10:46 PM, 273008 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _5mMembers_@download.myfuncards.com.xpi"="7/29/2019 5:32 PM, 85562 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jkbnhlhcdndaamafgbelomapajcnjpde"="REG_SZ", "02CFD39D2570DF51D1B39FACB9384911C4A987AD0009F7C779EC35032E537584" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/myfuncards/ttab02/index.html?n={n}&p2=^ZU^mni000^TTAB02&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCardsTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "MyFunCards Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\MyFunCardsTooltab\TooltabExtension.dll" U uninstall:MyFunCards" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\MyFunCards] "Start Page"="REG_SZ", "http://hp.myway.com/myfuncards/ttab02/index.html?n={n}&p2={ttab}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c={ptb}&ptb={ttab}" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/29/19 Scan Time: 5:45 PM Log File: da0f4cb0-b217-11e9-bba6-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11770 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236570 Threats Detected: 71 Threats Quarantined: 71 Time Elapsed: 7 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MyFunCardsTooltab\TooltabExtension.dll, Quarantined, [1765], [356944],1.0.11770 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyFunCardsTooltab Uninstall Internet Explorer, Quarantined, [1765], [356944],1.0.11770 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MyFunCards, Quarantined, [1765], [444113],1.0.11770 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyFunCardsTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [638], [352442],1.0.11770 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MyFunCards|START PAGE, Quarantined, [1765], [444113],1.0.11770 PUP.Optional.MindSpark, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jkbnhlhcdndaamafgbelomapajcnjpde, Quarantined, [638], [389390],1.0.11770 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [638], [293497],1.0.11770 Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MyFunCardsTooltab, Quarantined, [1765], [356944],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\_locales\en, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\_metadata, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\_locales, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\config, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\icons, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL EXTENSION SETTINGS\JKBNHLHCDNDAAMAFGBELOMAPAJCNJPDE, Quarantined, [638], [389390],1.0.11770 File: 54 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MyFunCardsTooltab\TooltabExtension.dll, Quarantined, [1765], [356944],1.0.11770 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_5mMembers_@download.myfuncards.com.xpi, Quarantined, [1765], [457930],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jkbnhlhcdndaamafgbelomapajcnjpde\000003.log, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jkbnhlhcdndaamafgbelomapajcnjpde\CURRENT, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jkbnhlhcdndaamafgbelomapajcnjpde\LOCK, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jkbnhlhcdndaamafgbelomapajcnjpde\LOG, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jkbnhlhcdndaamafgbelomapajcnjpde\LOG.old, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jkbnhlhcdndaamafgbelomapajcnjpde\MANIFEST-000001, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\config\config.json, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\icons\icon128.png, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\icons\icon16.png, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\icons\icon19disabled.png, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\icons\icon19on.png, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\icons\icon48.png, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\localStorageContentScript.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\ajax.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\babAPI.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\babClickHandler.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\babContentScript.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\babContentScriptAPI.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\background.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\browserUtils.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\chrome.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\contentScriptConnectionManager.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\dateTimeUtils.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\dlp.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\dlpHelper.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\extensionDetect.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\index.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\logger.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\meta.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\offerService.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\pageUtils.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\PartnerId.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\polyfill.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\product.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\remoteConfigLoader.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\splashPageRedirectHandler.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\storageUtils.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\TemplateParser.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\ul.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\urlFragmentActions.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\urlUtils.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\util.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\webtooltabAPI.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\js\webTooltabAPIProxy.js, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\_locales\en\messages.json, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\_metadata\computed_hashes.json, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\_metadata\verified_contents.json, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\manifest.json, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbnhlhcdndaamafgbelomapajcnjpde\13.882.15.38182_0\ntp.html, Quarantined, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [638], [389390],1.0.11770 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\MYFUNCARDS.EXE, Quarantined, [638], [365288],1.0.11770 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. What is VideoConverterHD?The Malwarebytes research team has determined that VideoConverterHD is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.VideoConverterHD is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by VideoConverterHD?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did VideoConverterHD get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove VideoConverterHD?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of VideoConverterHD? No, Malwarebytes' Anti-Malware removes VideoConverterHD completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the VideoConverterHD hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/videoconverterhd/ttab02/index.html?n={n}&p2={p2}TAB02&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _l1Members_@www.videoconverterhd.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _l1Members_@www.videoconverterhd.com FF Extension: (VideoConverterHD) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_l1Members_@www.videoconverterhd.com.xpi [2019-07-15] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=234873107&version=8.901.15.24481&track=TTAB02&trackRevision=1&fromId=_l1Members_%40www.videoconverterhd.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://glohakccicfcgpelekfpgllfnlameopo/newtabpage.html" CHR Extension: (VideoConverterHD) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo [2019-07-15] C:\Users\{username}\AppData\Local\VideoConverterHDTooltab VideoConverterHD Internet Explorer Homepage and New Tab (HKCU\...\VideoConverterHDTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0 Adds the file manifest.json"="7/15/2019 9:21 AM, 2700 bytes, A Adds the file newtabpage.html"="4/30/2019 4:52 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\_locales\en Adds the file messages.json"="7/15/2019 9:21 AM, 185 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\_metadata Adds the file computed_hashes.json"="7/15/2019 9:21 AM, 5638 bytes, A Adds the file verified_contents.json"="4/30/2019 4:52 PM, 6147 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\config Adds the file config.json"="4/30/2019 4:52 PM, 1573 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\icons Adds the file icon128.png"="7/15/2019 9:21 AM, 14132 bytes, A Adds the file icon16.png"="4/30/2019 4:52 PM, 1728 bytes, A Adds the file icon19disabled.png"="4/30/2019 4:52 PM, 1803 bytes, A Adds the file icon19on.png"="7/15/2019 9:21 AM, 1136 bytes, A Adds the file icon48.png"="7/15/2019 9:21 AM, 4043 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js Adds the file ajax.js"="4/30/2019 4:52 PM, 3263 bytes, A Adds the file babAPI.js"="4/30/2019 4:52 PM, 5703 bytes, A Adds the file babClickHandler.js"="4/30/2019 4:52 PM, 11414 bytes, A Adds the file babContentScript.js"="4/30/2019 4:52 PM, 3275 bytes, A Adds the file babContentScriptAPI.js"="4/30/2019 4:52 PM, 5934 bytes, A Adds the file background.js"="4/30/2019 4:52 PM, 22384 bytes, A Adds the file browserUtils.js"="4/30/2019 4:52 PM, 1532 bytes, A Adds the file chrome.js"="4/30/2019 4:52 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="4/30/2019 4:52 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="4/30/2019 4:52 PM, 1213 bytes, A Adds the file dlp.js"="4/30/2019 4:52 PM, 5815 bytes, A Adds the file dlpHelper.js"="4/30/2019 4:52 PM, 1835 bytes, A Adds the file extensionDetect.js"="4/30/2019 4:52 PM, 4354 bytes, A Adds the file index.js"="4/30/2019 4:52 PM, 49 bytes, A Adds the file localStorageContentScript.js"="4/30/2019 4:52 PM, 2236 bytes, A Adds the file logger.js"="4/30/2019 4:52 PM, 516 bytes, A Adds the file meta.js"="4/30/2019 4:52 PM, 513 bytes, A Adds the file offerService.js"="4/30/2019 4:52 PM, 16950 bytes, A Adds the file pageUtils.js"="4/30/2019 4:52 PM, 3574 bytes, A Adds the file PartnerId.js"="4/30/2019 4:52 PM, 16402 bytes, A Adds the file polyfill.js"="4/30/2019 4:52 PM, 875 bytes, A Adds the file product.js"="4/30/2019 4:52 PM, 8604 bytes, A Adds the file remoteConfigLoader.js"="4/30/2019 4:52 PM, 4961 bytes, A Adds the file splashPageLocalStorageSetter.js"="4/30/2019 4:52 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="4/30/2019 4:52 PM, 2868 bytes, A Adds the file storageUtils.js"="4/30/2019 4:52 PM, 1718 bytes, A Adds the file TemplateParser.js"="4/30/2019 4:52 PM, 3153 bytes, A Adds the file ul.js"="4/30/2019 4:52 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="4/30/2019 4:52 PM, 2498 bytes, A Adds the file urlUtils.js"="4/30/2019 4:52 PM, 5906 bytes, A Adds the file util.js"="4/30/2019 4:52 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="4/30/2019 4:52 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="4/30/2019 4:52 PM, 7589 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glohakccicfcgpelekfpgllfnlameopo Adds the file 000003.log"="7/15/2019 9:21 AM, 5696 bytes, A Adds the file CURRENT"="7/15/2019 9:21 AM, 16 bytes, A Adds the file LOCK"="7/15/2019 9:21 AM, 0 bytes, A Adds the file LOG"="7/15/2019 9:21 AM, 185 bytes, A Adds the file MANIFEST-000001"="7/15/2019 9:21 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\VideoConverterHDTooltab Adds the file TooltabExtension.dll"="4/30/2019 10:52 PM, 266864 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _l1Members_@www.videoconverterhd.com.xpi"="7/15/2019 9:18 AM, 90834 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "glohakccicfcgpelekfpgllfnlameopo"="REG_SZ", "90B1D92C007BE81ADC2C93B67A1BB64624B21AB4EA08DD74F1C440EBC2E96537" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/videoconverterhd/ttab02/index.html?n={n}&p2={p2}TAB02&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoConverterHDTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "VideoConverterHD Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\VideoConverterHDTooltab\TooltabExtension.dll" U uninstall:VideoConverterHD" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\VideoConverterHD] "Start Page"="REG_SZ", "http://hp.myway.com/videoconverterhd/ttab02/index.html?n={n}&p2={p2}TAB02&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FM%3Fc%3D{ptb}%26ptb%3D^CRE^mni000^TTAB02" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/15/19 Scan Time: 9:29 AM Log File: 54157044-a6d2-11e9-9eb5-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11552 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236165 Threats Detected: 71 Threats Quarantined: 71 Time Elapsed: 6 min, 30 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\VideoConverterHDTooltab\TooltabExtension.dll, Quarantined, [1758], [356944],1.0.11552 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoConverterHDTooltab Uninstall Internet Explorer, Quarantined, [1758], [356944],1.0.11552 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\VideoConverterHD, Quarantined, [1758], [444113],1.0.11552 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\VideoConverterHD|START PAGE, Quarantined, [1758], [444113],1.0.11552 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoConverterHDTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [635], [352442],1.0.11552 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|glohakccicfcgpelekfpgllfnlameopo, Quarantined, [1758], [443121],1.0.11552 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [635], [293497],1.0.11552 Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\VideoConverterHDTooltab, Quarantined, [1758], [356944],1.0.11552 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\glohakccicfcgpelekfpgllfnlameopo, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\_locales\en, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\_metadata, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\_locales, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\config, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\icons, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GLOHAKCCICFCGPELEKFPGLLFNLAMEOPO, Quarantined, [1758], [443121],1.0.11552 File: 54 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\VideoConverterHDTooltab\TooltabExtension.dll, Quarantined, [1758], [356944],1.0.11552 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_l1Members_@www.videoconverterhd.com.xpi, Quarantined, [1758], [457930],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glohakccicfcgpelekfpgllfnlameopo\000003.log, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glohakccicfcgpelekfpgllfnlameopo\CURRENT, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glohakccicfcgpelekfpgllfnlameopo\LOCK, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glohakccicfcgpelekfpgllfnlameopo\LOG, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glohakccicfcgpelekfpgllfnlameopo\MANIFEST-000001, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GLOHAKCCICFCGPELEKFPGLLFNLAMEOPO\13.870.15.24468_0\MANIFEST.JSON, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\config\config.json, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\icons\icon128.png, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\icons\icon16.png, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\icons\icon19disabled.png, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\icons\icon19on.png, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\icons\icon48.png, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\meta.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\ajax.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\babAPI.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\babClickHandler.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\babContentScript.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\babContentScriptAPI.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\background.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\browserUtils.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\chrome.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\contentScriptConnectionManager.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\dateTimeUtils.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\dlp.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\dlpHelper.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\extensionDetect.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\index.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\localStorageContentScript.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\logger.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\offerService.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\pageUtils.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\PartnerId.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\polyfill.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\product.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\remoteConfigLoader.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\splashPageLocalStorageSetter.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\splashPageRedirectHandler.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\storageUtils.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\TemplateParser.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\ul.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\urlFragmentActions.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\urlUtils.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\util.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\webtooltabAPI.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\js\webTooltabAPIProxy.js, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\_locales\en\messages.json, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\_metadata\computed_hashes.json, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\_metadata\verified_contents.json, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohakccicfcgpelekfpgllfnlameopo\13.870.15.24468_0\newtabpage.html, Quarantined, [1758], [443121],1.0.11552 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\VIDEOCONVERTERHD.EXE, Quarantined, [635], [365288],1.0.11552 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  7. What is OnlineMapFinder?The Malwarebytes research team has determined that OnlineMapFinder is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.OnlineMapFinder is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by OnlineMapFinder?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did OnlineMapFinder get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove OnlineMapFinder?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of OnlineMapFinder? No, Malwarebytes' Anti-Malware removes OnlineMapFinder completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the OnlineMapFinder hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/onlinemapfinder/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _9pMembers_@free.onlinemapfinder.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _9pMembers_@free.onlinemapfinder.com FF Extension: (OnlineMapFinder) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_9pMembers_@free.onlinemapfinder.com.xpi [2019-07-08] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=220187224&version=8.905.15.41764&track=TTAB02&trackRevision=1&fromId=_9pMembers_%40free.onlinemapfinder.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://oefnhkgfnebeddbbhjjjfhfihmnckjdc/ntp.html" CHR Extension: (OnlineMapFinder) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc [2019-07-08] C:\Users\{username}\AppData\Local\OnlineMapFinderTooltab OnlineMapFinder Internet Explorer Homepage and New Tab (HKCU\...\OnlineMapFinderTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0 Adds the file manifest.json"="7/8/2019 9:01 AM, 2654 bytes, A Adds the file ntp.html"="6/7/2019 3:00 PM, 1423 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_metadata Adds the file computed_hashes.json"="7/8/2019 9:01 AM, 5503 bytes, A Adds the file verified_contents.json"="6/7/2019 3:00 PM, 7025 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\config Adds the file config.json"="6/7/2019 3:00 PM, 1518 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\icons Adds the file icon128.png"="7/8/2019 9:01 AM, 18793 bytes, A Adds the file icon16.png"="6/7/2019 3:00 PM, 1818 bytes, A Adds the file icon19disabled.png"="6/7/2019 3:00 PM, 1723 bytes, A Adds the file icon19on.png"="7/8/2019 9:01 AM, 1048 bytes, A Adds the file icon48.png"="7/8/2019 9:01 AM, 4187 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js Adds the file ajax.js"="6/7/2019 3:00 PM, 3263 bytes, A Adds the file babAPI.js"="6/7/2019 3:00 PM, 5703 bytes, A Adds the file babClickHandler.js"="6/7/2019 3:00 PM, 11430 bytes, A Adds the file babContentScript.js"="6/7/2019 3:00 PM, 3749 bytes, A Adds the file babContentScriptAPI.js"="6/7/2019 3:00 PM, 9842 bytes, A Adds the file background.js"="6/7/2019 3:00 PM, 18011 bytes, A Adds the file browserUtils.js"="6/7/2019 3:00 PM, 1536 bytes, A Adds the file chrome.js"="6/7/2019 3:00 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/7/2019 3:00 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="6/7/2019 3:00 PM, 1213 bytes, A Adds the file dlp.js"="6/7/2019 3:00 PM, 5783 bytes, A Adds the file dlpHelper.js"="6/7/2019 3:00 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/7/2019 3:00 PM, 4354 bytes, A Adds the file index.js"="6/7/2019 3:00 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/7/2019 3:00 PM, 2236 bytes, A Adds the file logger.js"="6/7/2019 3:00 PM, 531 bytes, A Adds the file meta.js"="6/7/2019 3:00 PM, 1631 bytes, A Adds the file offerService.js"="6/7/2019 3:00 PM, 16953 bytes, A Adds the file pageUtils.js"="6/7/2019 3:00 PM, 3154 bytes, A Adds the file PartnerId.js"="6/7/2019 3:00 PM, 16402 bytes, A Adds the file polyfill.js"="6/7/2019 3:00 PM, 875 bytes, A Adds the file product.js"="6/7/2019 3:00 PM, 7837 bytes, A Adds the file remoteConfigLoader.js"="6/7/2019 3:00 PM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="6/7/2019 3:00 PM, 2821 bytes, A Adds the file storageUtils.js"="6/7/2019 3:00 PM, 1718 bytes, A Adds the file TemplateParser.js"="6/7/2019 3:00 PM, 3153 bytes, A Adds the file ul.js"="6/7/2019 3:00 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="6/7/2019 3:00 PM, 2450 bytes, A Adds the file urlUtils.js"="6/7/2019 3:00 PM, 5906 bytes, A Adds the file util.js"="6/7/2019 3:00 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="6/7/2019 3:00 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="6/7/2019 3:00 PM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oefnhkgfnebeddbbhjjjfhfihmnckjdc Adds the file 000003.log"="7/8/2019 9:01 AM, 5161 bytes, A Adds the file CURRENT"="7/8/2019 9:01 AM, 16 bytes, A Adds the file LOCK"="7/8/2019 9:01 AM, 0 bytes, A Adds the file LOG"="7/8/2019 9:01 AM, 185 bytes, A Adds the file MANIFEST-000001"="7/8/2019 9:01 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\OnlineMapFinderTooltab Adds the file TooltabExtension.dll"="3/4/2019 8:10 PM, 273008 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _9pMembers_@free.onlinemapfinder.com.xpi"="7/8/2019 8:59 AM, 96636 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "oefnhkgfnebeddbbhjjjfhfihmnckjdc"="REG_SZ", "13A0374A41D1CC211EAC48A516C058167C8D8C7B61BEABAC0BFEFFF0BF541B6E" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/onlinemapfinder/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnlineMapFinderTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "OnlineMapFinder Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\OnlineMapFinderTooltab\TooltabExtension.dll" U uninstall:OnlineMapFinder" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\OnlineMapFinder] "Start Page"="REG_SZ", "http://hp.myway.com/onlinemapfinder/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c={ptb}&ptb={p2}" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/8/19 Scan Time: 9:12 AM Log File: b62bb0fa-a14f-11e9-8f02-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11446 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236388 Threats Detected: 86 Threats Quarantined: 86 Time Elapsed: 6 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\OnlineMapFinderTooltab\TooltabExtension.dll, Quarantined, [1761], [356944],1.0.11446 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OnlineMapFinderTooltab Uninstall Internet Explorer, Quarantined, [1761], [356944],1.0.11446 PUP.Optional.MindSpark, HKCU\SOFTWARE\ONLINEMAPFINDER, Quarantined, [638], [348745],1.0.11446 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OnlineMapFinderTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [638], [352442],1.0.11446 PUP.Optional.MindSpark, HKCU\SOFTWARE\ONLINEMAPFINDER|START PAGE, Quarantined, [638], [348745],1.0.11446 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oefnhkgfnebeddbbhjjjfhfihmnckjdc, Quarantined, [1761], [443121],1.0.11446 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [638], [293497],1.0.11446 Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\OnlineMapFinderTooltab, Quarantined, [1761], [356944],1.0.11446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\oefnhkgfnebeddbbhjjjfhfihmnckjdc, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\es_419, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\pt_BR, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\pt_PT, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\de, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\en, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\es, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\fr, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\it, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\ja, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_metadata, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\config, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\icons, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OEFNHKGFNEBEDDBBHJJJFHFIHMNCKJDC, Quarantined, [1761], [443121],1.0.11446 File: 61 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\OnlineMapFinderTooltab\TooltabExtension.dll, Quarantined, [1761], [356944],1.0.11446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_9pMembers_@free.onlinemapfinder.com.xpi, Quarantined, [1761], [457930],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oefnhkgfnebeddbbhjjjfhfihmnckjdc\000003.log, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oefnhkgfnebeddbbhjjjfhfihmnckjdc\CURRENT, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oefnhkgfnebeddbbhjjjfhfihmnckjdc\LOCK, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oefnhkgfnebeddbbhjjjfhfihmnckjdc\LOG, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oefnhkgfnebeddbbhjjjfhfihmnckjdc\MANIFEST-000001, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OEFNHKGFNEBEDDBBHJJJFHFIHMNCKJDC\13.882.15.39259_0\MANIFEST.JSON, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\config\config.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\icons\icon128.png, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\icons\icon16.png, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\icons\icon19disabled.png, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\icons\icon19on.png, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\icons\icon48.png, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\localStorageContentScript.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\ajax.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\babAPI.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\babClickHandler.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\babContentScript.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\babContentScriptAPI.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\background.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\browserUtils.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\chrome.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\contentScriptConnectionManager.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\dateTimeUtils.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\dlp.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\dlpHelper.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\extensionDetect.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\index.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\logger.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\meta.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\offerService.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\pageUtils.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\PartnerId.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\polyfill.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\product.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\remoteConfigLoader.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\splashPageRedirectHandler.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\storageUtils.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\TemplateParser.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\ul.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\urlFragmentActions.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\urlUtils.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\util.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\webtooltabAPI.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\js\webTooltabAPIProxy.js, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\de\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\en\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\es\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\es_419\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\fr\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\it\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\ja\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\pt_BR\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_locales\pt_PT\messages.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_metadata\computed_hashes.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\_metadata\verified_contents.json, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefnhkgfnebeddbbhjjjfhfihmnckjdc\13.882.15.39259_0\ntp.html, Quarantined, [1761], [443121],1.0.11446 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\ONLINEMAPFINDER..EXE, Quarantined, [638], [365288],1.0.11446 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  8. What is ProPDFConverter?The Malwarebytes research team has determined that ProPDFConverter is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.ProPDFConverter is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by ProPDFConverter?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did ProPDFConverter get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove ProPDFConverter?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of ProPDFConverter? No, Malwarebytes' Anti-Malware removes ProPDFConverter completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the ProPDFConverter hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/propdfconverter/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&si={si}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _l6Members_@www.propdfconverter.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _l6Members_@www.propdfconverter.com FF Extension: (ProPDFConverter) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_l6Members_@www.propdfconverter.com.xpi [2019-06-24] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id={id}&version=8.909.15.48938&track=S33608&trackRevision=1&fromId=_l6Members_%40www.propdfconverter.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://kcpolagaegkaihmknbompmhcedcoohjm/ntp.html" CHR Extension: (ProPDFConverter) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm [2019-06-24] C:\Users\{username}\AppData\Local\ProPDFConverterTooltab ProPDFConverter Internet Explorer Homepage and New Tab (HKCU\...\ProPDFConverterTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0 Adds the file manifest.json"="6/24/2019 4:10 PM, 2653 bytes, A Adds the file ntp.html"="6/10/2019 6:50 PM, 1423 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_metadata Adds the file computed_hashes.json"="6/24/2019 4:10 PM, 5503 bytes, A Adds the file verified_contents.json"="6/10/2019 6:50 PM, 7405 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\config Adds the file config.json"="6/10/2019 6:50 PM, 1517 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\icons Adds the file icon128.png"="6/24/2019 4:10 PM, 3750 bytes, A Adds the file icon16.png"="6/10/2019 6:50 PM, 1378 bytes, A Adds the file icon19disabled.png"="6/10/2019 6:50 PM, 1486 bytes, A Adds the file icon19on.png"="6/24/2019 4:10 PM, 629 bytes, A Adds the file icon48.png"="6/24/2019 4:10 PM, 1595 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js Adds the file ajax.js"="6/10/2019 6:50 PM, 3263 bytes, A Adds the file babAPI.js"="6/10/2019 6:50 PM, 5703 bytes, A Adds the file babClickHandler.js"="6/10/2019 6:50 PM, 11430 bytes, A Adds the file babContentScript.js"="6/10/2019 6:50 PM, 3749 bytes, A Adds the file babContentScriptAPI.js"="6/10/2019 6:50 PM, 9842 bytes, A Adds the file background.js"="6/10/2019 6:50 PM, 18011 bytes, A Adds the file browserUtils.js"="6/10/2019 6:50 PM, 1536 bytes, A Adds the file chrome.js"="6/10/2019 6:50 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/10/2019 6:50 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="6/10/2019 6:50 PM, 1213 bytes, A Adds the file dlp.js"="6/10/2019 6:50 PM, 5783 bytes, A Adds the file dlpHelper.js"="6/10/2019 6:50 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/10/2019 6:50 PM, 4354 bytes, A Adds the file index.js"="6/10/2019 6:50 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/10/2019 6:50 PM, 2236 bytes, A Adds the file logger.js"="6/10/2019 6:50 PM, 531 bytes, A Adds the file meta.js"="6/10/2019 6:50 PM, 1631 bytes, A Adds the file offerService.js"="6/10/2019 6:50 PM, 16953 bytes, A Adds the file pageUtils.js"="6/10/2019 6:50 PM, 3154 bytes, A Adds the file PartnerId.js"="6/10/2019 6:50 PM, 16402 bytes, A Adds the file polyfill.js"="6/10/2019 6:50 PM, 875 bytes, A Adds the file product.js"="6/10/2019 6:50 PM, 7837 bytes, A Adds the file remoteConfigLoader.js"="6/10/2019 6:50 PM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="6/10/2019 6:50 PM, 2821 bytes, A Adds the file storageUtils.js"="6/10/2019 6:50 PM, 1718 bytes, A Adds the file TemplateParser.js"="6/10/2019 6:50 PM, 3153 bytes, A Adds the file ul.js"="6/10/2019 6:50 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="6/10/2019 6:50 PM, 2450 bytes, A Adds the file urlUtils.js"="6/10/2019 6:50 PM, 5906 bytes, A Adds the file util.js"="6/10/2019 6:50 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="6/10/2019 6:50 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="6/10/2019 6:50 PM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcpolagaegkaihmknbompmhcedcoohjm Adds the file 000003.log"="6/24/2019 4:12 PM, 5938 bytes, A Adds the file CURRENT"="6/24/2019 4:10 PM, 16 bytes, A Adds the file LOCK"="6/24/2019 4:10 PM, 0 bytes, A Adds the file LOG"="6/24/2019 4:12 PM, 412 bytes, A Adds the file LOG.old"="6/24/2019 4:10 PM, 185 bytes, A Adds the file MANIFEST-000001"="6/24/2019 4:10 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ProPDFConverterTooltab Adds the file TooltabExtension.dll"="2/25/2019 11:21 PM, 266864 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _l6Members_@www.propdfconverter.com.xpi"="6/24/2019 4:07 PM, 78843 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "kcpolagaegkaihmknbompmhcedcoohjm"="REG_SZ", "AAA5888C3541C10AD5D80ED5F4ED0710F56397399ECCA4436967EFD06DD4BB46" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" ==> REG_SZ, "http://hp.myway.com/propdfconverter/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&si={si}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ProPDFConverterTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "ProPDFConverter Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\ProPDFConverterTooltab\TooltabExtension.dll" U uninstall:ProPDFConverter" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\ProPDFConverter] "Start Page"="REG_SZ", "http://hp.myway.com/propdfconverter/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&si={si}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c={ptb}&ptb={p2}" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/24/19 Scan Time: 4:21 PM Log File: 5fd3c05e-968b-11e9-828f-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11224 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236365 Threats Detected: 93 Threats Quarantined: 93 Time Elapsed: 9 min, 35 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\ProPDFConverterTooltab\TooltabExtension.dll, Quarantined, [1753], [356944],1.0.11224 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ProPDFConverterTooltab Uninstall Internet Explorer, Quarantined, [1753], [356944],1.0.11224 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\ProPDFConverter, Quarantined, [1753], [444113],1.0.11224 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ProPDFConverterTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [631], [352442],1.0.11224 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\ProPDFConverter|START PAGE, Quarantined, [1753], [444113],1.0.11224 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|kcpolagaegkaihmknbompmhcedcoohjm, Quarantined, [1753], [443121],1.0.11224 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [631], [293497],1.0.11224 Data Stream: 0 (No malicious items detected) Folder: 21 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\ProPDFConverterTooltab, Quarantined, [1753], [356944],1.0.11224 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\kcpolagaegkaihmknbompmhcedcoohjm, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\es_419, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\pt_BR, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\pt_PT, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\ar, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\de, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\en, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\es, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\fr, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\it, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\ja, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\ko, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\nl, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_metadata, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\config, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\icons, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KCPOLAGAEGKAIHMKNBOMPMHCEDCOOHJM, Quarantined, [1753], [443121],1.0.11224 File: 65 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\ProPDFConverterTooltab\TooltabExtension.dll, Quarantined, [1753], [356944],1.0.11224 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_l6Members_@www.propdfconverter.com.xpi, Quarantined, [1753], [457930],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcpolagaegkaihmknbompmhcedcoohjm\000003.log, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcpolagaegkaihmknbompmhcedcoohjm\CURRENT, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcpolagaegkaihmknbompmhcedcoohjm\LOCK, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcpolagaegkaihmknbompmhcedcoohjm\LOG, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcpolagaegkaihmknbompmhcedcoohjm\LOG.old, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcpolagaegkaihmknbompmhcedcoohjm\MANIFEST-000001, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KCPOLAGAEGKAIHMKNBOMPMHCEDCOOHJM\13.882.15.42155_0\MANIFEST.JSON, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\config\config.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\icons\icon128.png, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\icons\icon16.png, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\icons\icon19disabled.png, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\icons\icon19on.png, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\icons\icon48.png, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\localStorageContentScript.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\ajax.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\babAPI.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\babClickHandler.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\babContentScript.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\babContentScriptAPI.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\background.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\browserUtils.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\chrome.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\contentScriptConnectionManager.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\dateTimeUtils.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\dlp.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\dlpHelper.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\extensionDetect.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\index.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\logger.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\meta.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\offerService.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\pageUtils.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\PartnerId.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\polyfill.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\product.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\remoteConfigLoader.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\splashPageRedirectHandler.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\storageUtils.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\TemplateParser.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\ul.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\urlFragmentActions.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\urlUtils.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\util.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\webtooltabAPI.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\js\webTooltabAPIProxy.js, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\ar\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\de\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\en\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\es\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\es_419\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\fr\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\it\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\ja\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\ko\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\nl\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\pt_BR\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_locales\pt_PT\messages.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_metadata\computed_hashes.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\_metadata\verified_contents.json, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpolagaegkaihmknbompmhcedcoohjm\13.882.15.42155_0\ntp.html, Quarantined, [1753], [443121],1.0.11224 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\PROPDFCONVERTER.{coid}.EXE, Quarantined, [631], [365288],1.0.11224 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  9. What is GetPoliticalNews?The Malwarebytes research team has determined that GetPoliticalNews is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.GetPoliticalNews is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by GetPoliticalNews?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did GetPoliticalNews get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove GetPoliticalNews?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GetPoliticalNews? No, Malwarebytes' Anti-Malware removes GetPoliticalNews completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the GetPoliticalNews hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/getpoliticalnews/ttab02/index.html?n=C08D816&p2=%5ECXR%5Emni000%5ETTAB02&ptb=3F408F5E-5459-4D52-84E6-B5193B5FDAE8&coid=cd10cc051786489b82d12838f475950e FF HomepageOverride: Mozilla\Firefox\Profiles\vkq9erdv.default-1519559592148-1560329836028 -> Enabled: _qpMembers_@free.getpoliticalnews.com FF NewTabOverride: Mozilla\Firefox\Profiles\vkq9erdv.default-1519559592148-1560329836028 -> Enabled: _qpMembers_@free.getpoliticalnews.com FF Extension: (GetPoliticalNews) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\vkq9erdv.default-1519559592148-1560329836028\Extensions\_qpMembers_@free.getpoliticalnews.com.xpi [2019-06-19] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=238865599&version=8.905.15.39798&track=TTAB02&trackRevision=1&fromId=_qpMembers_%40free.getpoliticalnews.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://leekaeilhmonbgjlggdmpdgepmngaldb/ntp.html" CHR Extension: (GetPoliticalNews) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb [2019-06-19] C:\Users\{username}\AppData\Local\GetPoliticalNewsTooltab (Mindspark Interactive Network, Inc.) C:\Users\{username}\Desktop\getpoliticalnews.exe GetPoliticalNews Internet Explorer Homepage and New Tab (HKCU\...\GetPoliticalNewsTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\GetPoliticalNewsTooltab Adds the file TooltabExtension.dll"="3/5/2019 10:28 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0 Adds the file manifest.json"="6/19/2019 9:03 AM, 2659 bytes, A Adds the file ntp.html"="6/9/2019 12:31 PM, 1423 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_metadata Adds the file computed_hashes.json"="6/19/2019 9:03 AM, 5503 bytes, A Adds the file verified_contents.json"="6/9/2019 12:31 PM, 7025 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\config Adds the file config.json"="6/9/2019 12:31 PM, 1511 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\icons Adds the file icon128.png"="6/19/2019 9:03 AM, 6176 bytes, A Adds the file icon16.png"="6/9/2019 12:31 PM, 1550 bytes, A Adds the file icon19disabled.png"="6/9/2019 12:31 PM, 1599 bytes, A Adds the file icon19on.png"="6/19/2019 9:03 AM, 788 bytes, A Adds the file icon48.png"="6/19/2019 9:03 AM, 2349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js Adds the file ajax.js"="6/9/2019 12:31 PM, 3263 bytes, A Adds the file babAPI.js"="6/9/2019 12:31 PM, 5703 bytes, A Adds the file babClickHandler.js"="6/9/2019 12:31 PM, 11430 bytes, A Adds the file babContentScript.js"="6/9/2019 12:31 PM, 3749 bytes, A Adds the file babContentScriptAPI.js"="6/9/2019 12:31 PM, 9842 bytes, A Adds the file background.js"="6/9/2019 12:31 PM, 18011 bytes, A Adds the file browserUtils.js"="6/9/2019 12:31 PM, 1536 bytes, A Adds the file chrome.js"="6/9/2019 12:31 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/9/2019 12:31 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="6/9/2019 12:31 PM, 1213 bytes, A Adds the file dlp.js"="6/9/2019 12:31 PM, 5783 bytes, A Adds the file dlpHelper.js"="6/9/2019 12:31 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/9/2019 12:31 PM, 4354 bytes, A Adds the file index.js"="6/9/2019 12:31 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/9/2019 12:31 PM, 2236 bytes, A Adds the file logger.js"="6/9/2019 12:31 PM, 531 bytes, A Adds the file meta.js"="6/9/2019 12:31 PM, 1631 bytes, A Adds the file offerService.js"="6/9/2019 12:31 PM, 16953 bytes, A Adds the file pageUtils.js"="6/9/2019 12:31 PM, 3154 bytes, A Adds the file PartnerId.js"="6/9/2019 12:31 PM, 16402 bytes, A Adds the file polyfill.js"="6/9/2019 12:31 PM, 875 bytes, A Adds the file product.js"="6/9/2019 12:31 PM, 7837 bytes, A Adds the file remoteConfigLoader.js"="6/9/2019 12:31 PM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="6/9/2019 12:31 PM, 2821 bytes, A Adds the file storageUtils.js"="6/9/2019 12:31 PM, 1718 bytes, A Adds the file TemplateParser.js"="6/9/2019 12:31 PM, 3153 bytes, A Adds the file ul.js"="6/9/2019 12:31 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="6/9/2019 12:31 PM, 2450 bytes, A Adds the file urlUtils.js"="6/9/2019 12:31 PM, 5906 bytes, A Adds the file util.js"="6/9/2019 12:31 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="6/9/2019 12:31 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="6/9/2019 12:31 PM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\leekaeilhmonbgjlggdmpdgepmngaldb Adds the file 000003.log"="6/19/2019 9:03 AM, 5585 bytes, A Adds the file CURRENT"="6/19/2019 9:03 AM, 16 bytes, A Adds the file LOCK"="6/19/2019 9:03 AM, 0 bytes, A Adds the file LOG"="6/19/2019 9:03 AM, 184 bytes, A Adds the file MANIFEST-000001"="6/19/2019 9:03 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\vkq9erdv.default-1519559592148-1560329836028\extensions Adds the file _qpMembers_@free.getpoliticalnews.com.xpi"="6/19/2019 8:58 AM, 82563 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\GetPoliticalNews] "Start Page"="REG_SZ", "http://hp.myway.com/getpoliticalnews/ttab02/index.html?n=C08D816&p2=^CXR^mni000^TTAB02&ptb=3F408F5E-5459-4D52-84E6-B5193B5FDAE8&coid=cd10cc051786489b82d12838f475950e" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c=3F408F5E-5459-4D52-84E6-B5193B5FDAE8&ptb=^CXR^mni000^TTAB02" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "leekaeilhmonbgjlggdmpdgepmngaldb"="REG_SZ", "CEC015520085857720ED531A16740AD54623EFB25AFA925B8222D059518ACDBB" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/getpoliticalnews/ttab02/index.html?n=C08D816&p2=^CXR^mni000^TTAB02&ptb=3F408F5E-5459-4D52-84E6-B5193B5FDAE8&coid=cd10cc051786489b82d12838f475950e" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GetPoliticalNewsTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "GetPoliticalNews Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\GetPoliticalNewsTooltab\TooltabExtension.dll" U uninstall:GetPoliticalNews" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/19/19 Scan Time: 9:14 AM Log File: ef8caacc-9261-11e9-a1e9-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11128 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236306 Threats Detected: 86 Threats Quarantined: 86 Time Elapsed: 6 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GetPoliticalNewsTooltab\TooltabExtension.dll, Quarantined, [1755], [356944],1.0.11128 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GetPoliticalNewsTooltab Uninstall Internet Explorer, Quarantined, [1755], [356944],1.0.11128 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GetPoliticalNews, Quarantined, [1755], [444113],1.0.11128 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GetPoliticalNews|START PAGE, Quarantined, [1755], [444113],1.0.11128 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GetPoliticalNewsTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [633], [352442],1.0.11128 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|leekaeilhmonbgjlggdmpdgepmngaldb, Quarantined, [1755], [443121],1.0.11128 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [633], [293497],1.0.11128 Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GetPoliticalNewsTooltab, Quarantined, [1755], [356944],1.0.11128 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\leekaeilhmonbgjlggdmpdgepmngaldb, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\es_419, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\pt_BR, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\pt_PT, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\de, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\en, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\es, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\fr, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\it, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\ja, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_metadata, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\config, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\icons, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LEEKAEILHMONBGJLGGDMPDGEPMNGALDB, Quarantined, [1755], [443121],1.0.11128 File: 61 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GetPoliticalNewsTooltab\TooltabExtension.dll, Quarantined, [1755], [356944],1.0.11128 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VKQ9ERDV.DEFAULT-1519559592148-1560329836028\EXTENSIONS\_qpMembers_@free.getpoliticalnews.com.xpi, Quarantined, [1755], [457930],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\leekaeilhmonbgjlggdmpdgepmngaldb\000003.log, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\leekaeilhmonbgjlggdmpdgepmngaldb\CURRENT, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\leekaeilhmonbgjlggdmpdgepmngaldb\LOCK, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\leekaeilhmonbgjlggdmpdgepmngaldb\LOG, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\leekaeilhmonbgjlggdmpdgepmngaldb\MANIFEST-000001, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LEEKAEILHMONBGJLGGDMPDGEPMNGALDB\13.882.15.39800_0\MANIFEST.JSON, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\config\config.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\icons\icon128.png, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\icons\icon16.png, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\icons\icon19disabled.png, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\icons\icon19on.png, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\icons\icon48.png, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\localStorageContentScript.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\ajax.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\babAPI.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\babClickHandler.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\babContentScript.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\babContentScriptAPI.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\background.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\browserUtils.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\chrome.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\contentScriptConnectionManager.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\dateTimeUtils.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\dlp.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\dlpHelper.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\extensionDetect.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\index.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\logger.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\meta.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\offerService.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\pageUtils.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\PartnerId.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\polyfill.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\product.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\remoteConfigLoader.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\splashPageRedirectHandler.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\storageUtils.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\TemplateParser.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\ul.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\urlFragmentActions.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\urlUtils.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\util.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\webtooltabAPI.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\js\webTooltabAPIProxy.js, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\de\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\en\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\es\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\es_419\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\fr\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\it\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\ja\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\pt_BR\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_locales\pt_PT\messages.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_metadata\computed_hashes.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\_metadata\verified_contents.json, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekaeilhmonbgjlggdmpdgepmngaldb\13.882.15.39800_0\ntp.html, Quarantined, [1755], [443121],1.0.11128 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\GETPOLITICALNEWS.EXE, Quarantined, [633], [365288],1.0.11128 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  10. What is ShoppingDealsLive?The Malwarebytes research team has determined that ShoppingDealsLive is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.ShoppingDealsLive is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by ShoppingDealsLive?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did ShoppingDealsLive get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded through their website.How do I remove ShoppingDealsLive?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of ShoppingDealsLive? No, Malwarebytes' Anti-Malware removes ShoppingDealsLive completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the ShoppingDealsLive hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/shoppingdealslive/ttab02/index.html?n={n}&p2={p2}5ETTAB02&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _qwMembers_@free.shoppingdealslive.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _qwMembers_@free.shoppingdealslive.com FF Extension: (ShoppingDealsLive) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_qwMembers_@free.shoppingdealslive.com.xpi [2019-05-17] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=239286388&version=8.901.15.16347&track=TTAB02&trackRevision=1&fromId=_qwMembers_%40free.shoppingdealslive.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://ankipdcagabohpndekpgemlmkpgljfgd/newtabpage.html" CHR Extension: (ShoppingDealsLive) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd [2019-05-17] C:\Users\{username}\AppData\Local\ShoppingDealsLiveTooltab ShoppingDealsLive Internet Explorer Homepage and New Tab (HKCU\...\ShoppingDealsLiveTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0 Adds the file manifest.json"="5/17/2019 8:46 AM, 2706 bytes, A Adds the file newtabpage.html"="4/10/2019 4:14 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_metadata Adds the file computed_hashes.json"="5/17/2019 8:46 AM, 5638 bytes, A Adds the file verified_contents.json"="4/10/2019 4:14 PM, 7173 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\config Adds the file config.json"="4/10/2019 4:14 PM, 1520 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\icons Adds the file icon128.png"="5/17/2019 8:46 AM, 7128 bytes, A Adds the file icon16.png"="4/10/2019 4:14 PM, 452 bytes, A Adds the file icon19disabled.png"="4/10/2019 4:14 PM, 470 bytes, A Adds the file icon19on.png"="5/17/2019 8:46 AM, 788 bytes, A Adds the file icon48.png"="5/17/2019 8:46 AM, 2566 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js Adds the file ajax.js"="4/10/2019 4:14 PM, 3263 bytes, A Adds the file babAPI.js"="4/10/2019 4:14 PM, 5703 bytes, A Adds the file babClickHandler.js"="4/10/2019 4:14 PM, 11414 bytes, A Adds the file babContentScript.js"="4/10/2019 4:14 PM, 3275 bytes, A Adds the file babContentScriptAPI.js"="4/10/2019 4:14 PM, 5934 bytes, A Adds the file background.js"="4/10/2019 4:14 PM, 22384 bytes, A Adds the file browserUtils.js"="4/10/2019 4:14 PM, 1532 bytes, A Adds the file chrome.js"="4/10/2019 4:14 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="4/10/2019 4:14 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="4/10/2019 4:14 PM, 1213 bytes, A Adds the file dlp.js"="4/10/2019 4:14 PM, 5815 bytes, A Adds the file dlpHelper.js"="4/10/2019 4:14 PM, 1835 bytes, A Adds the file extensionDetect.js"="4/10/2019 4:14 PM, 4354 bytes, A Adds the file index.js"="4/10/2019 4:14 PM, 49 bytes, A Adds the file localStorageContentScript.js"="4/10/2019 4:14 PM, 2236 bytes, A Adds the file logger.js"="4/10/2019 4:14 PM, 516 bytes, A Adds the file meta.js"="4/10/2019 4:14 PM, 513 bytes, A Adds the file offerService.js"="4/10/2019 4:14 PM, 16950 bytes, A Adds the file pageUtils.js"="4/10/2019 4:14 PM, 3574 bytes, A Adds the file PartnerId.js"="4/10/2019 4:14 PM, 16402 bytes, A Adds the file polyfill.js"="4/10/2019 4:14 PM, 875 bytes, A Adds the file product.js"="4/10/2019 4:14 PM, 8604 bytes, A Adds the file remoteConfigLoader.js"="4/10/2019 4:14 PM, 4961 bytes, A Adds the file splashPageLocalStorageSetter.js"="4/10/2019 4:14 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="4/10/2019 4:14 PM, 2868 bytes, A Adds the file storageUtils.js"="4/10/2019 4:14 PM, 1718 bytes, A Adds the file TemplateParser.js"="4/10/2019 4:14 PM, 3153 bytes, A Adds the file ul.js"="4/10/2019 4:14 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="4/10/2019 4:14 PM, 2498 bytes, A Adds the file urlUtils.js"="4/10/2019 4:14 PM, 5906 bytes, A Adds the file util.js"="4/10/2019 4:14 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="4/10/2019 4:14 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="4/10/2019 4:14 PM, 7589 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ankipdcagabohpndekpgemlmkpgljfgd Adds the file 000003.log"="5/17/2019 8:46 AM, 5325 bytes, A Adds the file CURRENT"="5/17/2019 8:46 AM, 16 bytes, A Adds the file LOCK"="5/17/2019 8:46 AM, 0 bytes, A Adds the file LOG"="5/17/2019 8:46 AM, 185 bytes, A Adds the file MANIFEST-000001"="5/17/2019 8:46 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ShoppingDealsLiveTooltab Adds the file TooltabExtension.dll"="3/5/2019 4:29 PM, 266864 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _qwMembers_@free.shoppingdealslive.com.xpi"="5/17/2019 8:43 AM, 74917 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ankipdcagabohpndekpgemlmkpgljfgd"="REG_SZ", "EB3E32E9452807C11A04D1520CAD3D1C6954971F3A2A27E793A24DDD64F92B84" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/shoppingdealslive/ttab02/index.html?n={n}&p2={p2}5ETTAB02&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingDealsLiveTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "ShoppingDealsLive Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\ShoppingDealsLiveTooltab\TooltabExtension.dll" U uninstall:ShoppingDealsLive" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\ShoppingDealsLive] "Start Page"="REG_SZ", "http://hp.myway.com/shoppingdealslive/ttab02/index.html?n={n}&p2={p22}TTAB02&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c={ptb}&ptb={p22}TTAB02" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/17/19 Scan Time: 10:09 AM Log File: 1da56b0d-787b-11e9-9328-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.10638 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236343 Threats Detected: 87 Threats Quarantined: 87 Time Elapsed: 7 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\ShoppingDealsLiveTooltab\TooltabExtension.dll, Quarantined, [633], [522361],1.0.10638 Registry Key: 2 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShoppingDealsLiveTooltab Uninstall Internet Explorer, Quarantined, [633], [522361],1.0.10638 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\ShoppingDealsLive, Quarantined, [1756], [444113],1.0.10638 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShoppingDealsLiveTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [633], [352442],1.0.10638 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\ShoppingDealsLive|START PAGE, Quarantined, [1756], [444113],1.0.10638 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ankipdcagabohpndekpgemlmkpgljfgd, Quarantined, [1756], [456842],1.0.10638 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [633], [293497],1.0.10638 Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\SHOPPINGDEALSLIVETOOLTAB, Quarantined, [633], [522361],1.0.10638 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ankipdcagabohpndekpgemlmkpgljfgd, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\es_419, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\pt_BR, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\pt_PT, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\de, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\en, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\es, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\fr, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\it, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\ja, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_metadata, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\config, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\icons, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ANKIPDCAGABOHPNDEKPGEMLMKPGLJFGD\13.870.15.10859_0, Quarantined, [1756], [456842],1.0.10638 File: 62 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_qwMembers_@free.shoppingdealslive.com.xpi, Quarantined, [1756], [457930],1.0.10638 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\ShoppingDealsLiveTooltab\TooltabExtension.dll, Quarantined, [633], [522361],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ankipdcagabohpndekpgemlmkpgljfgd\000003.log, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ankipdcagabohpndekpgemlmkpgljfgd\CURRENT, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ankipdcagabohpndekpgemlmkpgljfgd\LOCK, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ankipdcagabohpndekpgemlmkpgljfgd\LOG, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ankipdcagabohpndekpgemlmkpgljfgd\MANIFEST-000001, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ANKIPDCAGABOHPNDEKPGEMLMKPGLJFGD\13.870.15.10859_0\CONFIG\CONFIG.JSON, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\icons\icon128.png, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\icons\icon16.png, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\icons\icon19disabled.png, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\icons\icon19on.png, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\icons\icon48.png, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\meta.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\ajax.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\babAPI.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\babClickHandler.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\babContentScript.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\babContentScriptAPI.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\background.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\browserUtils.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\chrome.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\contentScriptConnectionManager.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\dateTimeUtils.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\dlp.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\dlpHelper.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\extensionDetect.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\index.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\localStorageContentScript.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\logger.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\offerService.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\pageUtils.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\PartnerId.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\polyfill.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\product.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\remoteConfigLoader.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\splashPageLocalStorageSetter.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\splashPageRedirectHandler.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\storageUtils.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\TemplateParser.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\ul.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\urlFragmentActions.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\urlUtils.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\util.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\webtooltabAPI.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\js\webTooltabAPIProxy.js, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\de\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\en\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\es\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\es_419\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\fr\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\it\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\ja\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\pt_BR\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_locales\pt_PT\messages.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_metadata\computed_hashes.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\_metadata\verified_contents.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\manifest.json, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankipdcagabohpndekpgemlmkpgljfgd\13.870.15.10859_0\newtabpage.html, Quarantined, [1756], [456842],1.0.10638 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\SHOPPINGDEALSLIVE.EXE, Quarantined, [633], [365288],1.0.10638 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  11. What is BabyNameReady?The Malwarebytes research team has determined that BabyNameReady is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.BabyNameReady is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by BabyNameReady?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did BabyNameReady get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded through their website.How do I remove BabyNameReady?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of BabyNameReady? No, Malwarebytes' Anti-Malware removes BabyNameReady completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the BabyNameReady hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/babynameready/ttab02/index.html?n=78584349&p2=%5ECXB%5Emni000%5ETTAB02&ptb=154A4154-4E8C-4C94-B42F-12CB47AB2DCD&coid=d9f5fb3682eb48f7bd3116981bf02292 FF HomepageOverride: Mozilla\Firefox\Profiles\60l2dg92.default-1519559592148 -> Enabled: _pzMembers_@free.babynameready.com FF NewTabOverride: Mozilla\Firefox\Profiles\60l2dg92.default-1519559592148 -> Enabled: _pzMembers_@free.babynameready.com FF Extension: (BabyNameReady) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\60l2dg92.default-1519559592148\Extensions\_pzMembers_@free.babynameready.com.xpi [2019-05-03] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=237595636&version=8.901.15.17902&track=TTAB02&trackRevision=1&fromId=_pzMembers_%40free.babynameready.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://jlfoapcnmonpohakehifommnmogdanob/newtabpage.html" CHR Extension: (BabyNameReady) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob [2019-05-03] C:\Users\{username}\AppData\Local\BabyNameReadyTooltab BabyNameReady Internet Explorer Homepage and New Tab (HKCU\...\BabyNameReadyTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\BabyNameReadyTooltab Adds the file TooltabExtension.dll"="3/6/2019 5:39 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0 Adds the file manifest.json"="5/3/2019 1:37 PM, 2686 bytes, A Adds the file newtabpage.html"="4/11/2019 8:09 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_metadata Adds the file computed_hashes.json"="5/3/2019 1:37 PM, 5638 bytes, A Adds the file verified_contents.json"="4/11/2019 8:09 PM, 7173 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\config Adds the file config.json"="4/11/2019 8:09 PM, 1485 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\icons Adds the file icon128.png"="5/3/2019 1:37 PM, 8973 bytes, A Adds the file icon16.png"="4/11/2019 8:09 PM, 1345 bytes, A Adds the file icon19disabled.png"="4/11/2019 8:09 PM, 1744 bytes, A Adds the file icon19on.png"="5/3/2019 1:37 PM, 975 bytes, A Adds the file icon48.png"="5/3/2019 1:37 PM, 3480 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js Adds the file ajax.js"="4/11/2019 8:09 PM, 3263 bytes, A Adds the file babAPI.js"="4/11/2019 8:09 PM, 5703 bytes, A Adds the file babClickHandler.js"="4/11/2019 8:09 PM, 11414 bytes, A Adds the file babContentScript.js"="4/11/2019 8:09 PM, 3275 bytes, A Adds the file babContentScriptAPI.js"="4/11/2019 8:09 PM, 5934 bytes, A Adds the file background.js"="4/11/2019 8:09 PM, 22384 bytes, A Adds the file browserUtils.js"="4/11/2019 8:09 PM, 1532 bytes, A Adds the file chrome.js"="4/11/2019 8:09 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="4/11/2019 8:09 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="4/11/2019 8:09 PM, 1213 bytes, A Adds the file dlp.js"="4/11/2019 8:09 PM, 5815 bytes, A Adds the file dlpHelper.js"="4/11/2019 8:09 PM, 1835 bytes, A Adds the file extensionDetect.js"="4/11/2019 8:09 PM, 4354 bytes, A Adds the file index.js"="4/11/2019 8:09 PM, 49 bytes, A Adds the file localStorageContentScript.js"="4/11/2019 8:09 PM, 2236 bytes, A Adds the file logger.js"="4/11/2019 8:09 PM, 516 bytes, A Adds the file meta.js"="4/11/2019 8:09 PM, 513 bytes, A Adds the file offerService.js"="4/11/2019 8:09 PM, 16950 bytes, A Adds the file pageUtils.js"="4/11/2019 8:09 PM, 3574 bytes, A Adds the file PartnerId.js"="4/11/2019 8:09 PM, 16402 bytes, A Adds the file polyfill.js"="4/11/2019 8:09 PM, 875 bytes, A Adds the file product.js"="4/11/2019 8:09 PM, 8604 bytes, A Adds the file remoteConfigLoader.js"="4/11/2019 8:09 PM, 4961 bytes, A Adds the file splashPageLocalStorageSetter.js"="4/11/2019 8:09 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="4/11/2019 8:09 PM, 2868 bytes, A Adds the file storageUtils.js"="4/11/2019 8:09 PM, 1718 bytes, A Adds the file TemplateParser.js"="4/11/2019 8:09 PM, 3153 bytes, A Adds the file ul.js"="4/11/2019 8:09 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="4/11/2019 8:09 PM, 2498 bytes, A Adds the file urlUtils.js"="4/11/2019 8:09 PM, 5906 bytes, A Adds the file util.js"="4/11/2019 8:09 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="4/11/2019 8:09 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="4/11/2019 8:09 PM, 7589 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlfoapcnmonpohakehifommnmogdanob Adds the file 000003.log"="5/3/2019 1:37 PM, 6188 bytes, A Adds the file CURRENT"="5/3/2019 1:37 PM, 16 bytes, A Adds the file LOCK"="5/3/2019 1:37 PM, 0 bytes, A Adds the file LOG"="5/3/2019 1:37 PM, 185 bytes, A Adds the file MANIFEST-000001"="5/3/2019 1:37 PM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\60l2dg92.default-1519559592148\extensions Adds the file _pzMembers_@free.babynameready.com.xpi"="5/3/2019 1:35 PM, 85589 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\BabyNameReady] "Start Page"="REG_SZ", "http://hp.myway.com/babynameready/ttab02/index.html?n=78584349&p2=^CXB^mni000^TTAB02&ptb=154A4154-4E8C-4C94-B42F-12CB47AB2DCD&coid=d9f5fb3682eb48f7bd3116981bf02292" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c=154A4154-4E8C-4C94-B42F-12CB47AB2DCD&ptb=^CXB^mni000^TTAB02" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jlfoapcnmonpohakehifommnmogdanob"="REG_SZ", "1AE33B846C467E028128136FD9179A9437EADAA3CDDD49C875654C07943D4DC6" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/babynameready/ttab02/index.html?n=78584349&p2=^CXB^mni000^TTAB02&ptb=154A4154-4E8C-4C94-B42F-12CB47AB2DCD&coid=d9f5fb3682eb48f7bd3116981bf02292" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabyNameReadyTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "BabyNameReady Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\BabyNameReadyTooltab\TooltabExtension.dll" U uninstall:BabyNameReady" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/3/19 Scan Time: 1:46 PM Log File: 24ace5c0-6d99-11e9-b4c0-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10446 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236308 Threats Detected: 87 Threats Quarantined: 87 Time Elapsed: 8 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\BabyNameReadyTooltab\TooltabExtension.dll, Quarantined, [1750], [356944],1.0.10446 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BabyNameReadyTooltab Uninstall Internet Explorer, Quarantined, [1750], [356944],1.0.10446 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\BabyNameReady, Quarantined, [1750], [444113],1.0.10446 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BabyNameReadyTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [629], [352442],1.0.10446 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\BabyNameReady|START PAGE, Quarantined, [1750], [444113],1.0.10446 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jlfoapcnmonpohakehifommnmogdanob, Quarantined, [1750], [443121],1.0.10446 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [629], [293497],1.0.10446 Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\BabyNameReadyTooltab, Quarantined, [1750], [356944],1.0.10446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\jlfoapcnmonpohakehifommnmogdanob, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\es_419, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\pt_BR, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\pt_PT, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\de, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\en, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\es, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\fr, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\it, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\ja, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_metadata, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\config, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\icons, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLFOAPCNMONPOHAKEHIFOMMNMOGDANOB, Quarantined, [1750], [443121],1.0.10446 File: 62 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\BabyNameReadyTooltab\TooltabExtension.dll, Quarantined, [1750], [356944],1.0.10446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60L2DG92.DEFAULT-1519559592148\EXTENSIONS\_pzMembers_@free.babynameready.com.xpi, Quarantined, [1750], [457930],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlfoapcnmonpohakehifommnmogdanob\000003.log, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlfoapcnmonpohakehifommnmogdanob\CURRENT, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlfoapcnmonpohakehifommnmogdanob\LOCK, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlfoapcnmonpohakehifommnmogdanob\LOG, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlfoapcnmonpohakehifommnmogdanob\MANIFEST-000001, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLFOAPCNMONPOHAKEHIFOMMNMOGDANOB\13.870.15.12229_0\MANIFEST.JSON, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\config\config.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\icons\icon128.png, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\icons\icon16.png, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\icons\icon19disabled.png, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\icons\icon19on.png, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\icons\icon48.png, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\meta.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\ajax.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\babAPI.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\babClickHandler.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\babContentScript.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\babContentScriptAPI.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\background.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\browserUtils.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\chrome.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\contentScriptConnectionManager.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\dateTimeUtils.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\dlp.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\dlpHelper.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\extensionDetect.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\index.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\localStorageContentScript.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\logger.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\offerService.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\pageUtils.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\PartnerId.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\polyfill.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\product.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\remoteConfigLoader.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\splashPageLocalStorageSetter.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\splashPageRedirectHandler.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\storageUtils.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\TemplateParser.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\ul.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\urlFragmentActions.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\urlUtils.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\util.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\webtooltabAPI.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\js\webTooltabAPIProxy.js, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\de\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\en\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\es\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\es_419\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\fr\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\it\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\ja\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\pt_BR\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_locales\pt_PT\messages.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_metadata\computed_hashes.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\_metadata\verified_contents.json, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfoapcnmonpohakehifommnmogdanob\13.870.15.12229_0\newtabpage.html, Quarantined, [1750], [443121],1.0.10446 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\BABYNAMEREADY.EXE, Quarantined, [629], [365288],1.0.10446 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  12. What is GetFlightInfo?The Malwarebytes research team has determined that GetFlightInfo is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by GetFlightInfo?You may see this browser extension:these warnings during install:You may see this icon in your browsers menu-bar:this new startpage:and this new settings:How did GetFlightInfo get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:and this is their website:How do I remove GetFlightInfo?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GetFlightInfo? No, Malwarebytes' Anti-Malware removes GetFlightInfo completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the GetFlightInfo hijacker. We block traffic to their domain, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: CHR NewTab: Default -> Active:"chrome-extension://dddpdjidpiddnldfpabcelinhoknaphc/newtabpage.html" CHR Extension: (GetFlightInfo) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc [2019-05-02] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0 Adds the file manifest.json"="5/2/2019 10:47 AM, 2669 bytes, A Adds the file newtabpage.html"="4/10/2019 12:20 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\_locales\en Adds the file messages.json"="5/2/2019 10:47 AM, 196 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\_metadata Adds the file computed_hashes.json"="5/2/2019 10:47 AM, 5638 bytes, A Adds the file verified_contents.json"="4/10/2019 12:20 PM, 6147 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\config Adds the file config.json"="4/10/2019 12:20 PM, 1492 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\icons Adds the file icon128.png"="5/2/2019 10:47 AM, 7572 bytes, A Adds the file icon16.png"="4/10/2019 12:20 PM, 1712 bytes, A Adds the file icon19disabled.png"="4/10/2019 12:20 PM, 1586 bytes, A Adds the file icon19on.png"="5/2/2019 10:47 AM, 795 bytes, A Adds the file icon48.png"="5/2/2019 10:47 AM, 2825 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js Adds the file ajax.js"="4/10/2019 12:20 PM, 3263 bytes, A Adds the file babAPI.js"="4/10/2019 12:20 PM, 5703 bytes, A Adds the file babClickHandler.js"="4/10/2019 12:20 PM, 11414 bytes, A Adds the file babContentScript.js"="4/10/2019 12:20 PM, 3275 bytes, A Adds the file babContentScriptAPI.js"="4/10/2019 12:20 PM, 5934 bytes, A Adds the file background.js"="4/10/2019 12:20 PM, 22384 bytes, A Adds the file browserUtils.js"="4/10/2019 12:20 PM, 1532 bytes, A Adds the file chrome.js"="4/10/2019 12:20 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="4/10/2019 12:20 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="4/10/2019 12:20 PM, 1213 bytes, A Adds the file dlp.js"="4/10/2019 12:20 PM, 5815 bytes, A Adds the file dlpHelper.js"="4/10/2019 12:20 PM, 1835 bytes, A Adds the file extensionDetect.js"="4/10/2019 12:20 PM, 4354 bytes, A Adds the file index.js"="4/10/2019 12:20 PM, 49 bytes, A Adds the file localStorageContentScript.js"="4/10/2019 12:20 PM, 2236 bytes, A Adds the file logger.js"="4/10/2019 12:20 PM, 516 bytes, A Adds the file meta.js"="4/10/2019 12:20 PM, 513 bytes, A Adds the file offerService.js"="4/10/2019 12:20 PM, 16950 bytes, A Adds the file pageUtils.js"="4/10/2019 12:20 PM, 3574 bytes, A Adds the file PartnerId.js"="4/10/2019 12:20 PM, 16402 bytes, A Adds the file polyfill.js"="4/10/2019 12:20 PM, 875 bytes, A Adds the file product.js"="4/10/2019 12:20 PM, 8604 bytes, A Adds the file remoteConfigLoader.js"="4/10/2019 12:20 PM, 4961 bytes, A Adds the file splashPageLocalStorageSetter.js"="4/10/2019 12:20 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="4/10/2019 12:20 PM, 2868 bytes, A Adds the file storageUtils.js"="4/10/2019 12:20 PM, 1718 bytes, A Adds the file TemplateParser.js"="4/10/2019 12:20 PM, 3153 bytes, A Adds the file ul.js"="4/10/2019 12:20 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="4/10/2019 12:20 PM, 2498 bytes, A Adds the file urlUtils.js"="4/10/2019 12:20 PM, 5906 bytes, A Adds the file util.js"="4/10/2019 12:20 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="4/10/2019 12:20 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="4/10/2019 12:20 PM, 7589 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dddpdjidpiddnldfpabcelinhoknaphc Adds the file 000003.log"="5/2/2019 10:48 AM, 2550 bytes, A Adds the file CURRENT"="5/2/2019 10:47 AM, 16 bytes, A Adds the file LOCK"="5/2/2019 10:47 AM, 0 bytes, A Adds the file LOG"="5/2/2019 10:47 AM, 184 bytes, A Adds the file MANIFEST-000001"="5/2/2019 10:47 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "dddpdjidpiddnldfpabcelinhoknaphc"="REG_SZ", "17909BF528822213BFD91826C8D90D0E04009C9B599FCA510D2A5C92C2B55291" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/2/19 Scan Time: 11:00 AM Log File: c151c29c-6cb8-11e9-9491-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10426 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236292 Threats Detected: 61 Threats Quarantined: 61 Time Elapsed: 5 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|dddpdjidpiddnldfpabcelinhoknaphc, Quarantined, [628], [180912],1.0.10426 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\_locales\en, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\_metadata, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\_locales, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\config, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\icons, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\dddpdjidpiddnldfpabcelinhoknaphc, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DDDPDJIDPIDDNLDFPABCELINHOKNAPHC, Quarantined, [628], [180912],1.0.10426 File: 51 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\config\config.json, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\icons\icon128.png, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\icons\icon16.png, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\icons\icon19disabled.png, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\icons\icon19on.png, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\icons\icon48.png, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\meta.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\ajax.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\babAPI.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\babClickHandler.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\babContentScript.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\babContentScriptAPI.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\background.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\browserUtils.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\chrome.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\contentScriptConnectionManager.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\dateTimeUtils.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\dlp.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\dlpHelper.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\extensionDetect.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\index.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\localStorageContentScript.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\logger.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\offerService.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\pageUtils.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\PartnerId.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\polyfill.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\product.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\remoteConfigLoader.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\splashPageLocalStorageSetter.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\splashPageRedirectHandler.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\storageUtils.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\TemplateParser.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\ul.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\urlFragmentActions.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\urlUtils.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\util.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\webtooltabAPI.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\js\webTooltabAPIProxy.js, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\_locales\en\messages.json, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\_metadata\computed_hashes.json, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\_metadata\verified_contents.json, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\manifest.json, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dddpdjidpiddnldfpabcelinhoknaphc\13.870.15.10317_0\newtabpage.html, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dddpdjidpiddnldfpabcelinhoknaphc\000003.log, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dddpdjidpiddnldfpabcelinhoknaphc\CURRENT, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dddpdjidpiddnldfpabcelinhoknaphc\LOCK, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dddpdjidpiddnldfpabcelinhoknaphc\LOG, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dddpdjidpiddnldfpabcelinhoknaphc\MANIFEST-000001, Quarantined, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [628], [180912],1.0.10426 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [628], [180912],1.0.10426 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  13. What is BitcoinPriceSearch?The Malwarebytes research team has determined that BitcoinPriceSearch is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.BitcoinPriceSearch is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by BitcoinPriceSearch?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did BitcoinPriceSearch get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove BitcoinPriceSearch?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of BitcoinPriceSearch? No, Malwarebytes' Anti-Malware removes BitcoinPriceSearch completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the BitcoinPriceSearch hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/bitcoinpricesearch/ttab02/index.html?n={n}&p2={p2}TAB02&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _r0Members_@free.bitcoinpricesearch.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _r0Members_@free.bitcoinpricesearch.com FF Extension: (BitcoinPriceSearch) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_r0Members_@free.bitcoinpricesearch.com.xpi [2019-04-04] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id={id}&version=8.885.14.36451&track=TTAB02&trackRevision=1&fromId=_r0Members_%40free.bitcoinpricesearch.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://gilkckpjbneflhmghfljlacoljlogfik/newtabproduct.html" CHR Extension: (BitcoinPriceSearch) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik [2019-04-04] C:\Users\{username}\AppData\Local\BitcoinPriceSearchTooltab (Mindspark Interactive Network, Inc.) C:\Users\{username}\Downloads\bitcoinpricesearch.exe BitcoinPriceSearch Internet Explorer Homepage and New Tab (HKCU\...\BitcoinPriceSearchTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\BitcoinPriceSearchTooltab Adds the file TooltabExtension.dll"="8/20/2018 8:35 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0 Adds the file manifest.json"="4/4/2019 9:05 AM, 2714 bytes, A Adds the file newtabproduct.html"="3/6/2019 11:57 AM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_metadata Adds the file computed_hashes.json"="4/4/2019 9:05 AM, 5641 bytes, A Adds the file verified_contents.json"="3/6/2019 11:57 AM, 7177 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\config Adds the file config.json"="3/6/2019 11:57 AM, 1529 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\icons Adds the file icon128.png"="4/4/2019 9:05 AM, 5788 bytes, A Adds the file icon16.png"="3/6/2019 11:57 AM, 472 bytes, A Adds the file icon19disabled.png"="3/6/2019 11:57 AM, 425 bytes, A Adds the file icon19on.png"="4/4/2019 9:05 AM, 639 bytes, A Adds the file icon48.png"="4/4/2019 9:05 AM, 2137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js Adds the file ajax.js"="3/6/2019 11:57 AM, 3263 bytes, A Adds the file babAPI.js"="3/6/2019 11:57 AM, 5703 bytes, A Adds the file babClickHandler.js"="3/6/2019 11:57 AM, 11414 bytes, A Adds the file babContentScript.js"="3/6/2019 11:57 AM, 3275 bytes, A Adds the file babContentScriptAPI.js"="3/6/2019 11:57 AM, 5934 bytes, A Adds the file background.js"="3/6/2019 11:57 AM, 22384 bytes, A Adds the file browserUtils.js"="3/6/2019 11:57 AM, 1532 bytes, A Adds the file chrome.js"="3/6/2019 11:57 AM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="3/6/2019 11:57 AM, 22629 bytes, A Adds the file dateTimeUtils.js"="3/6/2019 11:57 AM, 1213 bytes, A Adds the file dlp.js"="3/6/2019 11:57 AM, 5815 bytes, A Adds the file dlpHelper.js"="3/6/2019 11:57 AM, 1835 bytes, A Adds the file extensionDetect.js"="3/6/2019 11:57 AM, 4354 bytes, A Adds the file index.js"="3/6/2019 11:57 AM, 49 bytes, A Adds the file localStorageContentScript.js"="3/6/2019 11:57 AM, 2236 bytes, A Adds the file logger.js"="3/6/2019 11:57 AM, 516 bytes, A Adds the file meta.js"="3/6/2019 11:57 AM, 516 bytes, A Adds the file offerService.js"="3/6/2019 11:57 AM, 16950 bytes, A Adds the file pageUtils.js"="3/6/2019 11:57 AM, 3577 bytes, A Adds the file PartnerId.js"="3/6/2019 11:57 AM, 16402 bytes, A Adds the file polyfill.js"="3/6/2019 11:57 AM, 875 bytes, A Adds the file product.js"="3/6/2019 11:57 AM, 8604 bytes, A Adds the file remoteConfigLoader.js"="3/6/2019 11:57 AM, 4961 bytes, A Adds the file splashPageLocalStorageSetter.js"="3/6/2019 11:57 AM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="3/6/2019 11:57 AM, 2868 bytes, A Adds the file storageUtils.js"="3/6/2019 11:57 AM, 1718 bytes, A Adds the file TemplateParser.js"="3/6/2019 11:57 AM, 3153 bytes, A Adds the file ul.js"="3/6/2019 11:57 AM, 3969 bytes, A Adds the file urlFragmentActions.js"="3/6/2019 11:57 AM, 2498 bytes, A Adds the file urlUtils.js"="3/6/2019 11:57 AM, 5906 bytes, A Adds the file util.js"="3/6/2019 11:57 AM, 2779 bytes, A Adds the file webtooltabAPI.js"="3/6/2019 11:57 AM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="3/6/2019 11:57 AM, 7589 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gilkckpjbneflhmghfljlacoljlogfik Adds the file 000003.log"="4/4/2019 9:06 AM, 5872 bytes, A Adds the file CURRENT"="4/4/2019 9:05 AM, 16 bytes, A Adds the file LOCK"="4/4/2019 9:05 AM, 0 bytes, A Adds the file LOG"="4/4/2019 9:06 AM, 184 bytes, A Adds the file MANIFEST-000001"="4/4/2019 9:05 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_r0Members_@free.bitcoinpricesearch.com Adds the file storage.js"="4/4/2019 9:04 AM, 2768 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _r0Members_@free.bitcoinpricesearch.com.xpi"="4/4/2019 9:04 AM, 67297 bytes, A In the existing folder C:\Users\{username}\Downloads Adds the file bitcoinpricesearch.exe"="4/4/2019 8:59 AM, 373248 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\BitcoinPriceSearch] "Start Page"="REG_SZ", "http://hp.myway.com/bitcoinpricesearch/ttab02/index.html?n={n}&p2={p2}TAB02&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2%3Fc%3D{ptb}%26ptb%3D{p2}TAB02" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "gilkckpjbneflhmghfljlacoljlogfik"="REG_SZ", "7131FF6644F47BB730191B60F955CB6A3AA8A620C4FD4BD1092C67B4C18605C0" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/bitcoinpricesearch/ttab02/index.html?n={n}&p2={p2}TAB02&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitcoinPriceSearchTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "BitcoinPriceSearch Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\BitcoinPriceSearchTooltab\TooltabExtension.dll" U uninstall:BitcoinPriceSearch" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/4/19 Scan Time: 9:17 AM Log File: aa9ebd22-56a9-11e9-8b1e-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.9998 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235986 Threats Detected: 88 Threats Quarantined: 88 Time Elapsed: 4 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\BitcoinPriceSearchTooltab\TooltabExtension.dll, Quarantined, [1737], [356944],1.0.9998 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BitcoinPriceSearchTooltab Uninstall Internet Explorer, Quarantined, [1737], [356944],1.0.9998 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\BitcoinPriceSearch, Quarantined, [1737], [444113],1.0.9998 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BitcoinPriceSearchTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [620], [352442],1.0.9998 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\BitcoinPriceSearch|START PAGE, Quarantined, [1737], [444113],1.0.9998 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gilkckpjbneflhmghfljlacoljlogfik, Quarantined, [1737], [443121],1.0.9998 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [620], [293497],1.0.9998 Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\BitcoinPriceSearchTooltab, Quarantined, [1737], [356944],1.0.9998 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_r0Members_@free.bitcoinpricesearch.com, Quarantined, [1737], [468075],1.0.9998 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\gilkckpjbneflhmghfljlacoljlogfik, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\es_419, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\pt_BR, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\pt_PT, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\de, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\en, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\es, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\fr, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\it, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\ja, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_metadata, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\config, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\icons, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GILKCKPJBNEFLHMGHFLJLACOLJLOGFIK, Quarantined, [1737], [443121],1.0.9998 File: 62 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\BitcoinPriceSearchTooltab\TooltabExtension.dll, Quarantined, [1737], [356944],1.0.9998 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_r0Members_@free.bitcoinpricesearch.com.xpi, Quarantined, [1737], [457930],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_r0Members_@free.bitcoinpricesearch.com\storage.js, Quarantined, [1737], [468075],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gilkckpjbneflhmghfljlacoljlogfik\000003.log, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gilkckpjbneflhmghfljlacoljlogfik\CURRENT, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gilkckpjbneflhmghfljlacoljlogfik\LOCK, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gilkckpjbneflhmghfljlacoljlogfik\LOG, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gilkckpjbneflhmghfljlacoljlogfik\MANIFEST-000001, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GILKCKPJBNEFLHMGHFLJLACOLJLOGFIK\13.855.14.60975_0\MANIFEST.JSON, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\config\config.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\icons\icon128.png, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\icons\icon16.png, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\icons\icon19disabled.png, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\icons\icon19on.png, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\icons\icon48.png, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\meta.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\ajax.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\babAPI.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\babClickHandler.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\babContentScript.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\babContentScriptAPI.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\background.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\browserUtils.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\chrome.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\contentScriptConnectionManager.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\dateTimeUtils.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\dlp.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\dlpHelper.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\extensionDetect.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\index.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\localStorageContentScript.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\logger.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\offerService.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\pageUtils.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\PartnerId.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\polyfill.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\product.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\remoteConfigLoader.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\splashPageLocalStorageSetter.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\splashPageRedirectHandler.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\storageUtils.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\TemplateParser.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\ul.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\urlFragmentActions.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\urlUtils.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\util.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\webtooltabAPI.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\js\webTooltabAPIProxy.js, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\de\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\en\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\es\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\es_419\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\fr\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\it\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\ja\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\pt_BR\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_locales\pt_PT\messages.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_metadata\computed_hashes.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\_metadata\verified_contents.json, Quarantined, [1737], [443121],1.0.9998 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilkckpjbneflhmghfljlacoljlogfik\13.855.14.60975_0\newtabproduct.html, Quarantined, [1737], [443121],1.0.9998 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  14. What is DailyFunnyWorld?The Malwarebytes research team has determined that DailyFunnyWorld is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.DailyFunnyWorld is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by DailyFunnyWorld?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:this icon in the menubar of some of the affected browsers:and this new homepage in the affected browsers:How did DailyFunnyWorld get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove DailyFunnyWorld?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of DailyFunnyWorld? No, Malwarebytes' Anti-Malware removes DailyFunnyWorld completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the DailyFunnyWorld hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/dailyfunnyworld/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _roMembers_@free.dailyfunnyworld.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _roMembers_@free.dailyfunnyworld.com FF Extension: (DailyFunnyWorld) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_roMembers_@free.dailyfunnyworld.com.xpi [2019-02-28] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=239939196&version=8.885.14.36697&track=TTAB02&trackRevision=1&fromId=_roMembers_%40free.dailyfunnyworld.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://oiedaodjjdfnkfjaphcklblcolefkigc/newtabproduct.html" CHR Extension: (DailyFunnyWorld) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc [2019-02-28] C:\Users\{username}\AppData\Local\DailyFunnyWorldTooltab DailyFunnyWorld Internet Explorer Homepage and New Tab (HKCU\...\DailyFunnyWorldTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\DailyFunnyWorldTooltab Adds the file TooltabExtension.dll"="6/22/2018 6:22 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0 Adds the file manifest.json"="2/28/2019 9:00 AM, 2699 bytes, A Adds the file newtabproduct.html"="2/8/2019 3:01 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_metadata Adds the file computed_hashes.json"="2/28/2019 9:00 AM, 5641 bytes, A Adds the file verified_contents.json"="2/8/2019 3:01 PM, 7177 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\config Adds the file config.json"="2/8/2019 3:01 PM, 1499 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js Adds the file ajax.js"="2/8/2019 3:01 PM, 3263 bytes, A Adds the file babAPI.js"="2/8/2019 3:01 PM, 5703 bytes, A Adds the file babClickHandler.js"="2/8/2019 3:01 PM, 11414 bytes, A Adds the file babContentScript.js"="2/8/2019 3:01 PM, 3275 bytes, A Adds the file babContentScriptAPI.js"="2/8/2019 3:01 PM, 5934 bytes, A Adds the file background.js"="2/8/2019 3:01 PM, 22384 bytes, A Adds the file browserUtils.js"="2/8/2019 3:01 PM, 1532 bytes, A Adds the file chrome.js"="2/8/2019 3:01 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="2/8/2019 3:01 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="2/8/2019 3:01 PM, 1213 bytes, A Adds the file dlp.js"="2/8/2019 3:01 PM, 5815 bytes, A Adds the file dlpHelper.js"="2/8/2019 3:01 PM, 1835 bytes, A Adds the file extensionDetect.js"="2/8/2019 3:01 PM, 4354 bytes, A Adds the file index.js"="2/8/2019 3:01 PM, 49 bytes, A Adds the file localStorageContentScript.js"="2/8/2019 3:01 PM, 2236 bytes, A Adds the file logger.js"="2/8/2019 3:01 PM, 516 bytes, A Adds the file meta.js"="2/8/2019 3:01 PM, 516 bytes, A Adds the file offerService.js"="2/8/2019 3:01 PM, 16950 bytes, A Adds the file pageUtils.js"="2/8/2019 3:01 PM, 3577 bytes, A Adds the file PartnerId.js"="2/8/2019 3:01 PM, 16402 bytes, A Adds the file polyfill.js"="2/8/2019 3:01 PM, 875 bytes, A Adds the file product.js"="2/8/2019 3:01 PM, 8604 bytes, A Adds the file remoteConfigLoader.js"="2/8/2019 3:01 PM, 4961 bytes, A Adds the file splashPageLocalStorageSetter.js"="2/8/2019 3:01 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="2/8/2019 3:01 PM, 2868 bytes, A Adds the file storageUtils.js"="2/8/2019 3:01 PM, 1718 bytes, A Adds the file TemplateParser.js"="2/8/2019 3:01 PM, 3153 bytes, A Adds the file ul.js"="2/8/2019 3:01 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="2/8/2019 3:01 PM, 2498 bytes, A Adds the file urlUtils.js"="2/8/2019 3:01 PM, 5906 bytes, A Adds the file util.js"="2/8/2019 3:01 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="2/8/2019 3:01 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="2/8/2019 3:01 PM, 7589 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc Adds the file 000003.log"="2/28/2019 9:02 AM, 5821 bytes, A Adds the file CURRENT"="2/28/2019 9:00 AM, 16 bytes, A Adds the file LOCK"="2/28/2019 9:00 AM, 0 bytes, A Adds the file LOG"="2/28/2019 9:02 AM, 412 bytes, A Adds the file LOG.old"="2/28/2019 9:00 AM, 184 bytes, A Adds the file MANIFEST-000001"="2/28/2019 9:00 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_roMembers_@free.dailyfunnyworld.com Adds the file storage.js"="2/28/2019 9:02 AM, 2723 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _roMembers_@free.dailyfunnyworld.com.xpi"="2/28/2019 8:57 AM, 95523 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\DailyFunnyWorld] "Start Page"="REG_SZ", "http://hp.myway.com/dailyfunnyworld/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D{ptb}%26ptb%3D{p2}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" ==> REG_SZ, "http://hp.myway.com/dailyfunnyworld/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DailyFunnyWorldTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "DailyFunnyWorld Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\DailyFunnyWorldTooltab\TooltabExtension.dll" U uninstall:DailyFunnyWorld" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/28/19 Scan Time: 9:10 AM Log File: 4e1e18fd-3b30-11e9-9c2d-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9480 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236086 Threats Detected: 90 Threats Quarantined: 90 Time Elapsed: 5 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyFunnyWorldTooltab\TooltabExtension.dll, Quarantined, [1727], [356944],1.0.9480 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DailyFunnyWorldTooltab Uninstall Internet Explorer, Quarantined, [1727], [356944],1.0.9480 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\DailyFunnyWorld, Quarantined, [1727], [444113],1.0.9480 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\DailyFunnyWorld|START PAGE, Quarantined, [1727], [444113],1.0.9480 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DailyFunnyWorldTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [612], [352442],1.0.9480 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oiedaodjjdfnkfjaphcklblcolefkigc, Quarantined, [1727], [443121],1.0.9480 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [612], [293497],1.0.9480 Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyFunnyWorldTooltab, Quarantined, [1727], [356944],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_roMembers_@free.dailyfunnyworld.com, Quarantined, [1727], [468075],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\es_419, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\pt_BR, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\pt_PT, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\de, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\en, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\es, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\fr, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\it, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\ja, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_metadata, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\config, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OIEDAODJJDFNKFJAPHCKLBLCOLEFKIGC, Quarantined, [1727], [443121],1.0.9480 File: 64 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyFunnyWorldTooltab\TooltabExtension.dll, Quarantined, [1727], [356944],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_roMembers_@free.dailyfunnyworld.com.xpi, Quarantined, [1727], [457930],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_roMembers_@free.dailyfunnyworld.com\storage.js, Quarantined, [1727], [468075],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\000003.log, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\CURRENT, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\LOCK, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\LOG, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\LOG.old, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\MANIFEST-000001, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OIEDAODJJDFNKFJAPHCKLBLCOLEFKIGC\13.855.14.51548_0\MANIFEST.JSON, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\config\config.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon128.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon16.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon19disabled.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon19on.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon48.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\meta.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\ajax.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\babAPI.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\babClickHandler.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\babContentScript.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\babContentScriptAPI.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\background.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\browserUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\chrome.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\contentScriptConnectionManager.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\dateTimeUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\dlp.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\dlpHelper.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\extensionDetect.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\index.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\localStorageContentScript.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\logger.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\offerService.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\pageUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\PartnerId.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\polyfill.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\product.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\remoteConfigLoader.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\splashPageLocalStorageSetter.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\splashPageRedirectHandler.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\storageUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\TemplateParser.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\ul.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\urlFragmentActions.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\urlUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\util.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\webtooltabAPI.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\webTooltabAPIProxy.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\de\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\en\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\es\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\es_419\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\fr\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\it\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\ja\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\pt_BR\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\pt_PT\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_metadata\computed_hashes.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_metadata\verified_contents.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\newtabproduct.html, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\DAILYFUNNYWORLD.EXE, Quarantined, [612], [365288],1.0.9480 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  15. What is LearnTheLyrics?The Malwarebytes research team has determined that LearnTheLyrics is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.LearnTheLyrics is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by LearnTheLyrics?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did LearnTheLyrics get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove LearnTheLyrics?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of LearnTheLyrics? No, Malwarebytes' Anti-Malware removes LearnTheLyrics completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the LearnTheLyrics hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/learnthelyrics/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_rnMembers_@free.learnthelyrics.com.xpi [2018-12-05] CHR Extension: (LearnTheLyrics) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf [2018-12-05] C:\Users\{username}\AppData\Local\LearntheLyricsTooltab (Mindspark Interactive Network, Inc.) C:\Users\{username}\Desktop\learnthelyrics.exe LearntheLyrics Internet Explorer Homepage and New Tab (HKCU\...\LearntheLyricsTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0 Adds the file manifest.json"="12/5/2018 9:00 AM, 2498 bytes, A Adds the file newtabproduct.html"="8/20/2018 2:38 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\_metadata Adds the file computed_hashes.json"="12/5/2018 9:00 AM, 4346 bytes, A Adds the file verified_contents.json"="8/20/2018 2:38 PM, 5148 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\config Adds the file config.json"="8/20/2018 2:38 PM, 1756 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons Adds the file icon128.png"="12/5/2018 9:00 AM, 5866 bytes, A Adds the file icon16.png"="8/20/2018 2:38 PM, 1575 bytes, A Adds the file icon19disabled.png"="8/20/2018 2:38 PM, 1537 bytes, A Adds the file icon19on.png"="12/5/2018 9:00 AM, 735 bytes, A Adds the file icon48.png"="12/5/2018 9:00 AM, 1952 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js Adds the file ajax.js"="8/20/2018 2:38 PM, 2218 bytes, A Adds the file background.js"="8/20/2018 2:38 PM, 21378 bytes, A Adds the file browserUtils.js"="8/20/2018 2:38 PM, 912 bytes, A Adds the file chrome.js"="8/20/2018 2:38 PM, 146 bytes, A Adds the file content_script.js"="8/20/2018 2:38 PM, 2151 bytes, A Adds the file dlp.js"="8/20/2018 2:38 PM, 5659 bytes, A Adds the file dlpHelper.js"="8/20/2018 2:38 PM, 1799 bytes, A Adds the file extension_detect.js"="8/20/2018 2:38 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="8/20/2018 2:38 PM, 2855 bytes, A Adds the file index.js"="8/20/2018 2:38 PM, 49 bytes, A Adds the file initOfferCEF.js"="8/20/2018 2:38 PM, 8802 bytes, A Adds the file logger.js"="8/20/2018 2:38 PM, 541 bytes, A Adds the file offerService.js"="8/20/2018 2:38 PM, 10337 bytes, A Adds the file pageUtils.js"="8/20/2018 2:38 PM, 2805 bytes, A Adds the file PartnerId.js"="8/20/2018 2:38 PM, 16402 bytes, A Adds the file product.js"="8/20/2018 2:38 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="8/20/2018 2:38 PM, 2868 bytes, A Adds the file storage.js"="8/20/2018 2:38 PM, 1640 bytes, A Adds the file TabManager.js"="8/20/2018 2:38 PM, 151 bytes, A Adds the file TemplateParser.js"="8/20/2018 2:38 PM, 3038 bytes, A Adds the file ul.js"="8/20/2018 2:38 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="8/20/2018 2:38 PM, 1825 bytes, A Adds the file urlUtils.js"="8/20/2018 2:38 PM, 5349 bytes, A Adds the file util.js"="8/20/2018 2:38 PM, 2184 bytes, A Adds the file webtooltabAPI.js"="8/20/2018 2:38 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="8/20/2018 2:38 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf Adds the file 000003.log"="12/5/2018 9:01 AM, 5689 bytes, A Adds the file CURRENT"="12/5/2018 9:00 AM, 16 bytes, A Adds the file LOCK"="12/5/2018 9:00 AM, 0 bytes, A Adds the file LOG"="12/5/2018 9:01 AM, 412 bytes, A Adds the file LOG.old"="12/5/2018 9:00 AM, 185 bytes, A Adds the file MANIFEST-000001"="12/5/2018 9:00 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\LearntheLyricsTooltab Adds the file TooltabExtension.dll"="6/28/2018 11:23 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_rnMembers_@free.learnthelyrics.com Adds the file storage.js"="12/5/2018 9:01 AM, 2793 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _rnMembers_@free.learnthelyrics.com.xpi"="12/5/2018 8:56 AM, 60499 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "iekdaegkmghillhfecnncgepaapdfcgf"="REG_SZ", "655165ADF28A80A4BC2F03F3F8D43DE92F1A394253F199218E26511558C32B1D" [HKEY_CURRENT_USER\Software\LearntheLyrics] "Start Page"="REG_SZ", "http://hp.myway.com/learnthelyrics/ttab02/index.html?n={n}&p2=^CZS^mni000^TTAB02&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2F%3Fc%3D{ptb}%26ptb%3D{ptb2}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/learnthelyrics/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\LearntheLyricsTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "LearntheLyrics Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\LearntheLyricsTooltab\TooltabExtension.dll" U uninstall:LearntheLyrics" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/5/18 Scan Time: 9:08 AM Log File: e98e106c-f864-11e8-aa71-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8173 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237463 Threats Detected: 64 Threats Quarantined: 64 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\LearntheLyricsTooltab\TooltabExtension.dll, Quarantined, [1711], [356944],1.0.8173 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LearntheLyricsTooltab Uninstall Internet Explorer, Quarantined, [1711], [356944],1.0.8173 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\LearntheLyrics, Quarantined, [1711], [444113],1.0.8173 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\LearntheLyrics|START PAGE, Quarantined, [1711], [444113],1.0.8173 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LearntheLyricsTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [577], [352442],1.0.8173 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|iekdaegkmghillhfecnncgepaapdfcgf, Quarantined, [1711], [456843],1.0.8173 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [577], [293497],1.0.8173 Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\LearntheLyricsTooltab, Quarantined, [1711], [356944],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60L2DG92.DEFAULT-1519559592148\BROWSER-EXTENSION-DATA\_rnMembers_@free.learnthelyrics.com, Quarantined, [1711], [468075],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\_metadata, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\config, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IEKDAEGKMGHILLHFECNNCGEPAAPDFCGF, Quarantined, [1711], [456843],1.0.8173 File: 48 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\LearntheLyricsTooltab\TooltabExtension.dll, Quarantined, [1711], [356944],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60L2DG92.DEFAULT-1519559592148\EXTENSIONS\_rnMembers_@free.learnthelyrics.com.xpi, Quarantined, [1711], [457930],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\60l2dg92.default-1519559592148\browser-extension-data\_rnMembers_@free.learnthelyrics.com\storage.js, Quarantined, [1711], [468075],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\000003.log, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\CURRENT, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\LOCK, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\LOG, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\LOG.old, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\MANIFEST-000001, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IEKDAEGKMGHILLHFECNNCGEPAAPDFCGF\13.781.13.57290_0\MANIFEST.JSON, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\config\config.json, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon128.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon16.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon19disabled.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon19on.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon48.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\pageUtils.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\ajax.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\background.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\browserUtils.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\chrome.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\content_script.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\dlp.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\dlpHelper.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\extension_detect.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\genericLoadRemoteSettings.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\index.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\initOfferCEF.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\logger.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\offerService.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\PartnerId.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\product.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\splashPageRedirectHandler.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\storage.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\TabManager.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\TemplateParser.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\ul.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\urlFragmentActions.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\urlUtils.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\util.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\webtooltabAPI.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\webTooltabAPIProxy.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\_metadata\computed_hashes.json, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\_metadata\verified_contents.json, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\newtabproduct.html, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\LEARNTHELYRICS.EXE, Quarantined, [577], [365288],1.0.8173 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  16. What is CalendarSpark?The Malwarebytes research team has determined that CalendarSpark is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.CalendarSpark is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by CalendarSpark?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage/newtabpage in the affected browsers:How did CalendarSpark get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was available in the webstore:How do I remove CalendarSpark?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of CalendarSpark? No, Malwarebytes' Anti-Malware removes CalendarSpark completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the CalendarSpark hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/calendarspark/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&si={si}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_h2Members_@free.calendarspark.com.xpi [2018-11-26] CHR Extension: (CalendarSpark) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj [2018-11-26] C:\Users\{username}\AppData\Local\CalendarSparkTooltab Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\CalendarSparkTooltab Adds the file TooltabExtension.dll"="5/17/2018 11:17 PM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0 Adds the file manifest.json"="11/26/2018 9:10 AM, 2467 bytes, A Adds the file newtabproduct.html"="8/30/2018 5:38 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_metadata Adds the file computed_hashes.json"="11/26/2018 9:10 AM, 4346 bytes, A Adds the file verified_contents.json"="8/30/2018 5:38 PM, 6299 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\config Adds the file config.json"="8/30/2018 5:38 PM, 1680 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons Adds the file icon128.png"="11/26/2018 9:10 AM, 8445 bytes, A Adds the file icon16.png"="8/30/2018 5:38 PM, 659 bytes, A Adds the file icon19disabled.png"="8/30/2018 5:38 PM, 714 bytes, A Adds the file icon19on.png"="11/26/2018 9:10 AM, 760 bytes, A Adds the file icon48.png"="11/26/2018 9:10 AM, 2783 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js Adds the file ajax.js"="8/30/2018 5:38 PM, 2218 bytes, A Adds the file background.js"="8/30/2018 5:38 PM, 21378 bytes, A Adds the file browserUtils.js"="8/30/2018 5:38 PM, 912 bytes, A Adds the file chrome.js"="8/30/2018 5:38 PM, 146 bytes, A Adds the file content_script.js"="8/30/2018 5:38 PM, 2151 bytes, A Adds the file dlp.js"="8/30/2018 5:38 PM, 5659 bytes, A Adds the file dlpHelper.js"="8/30/2018 5:38 PM, 1799 bytes, A Adds the file extension_detect.js"="8/30/2018 5:38 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="8/30/2018 5:38 PM, 2855 bytes, A Adds the file index.js"="8/30/2018 5:38 PM, 49 bytes, A Adds the file initOfferCEF.js"="8/30/2018 5:38 PM, 8802 bytes, A Adds the file logger.js"="8/30/2018 5:38 PM, 541 bytes, A Adds the file offerService.js"="8/30/2018 5:38 PM, 10337 bytes, A Adds the file pageUtils.js"="8/30/2018 5:38 PM, 2805 bytes, A Adds the file PartnerId.js"="8/30/2018 5:38 PM, 16402 bytes, A Adds the file product.js"="8/30/2018 5:38 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="8/30/2018 5:38 PM, 2868 bytes, A Adds the file storage.js"="8/30/2018 5:38 PM, 1640 bytes, A Adds the file TabManager.js"="8/30/2018 5:38 PM, 151 bytes, A Adds the file TemplateParser.js"="8/30/2018 5:38 PM, 3038 bytes, A Adds the file ul.js"="8/30/2018 5:38 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="8/30/2018 5:38 PM, 1825 bytes, A Adds the file urlUtils.js"="8/30/2018 5:38 PM, 5349 bytes, A Adds the file util.js"="8/30/2018 5:38 PM, 2184 bytes, A Adds the file webtooltabAPI.js"="8/30/2018 5:38 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="8/30/2018 5:38 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj Adds the file 000003.log"="11/26/2018 9:14 AM, 5810 bytes, A Adds the file CURRENT"="11/26/2018 9:10 AM, 16 bytes, A Adds the file LOCK"="11/26/2018 9:10 AM, 0 bytes, A Adds the file LOG"="11/26/2018 9:14 AM, 412 bytes, A Adds the file LOG.old"="11/26/2018 9:13 AM, 412 bytes, A Adds the file MANIFEST-000001"="11/26/2018 9:10 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_h2Members_@free.calendarspark.com Adds the file storage.js"="11/26/2018 9:13 AM, 2851 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _h2Members_@free.calendarspark.com.xpi"="11/26/2018 9:08 AM, 58408 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\CalendarSpark] "Start Page"="REG_SZ", "http://hp.myway.com/calendarspark/ttab02/index.html?n={n}&p2=^CEQ^xdm675^TTAB02^us&ptb={ptb}&si={si}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2F%3Fc%3D{ptb}%26ptb%3D" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jipigdjcibdknnacmomcjkdeildkdkaj"="REG_SZ", "C9427DA16D73DD37F350EB7FE1167EC8D522F1952B6570E04AD2C3B6C85247D7" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/calendarspark/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&si={si}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CalendarSparkTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "CalendarSpark Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\CalendarSparkTooltab\TooltabExtension.dll" U uninstall:CalendarSpark" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/26/18 Scan Time: 9:18 AM Log File: eb8ba77a-f153-11e8-aa59-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8021 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237781 Threats Detected: 83 Threats Quarantined: 83 Time Elapsed: 3 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\CalendarSparkTooltab\TooltabExtension.dll, Quarantined, [576], [182279],1.0.8021 Registry Key: 2 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CalendarSparkTooltab Uninstall Internet Explorer, Quarantined, [576], [182279],1.0.8021 PUP.Optional.MindSpark, HKCU\SOFTWARE\CalendarSpark, Quarantined, [576], [260158],1.0.8021 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\CalendarSpark|START PAGE, Quarantined, [1714], [444113],1.0.8021 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CalendarSparkTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [576], [352442],1.0.8021 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jipigdjcibdknnacmomcjkdeildkdkaj, Quarantined, [1714], [456843],1.0.8021 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [576], [293497],1.0.8021 Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\CALENDARSPARKTOOLTAB, Quarantined, [576], [182279],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_h2Members_@free.calendarspark.com, Quarantined, [1714], [468075],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\es_419, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\pt_BR, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\pt_PT, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\de, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\en, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\es, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\fr, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\it, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\ja, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_metadata, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\config, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIPIGDJCIBDKNNACMOMCJKDEILDKDKAJ, Quarantined, [1714], [456843],1.0.8021 File: 57 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\CalendarSparkTooltab\TooltabExtension.dll, Quarantined, [576], [182279],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_h2Members_@free.calendarspark.com\storage.js, Quarantined, [1714], [468075],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_h2Members_@free.calendarspark.com.xpi, Quarantined, [1714], [457930],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\000003.log, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\CURRENT, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\LOCK, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\LOG, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\LOG.old, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\MANIFEST-000001, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIPIGDJCIBDKNNACMOMCJKDEILDKDKAJ\13.803.14.896_0\MANIFEST.JSON, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\config\config.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon128.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon16.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon19disabled.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon19on.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon48.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\pageUtils.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\ajax.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\background.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\browserUtils.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\chrome.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\content_script.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\dlp.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\dlpHelper.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\extension_detect.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\genericLoadRemoteSettings.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\index.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\initOfferCEF.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\logger.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\offerService.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\PartnerId.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\product.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\splashPageRedirectHandler.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\storage.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\TabManager.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\TemplateParser.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\ul.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\urlFragmentActions.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\urlUtils.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\util.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\webtooltabAPI.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\webTooltabAPIProxy.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\de\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\en\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\es\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\es_419\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\fr\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\it\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\ja\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\pt_BR\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\pt_PT\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_metadata\computed_hashes.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_metadata\verified_contents.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\newtabproduct.html, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\CALENDARSPARK.{coid}.EXE, Quarantined, [576], [365288],1.0.8021 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  17. What is FindMeFreebies?The Malwarebytes research team has determined that FindMeFreebies is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.FindMeFreebies is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by FindMeFreebies?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this newtab page in the affected browsers:How did FindMeFreebies get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and for the Chrome extension it redirected to the webstore.How do I remove FindMeFreebies?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of FindMeFreebies? No, Malwarebytes' Anti-Malware removes FindMeFreebies completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the FindMeFreebies hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page"="hxxp://hp.myway.com/findmefreebies/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_9eMembers_@free.findmefreebies.com.xpi [2018-11-19] CHR Extension: (FindMeFreebies) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei [2018-11-19] C:\Users\{username}\AppData\Local\FindMeFreebiesTooltab Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\FindMeFreebiesTooltab Adds the file TooltabExtension.dll"="5/18/2018 1:07 AM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0 Adds the file manifest.json"="11/19/2018 8:55 AM, 2474 bytes, A Adds the file newtabproduct.html"="9/4/2018 3:49 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_metadata Adds the file computed_hashes.json"="11/19/2018 8:55 AM, 4346 bytes, A Adds the file verified_contents.json"="9/4/2018 3:49 PM, 6300 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\config Adds the file config.json"="9/4/2018 3:49 PM, 1693 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\icons Adds the file icon128.png"="11/19/2018 8:55 AM, 11418 bytes, A Adds the file icon16.png"="9/4/2018 3:49 PM, 1596 bytes, A Adds the file icon19disabled.png"="9/4/2018 3:49 PM, 1415 bytes, A Adds the file icon19on.png"="11/19/2018 8:55 AM, 703 bytes, A Adds the file icon48.png"="11/19/2018 8:55 AM, 3577 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js Adds the file ajax.js"="9/4/2018 3:49 PM, 2218 bytes, A Adds the file background.js"="9/4/2018 3:49 PM, 21378 bytes, A Adds the file browserUtils.js"="9/4/2018 3:49 PM, 912 bytes, A Adds the file chrome.js"="9/4/2018 3:49 PM, 146 bytes, A Adds the file content_script.js"="9/4/2018 3:49 PM, 2151 bytes, A Adds the file dlp.js"="9/4/2018 3:49 PM, 5659 bytes, A Adds the file dlpHelper.js"="9/4/2018 3:49 PM, 1799 bytes, A Adds the file extension_detect.js"="9/4/2018 3:49 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="9/4/2018 3:49 PM, 2855 bytes, A Adds the file index.js"="9/4/2018 3:49 PM, 49 bytes, A Adds the file initOfferCEF.js"="9/4/2018 3:49 PM, 8802 bytes, A Adds the file logger.js"="9/4/2018 3:49 PM, 541 bytes, A Adds the file offerService.js"="9/4/2018 3:49 PM, 10337 bytes, A Adds the file pageUtils.js"="9/4/2018 3:49 PM, 2805 bytes, A Adds the file PartnerId.js"="9/4/2018 3:49 PM, 16402 bytes, A Adds the file product.js"="9/4/2018 3:49 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="9/4/2018 3:49 PM, 2868 bytes, A Adds the file storage.js"="9/4/2018 3:49 PM, 1640 bytes, A Adds the file TabManager.js"="9/4/2018 3:49 PM, 151 bytes, A Adds the file TemplateParser.js"="9/4/2018 3:49 PM, 3038 bytes, A Adds the file ul.js"="9/4/2018 3:49 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="9/4/2018 3:49 PM, 1825 bytes, A Adds the file urlUtils.js"="9/4/2018 3:49 PM, 5349 bytes, A Adds the file util.js"="9/4/2018 3:49 PM, 2184 bytes, A Adds the file webtooltabAPI.js"="9/4/2018 3:49 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="9/4/2018 3:49 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\komglhdcfhkhnocdfclghlgnfjmpabei Adds the file 000003.log"="11/19/2018 8:57 AM, 5000 bytes, A Adds the file CURRENT"="11/19/2018 8:55 AM, 16 bytes, A Adds the file LOCK"="11/19/2018 8:55 AM, 0 bytes, A Adds the file LOG"="11/19/2018 8:57 AM, 412 bytes, A Adds the file LOG.old"="11/19/2018 8:56 AM, 409 bytes, A Adds the file MANIFEST-000001"="11/19/2018 8:55 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_9eMembers_@free.findmefreebies.com Adds the file storage.js"="11/19/2018 8:56 AM, 2351 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _9eMembers_@free.findmefreebies.com.xpi"="11/19/2018 8:53 AM, 67078 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\FindMeFreebies] "Start Page"="REG_SZ", "http://hp.myway.com/findmefreebies/ttab02/index.html?n={n}&p2=^B5K^mni000^TTAB02&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2F%3D{ptb}%26ptb%3D [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "komglhdcfhkhnocdfclghlgnfjmpabei"="REG_SZ", "59D84CD35D26E75C0EC04C5276DD699125F4A03E899F6EABB904CE49F3360735" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/findmefreebies/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FindMeFreebiesTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "FindMeFreebies Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\FindMeFreebiesTooltab\TooltabExtension.dll" U uninstall:FindMeFreebies" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/19/18 Scan Time: 9:02 AM Log File: 80f81aba-ebd1-11e8-9c60-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7911 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237784 Threats Detected: 83 Threats Quarantined: 83 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\FindMeFreebiesTooltab\TooltabExtension.dll, Quarantined, [1710], [356944],1.0.7911 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FindMeFreebiesTooltab Uninstall Internet Explorer, Quarantined, [1710], [356944],1.0.7911 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\FindMeFreebies, Quarantined, [1710], [444113],1.0.7911 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FindMeFreebiesTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [570], [352442],1.0.7911 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\FindMeFreebies|START PAGE, Quarantined, [1710], [444113],1.0.7911 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|komglhdcfhkhnocdfclghlgnfjmpabei, Quarantined, [1710], [456842],1.0.7911 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [570], [293497],1.0.7911 Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\FindMeFreebiesTooltab, Quarantined, [1710], [356944],1.0.7911 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_9eMembers_@free.findmefreebies.com, Quarantined, [1710], [468075],1.0.7911 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\komglhdcfhkhnocdfclghlgnfjmpabei, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\es_419, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\pt_BR, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\pt_PT, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\de, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\en, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\es, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\fr, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\it, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\ja, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_metadata, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\config, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\icons, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOMGLHDCFHKHNOCDFCLGHLGNFJMPABEI\13.803.14.2528_0, Quarantined, [1710], [456842],1.0.7911 File: 57 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\FindMeFreebiesTooltab\TooltabExtension.dll, Quarantined, [1710], [356944],1.0.7911 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_9eMembers_@free.findmefreebies.com.xpi, Quarantined, [1710], [457930],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_9eMembers_@free.findmefreebies.com\storage.js, Quarantined, [1710], [468075],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\komglhdcfhkhnocdfclghlgnfjmpabei\000003.log, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\komglhdcfhkhnocdfclghlgnfjmpabei\CURRENT, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\komglhdcfhkhnocdfclghlgnfjmpabei\LOCK, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\komglhdcfhkhnocdfclghlgnfjmpabei\LOG, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\komglhdcfhkhnocdfclghlgnfjmpabei\LOG.old, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\komglhdcfhkhnocdfclghlgnfjmpabei\MANIFEST-000001, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOMGLHDCFHKHNOCDFCLGHLGNFJMPABEI\13.803.14.2528_0\CONFIG\CONFIG.JSON, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\icons\icon128.png, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\icons\icon16.png, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\icons\icon19disabled.png, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\icons\icon19on.png, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\icons\icon48.png, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\pageUtils.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\ajax.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\background.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\browserUtils.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\chrome.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\content_script.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\dlp.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\dlpHelper.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\extension_detect.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\genericLoadRemoteSettings.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\index.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\initOfferCEF.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\logger.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\offerService.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\PartnerId.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\product.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\splashPageRedirectHandler.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\storage.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\TabManager.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\TemplateParser.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\ul.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\urlFragmentActions.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\urlUtils.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\util.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\webtooltabAPI.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\js\webTooltabAPIProxy.js, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\de\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\en\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\es\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\es_419\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\fr\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\it\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\ja\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\pt_BR\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_locales\pt_PT\messages.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_metadata\computed_hashes.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\_metadata\verified_contents.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\manifest.json, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\komglhdcfhkhnocdfclghlgnfjmpabei\13.803.14.2528_0\newtabproduct.html, Quarantined, [1710], [456842],1.0.7911 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\FINDMEFREEBIES.EXE, Quarantined, [570], [365288],1.0.7911 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  18. What is AudioToAudio?The Malwarebytes research team has determined that AudioToAudio is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.AudioToAudio is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by AudioToAudio?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:this icon in the menu-bar of some of the affected browsers:and this new homepage in the affected browsers:https://static-cdn.m...tartpage.png[/iHow did AudioToAudio get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove AudioToAudio?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of AudioToAudio? No, Malwarebytes' Anti-Malware removes AudioToAudio completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the AudioToAudio hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/audiotoaudio/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_8iMembers_@download.audiotoaudio.com.xpi [2018-10-31] CHR Extension: (AudioToAudio) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj [2018-10-31] C:\Users\{username}\AppData\Local\AudioToAudioTooltab AudioToAudio Internet Explorer Homepage and New Tab (HKCU\...\AudioToAudioTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\AudioToAudioTooltab Adds the file TooltabExtension.dll"="5/17/2018 11:10 PM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0 Adds the file manifest.json"="10/31/2018 9:16 AM, 2467 bytes, A Adds the file newtabproduct.html"="8/29/2018 4:52 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_metadata Adds the file computed_hashes.json"="10/31/2018 9:16 AM, 4346 bytes, A Adds the file verified_contents.json"="8/29/2018 4:52 PM, 6301 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\config Adds the file config.json"="8/29/2018 4:52 PM, 1695 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js Adds the file ajax.js"="8/29/2018 4:52 PM, 2218 bytes, A Adds the file background.js"="8/29/2018 4:52 PM, 21378 bytes, A Adds the file browserUtils.js"="8/29/2018 4:52 PM, 912 bytes, A Adds the file chrome.js"="8/29/2018 4:52 PM, 146 bytes, A Adds the file content_script.js"="8/29/2018 4:52 PM, 2151 bytes, A Adds the file dlp.js"="8/29/2018 4:52 PM, 5659 bytes, A Adds the file dlpHelper.js"="8/29/2018 4:52 PM, 1799 bytes, A Adds the file extension_detect.js"="8/29/2018 4:52 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="8/29/2018 4:52 PM, 2855 bytes, A Adds the file index.js"="8/29/2018 4:52 PM, 49 bytes, A Adds the file initOfferCEF.js"="8/29/2018 4:52 PM, 8802 bytes, A Adds the file logger.js"="8/29/2018 4:52 PM, 541 bytes, A Adds the file offerService.js"="8/29/2018 4:52 PM, 10337 bytes, A Adds the file pageUtils.js"="8/29/2018 4:52 PM, 2805 bytes, A Adds the file PartnerId.js"="8/29/2018 4:52 PM, 16402 bytes, A Adds the file product.js"="8/29/2018 4:52 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="8/29/2018 4:52 PM, 2868 bytes, A Adds the file storage.js"="8/29/2018 4:52 PM, 1640 bytes, A Adds the file TabManager.js"="8/29/2018 4:52 PM, 151 bytes, A Adds the file TemplateParser.js"="8/29/2018 4:52 PM, 3038 bytes, A Adds the file ul.js"="8/29/2018 4:52 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="8/29/2018 4:52 PM, 1825 bytes, A Adds the file urlUtils.js"="8/29/2018 4:52 PM, 5349 bytes, A Adds the file util.js"="8/29/2018 4:52 PM, 2184 bytes, A Adds the file webtooltabAPI.js"="8/29/2018 4:52 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="8/29/2018 4:52 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmgkbbgmfadinoembkciofacghellcmj Adds the file 000003.log"="10/31/2018 9:18 AM, 4913 bytes, A Adds the file CURRENT"="10/31/2018 9:16 AM, 16 bytes, A Adds the file LOCK"="10/31/2018 9:16 AM, 0 bytes, A Adds the file LOG"="10/31/2018 9:18 AM, 412 bytes, A Adds the file LOG.old"="10/31/2018 9:16 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/31/2018 9:16 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_8iMembers_@download.audiotoaudio.com Adds the file storage.js"="10/31/2018 9:18 AM, 2389 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _8iMembers_@download.audiotoaudio.com.xpi"="10/31/2018 9:13 AM, 65918 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\AudioToAudio] "Start Page"="REG_SZ", "http://hp.myway.com/audiotoaudio/ttab02/index.html?n={n}&p2=^AYZ^yyyyyy^TTAB02^nl&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2F%3Fc%3D{ptb}%26ptb%3D{ptb}" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fmgkbbgmfadinoembkciofacghellcmj"="REG_SZ", "EA017AD2D00ED7D965C18964373286767C3C79E49C0D62ED160A05E2C11C2154" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/audiotoaudio/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AudioToAudioTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "AudioToAudio Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\AudioToAudioTooltab\TooltabExtension.dll" U uninstall:AudioToAudio" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/31/18 Scan Time: 9:24 AM Log File: 5902fbbe-dce6-11e8-8f0e-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7621 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238138 Threats Detected: 83 Threats Quarantined: 83 Time Elapsed: 3 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\AudioToAudioTooltab\TooltabExtension.dll, Quarantined, [1706], [356944],1.0.7621 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AudioToAudioTooltab Uninstall Internet Explorer, Quarantined, [1706], [356944],1.0.7621 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\AudioToAudio, Quarantined, [1706], [444113],1.0.7621 Registry Value: 3 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AudioToAudioTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [564], [352442],1.0.7621 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\AudioToAudio|START PAGE, Quarantined, [1706], [444113],1.0.7621 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fmgkbbgmfadinoembkciofacghellcmj, Quarantined, [1706], [467555],1.0.7621 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [564], [293497],1.0.7621 Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\AudioToAudioTooltab, Quarantined, [1706], [356944],1.0.7621 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60L2DG92.DEFAULT-1519559592148\BROWSER-EXTENSION-DATA\_8iMembers_@download.audiotoaudio.com, Quarantined, [1706], [468075],1.0.7621 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\fmgkbbgmfadinoembkciofacghellcmj, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\es_419, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\pt_BR, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\pt_PT, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\de, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\en, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\es, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\fr, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\it, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\ja, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_metadata, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\config, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\icons, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMGKBBGMFADINOEMBKCIOFACGHELLCMJ, Quarantined, [1706], [467555],1.0.7621 File: 57 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\AudioToAudioTooltab\TooltabExtension.dll, Quarantined, [1706], [356944],1.0.7621 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60L2DG92.DEFAULT-1519559592148\EXTENSIONS\_8iMembers_@download.audiotoaudio.com.xpi, Quarantined, [1706], [457930],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\60l2dg92.default-1519559592148\browser-extension-data\_8iMembers_@download.audiotoaudio.com\storage.js, Quarantined, [1706], [468075],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmgkbbgmfadinoembkciofacghellcmj\000003.log, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmgkbbgmfadinoembkciofacghellcmj\CURRENT, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmgkbbgmfadinoembkciofacghellcmj\LOCK, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmgkbbgmfadinoembkciofacghellcmj\LOG, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmgkbbgmfadinoembkciofacghellcmj\LOG.old, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmgkbbgmfadinoembkciofacghellcmj\MANIFEST-000001, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMGKBBGMFADINOEMBKCIOFACGHELLCMJ\13.803.13.65273_0\MANIFEST.JSON, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\config\config.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\icons\icon128.png, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\icons\icon16.png, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\icons\icon19disabled.png, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\icons\icon19on.png, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\icons\icon48.png, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\pageUtils.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\ajax.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\background.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\browserUtils.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\chrome.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\content_script.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\dlp.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\dlpHelper.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\extension_detect.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\genericLoadRemoteSettings.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\index.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\initOfferCEF.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\logger.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\offerService.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\PartnerId.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\product.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\splashPageRedirectHandler.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\storage.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\TabManager.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\TemplateParser.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\ul.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\urlFragmentActions.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\urlUtils.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\util.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\webtooltabAPI.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\js\webTooltabAPIProxy.js, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\de\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\en\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\es\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\es_419\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\fr\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\it\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\ja\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\pt_BR\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_locales\pt_PT\messages.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_metadata\computed_hashes.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\_metadata\verified_contents.json, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgkbbgmfadinoembkciofacghellcmj\13.803.13.65273_0\newtabproduct.html, Quarantined, [1706], [467555],1.0.7621 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\AUDIOTOAUDIO.4FE395273CB54708ABFD182521E8EEA2.EXE, Quarantined, [564], [365288],1.0.7621 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  19. What is Steam Frenzy?The Malwarebytes research team has determined that Steam Frenzy is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Steam Frenzy is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Steam Frenzy?You may see this browser extension:these warnings during install:You may see this changed setting:and this newtab-page in the affected browsers:How did Steam Frenzy get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was promoted by their website:and the Chrome extension was downloaded from the webstore:How do I remove Steam Frenzy?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Steam Frenzy? No, Malwarebytes' Anti-Malware removes Steam Frenzy completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Steam Frenzy hijacker. It would have blocked traffic to their domains: Technical details for expertsPossible signs in a FRST log: CHR Extension: (StreamFrenzy) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb [2018-10-12] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0 Adds the file manifest.json"="10/12/2018 10:34 AM, 2490 bytes, A Adds the file newtabproduct.html"="9/5/2018 10:47 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_locales\en Adds the file messages.json"="10/12/2018 10:34 AM, 230 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_metadata Adds the file computed_hashes.json"="10/12/2018 10:34 AM, 4688 bytes, A Adds the file verified_contents.json"="9/6/2018 5:35 PM, 5540 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\config Adds the file config.json"="9/6/2018 5:35 PM, 2050 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons Adds the file icon128.png"="10/12/2018 10:34 AM, 9147 bytes, A Adds the file icon16.png"="9/5/2018 10:47 PM, 798 bytes, A Adds the file icon19disabled.png"="9/5/2018 10:47 PM, 554 bytes, A Adds the file icon19on.png"="10/12/2018 10:34 AM, 1152 bytes, A Adds the file icon48.png"="10/12/2018 10:34 AM, 4938 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js Adds the file ajax.js"="9/5/2018 10:47 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="9/5/2018 10:47 PM, 11186 bytes, A Adds the file background.js"="9/6/2018 5:34 PM, 23420 bytes, A Adds the file browserUtils.js"="9/5/2018 10:47 PM, 912 bytes, A Adds the file chrome.js"="9/5/2018 10:47 PM, 146 bytes, A Adds the file content_script.js"="9/5/2018 10:47 PM, 2151 bytes, A Adds the file dlp.js"="9/5/2018 10:47 PM, 5659 bytes, A Adds the file dlpHelper.js"="9/5/2018 10:47 PM, 1799 bytes, A Adds the file extension_detect.js"="9/5/2018 10:47 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="9/5/2018 10:47 PM, 2855 bytes, A Adds the file index.js"="9/5/2018 10:47 PM, 49 bytes, A Adds the file initOfferCEF.js"="9/5/2018 10:47 PM, 8802 bytes, A Adds the file logger.js"="9/5/2018 10:47 PM, 541 bytes, A Adds the file offerService.js"="9/5/2018 10:47 PM, 10337 bytes, A Adds the file pageUtils.js"="9/5/2018 10:47 PM, 2805 bytes, A Adds the file PartnerId.js"="9/5/2018 10:47 PM, 16402 bytes, A Adds the file product.js"="9/5/2018 10:47 PM, 8403 bytes, A Adds the file splashPageLocalStorageSetter.js"="9/5/2018 10:47 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="9/5/2018 10:47 PM, 2868 bytes, A Adds the file storage.js"="9/5/2018 10:47 PM, 1640 bytes, A Adds the file TabManager.js"="9/5/2018 10:47 PM, 151 bytes, A Adds the file TemplateParser.js"="9/5/2018 10:47 PM, 3038 bytes, A Adds the file ul.js"="9/5/2018 10:47 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="9/5/2018 10:47 PM, 1631 bytes, A Adds the file urlUtils.js"="9/5/2018 10:47 PM, 5349 bytes, A Adds the file util.js"="9/5/2018 10:47 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="9/5/2018 10:47 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="9/5/2018 10:47 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb Adds the file 000003.log"="10/12/2018 10:40 AM, 4930 bytes, A Adds the file CURRENT"="10/12/2018 10:34 AM, 16 bytes, A Adds the file LOCK"="10/12/2018 10:34 AM, 0 bytes, A Adds the file LOG"="10/12/2018 10:36 AM, 412 bytes, A Adds the file LOG.old"="10/12/2018 10:34 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/12/2018 10:34 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fmpkhjobgenhkejocohgfcgigbfnhakb"="REG_SZ", "12D42DAD42B9D7413AAF12C538CFE073F2BACB906A2476599A119FCDED1AC4B4" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/12/18 Scan Time: 10:43 AM Log File: e69b85b9-cdfa-11e8-a26e-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7309 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238437 Threats Detected: 58 Threats Quarantined: 58 Time Elapsed: 2 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_locales\en, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_metadata, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_locales, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\config, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMPKHJOBGENHKEJOCOHGFCGIGBFNHAKB, Quarantined, [1700], [467555],1.0.7309 File: 47 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\000003.log, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\CURRENT, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\LOCK, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\LOG, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\LOG.old, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmpkhjobgenhkejocohgfcgigbfnhakb\MANIFEST-000001, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMPKHJOBGENHKEJOCOHGFCGIGBFNHAKB\13.809.15.2824_0\MANIFEST.JSON, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\config\config.json, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon128.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon16.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon19disabled.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon19on.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\icons\icon48.png, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\logger.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\ajax.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\b2b-partner-tracking.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\background.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\browserUtils.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\chrome.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\content_script.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\dlp.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\dlpHelper.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\extension_detect.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\genericLoadRemoteSettings.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\index.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\initOfferCEF.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\offerService.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\pageUtils.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\PartnerId.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\product.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\splashPageLocalStorageSetter.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\splashPageRedirectHandler.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\storage.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\TabManager.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\TemplateParser.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\ul.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\urlFragmentActions.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\urlUtils.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\util.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\webtooltabAPI.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\js\webTooltabAPIProxy.js, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_locales\en\messages.json, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_metadata\computed_hashes.json, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\_metadata\verified_contents.json, Quarantined, [1700], [467555],1.0.7309 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmpkhjobgenhkejocohgfcgigbfnhakb\13.809.15.2824_0\newtabproduct.html, Quarantined, [1700], [467555],1.0.7309 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  20. What is Sports Addict?The Malwarebytes research team has determined that Sports Addict is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Sports Addict is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Sports Addict?You may see these browser extensions/add-ons:these warnings during install:and this new setting:You will see this icon in your browsers menu-bar:and this new homepage in the affected browsers:How did Sports Addict get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their websiteand the Chrome extension was also available in the webstore:How do I remove Sports Addict?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Sports Addict? No, Malwarebytes' Anti-Malware removes Sports Addict completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Sports Addict hijacker. It would have blocked traffic to their domains: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_oqMembers_@sportsaddict.thewhizproducts.com.xpi [2018-10-08] CHR Extension: (Sports Addict) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal [2018-10-08] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0 Adds the file dynamicNewTab.html"="4/10/2018 9:22 AM, 1136 bytes, A Adds the file manifest.json"="10/8/2018 10:17 AM, 2594 bytes, A Adds the file productnewtab.html"="4/10/2018 9:22 AM, 1136 bytes, A Adds the file stubby.html"="4/10/2018 9:22 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata Adds the file computed_hashes.json"="10/8/2018 10:17 AM, 4670 bytes, A Adds the file verified_contents.json"="4/10/2018 9:22 AM, 5391 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config Adds the file config.json"="4/10/2018 9:22 AM, 1972 bytes, A Adds the file extension-config.json"="4/10/2018 9:22 AM, 1114 bytes, A Adds the file extension-dev-config.json"="4/10/2018 9:22 AM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons Adds the file icon128.png"="10/8/2018 10:17 AM, 4217 bytes, A Adds the file icon16.png"="4/10/2018 9:22 AM, 562 bytes, A Adds the file icon19disabled.png"="4/10/2018 9:22 AM, 344 bytes, A Adds the file icon19on.png"="10/8/2018 10:17 AM, 715 bytes, A Adds the file icon48.png"="10/8/2018 10:17 AM, 2108 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js Adds the file ajax.js"="4/10/2018 9:22 AM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="4/10/2018 9:22 AM, 11023 bytes, A Adds the file background.js"="4/10/2018 9:22 AM, 21158 bytes, A Adds the file chrome.js"="4/10/2018 9:22 AM, 180 bytes, A Adds the file content_script.js"="4/10/2018 9:22 AM, 5815 bytes, A Adds the file dlp.js"="4/10/2018 9:22 AM, 5690 bytes, A Adds the file dlpHelper.js"="4/10/2018 9:22 AM, 1836 bytes, A Adds the file extension_detect.js"="4/10/2018 9:22 AM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/10/2018 9:22 AM, 2908 bytes, A Adds the file index.js"="4/10/2018 9:22 AM, 82 bytes, A Adds the file initOfferCEF.js"="4/10/2018 9:22 AM, 8991 bytes, A Adds the file logger.js"="4/10/2018 9:22 AM, 575 bytes, A Adds the file offerService.js"="4/10/2018 9:22 AM, 13159 bytes, A Adds the file pageUtils.js"="4/10/2018 9:22 AM, 1811 bytes, A Adds the file PartnerId.js"="4/10/2018 9:22 AM, 16439 bytes, A Adds the file product.js"="4/10/2018 9:22 AM, 4511 bytes, A Adds the file storage.js"="4/10/2018 9:22 AM, 1675 bytes, A Adds the file TabManager.js"="4/10/2018 9:22 AM, 189 bytes, A Adds the file TemplateParser.js"="4/10/2018 9:22 AM, 3080 bytes, A Adds the file ul.js"="4/10/2018 9:22 AM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/10/2018 9:22 AM, 2521 bytes, A Adds the file urlUtils.js"="4/10/2018 9:22 AM, 5385 bytes, A Adds the file util.js"="4/10/2018 9:22 AM, 4027 bytes, A Adds the file webtooltabAPI.js"="4/10/2018 9:22 AM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal Adds the file 000003.log"="10/8/2018 10:18 AM, 5584 bytes, A Adds the file CURRENT"="10/8/2018 10:17 AM, 16 bytes, A Adds the file LOCK"="10/8/2018 10:17 AM, 0 bytes, A Adds the file LOG"="10/8/2018 10:18 AM, 412 bytes, A Adds the file LOG.old"="10/8/2018 10:17 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/8/2018 10:17 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oqMembers_@sportsaddict.thewhizproducts.com Adds the file storage.js"="10/8/2018 10:18 AM, 2717 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _oqMembers_@sportsaddict.thewhizproducts.com.xpi"="10/8/2018 10:17 AM, 50256 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ophjmddaoidnhjpfjiipefgmjcjfbgal"="REG_SZ", "59B5791C85F86789C627FFC406FAAE922720796DF74BB66E59718503E133833A" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/8/18 Scan Time: 10:08 AM Log File: 46094d32-cad1-11e8-ad3f-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7239 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238649 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 2 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_oqMembers_@sportsaddict.thewhizproducts.com, Quarantined, [1702], [468075],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OPHJMDDAOIDNHJPFJIIPEFGMJCJFBGAL, Quarantined, [1702], [467555],1.0.7239 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_oqMembers_@sportsaddict.thewhizproducts.com.xpi, Quarantined, [1702], [457930],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oqMembers_@sportsaddict.thewhizproducts.com\storage.js, Quarantined, [1702], [468075],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\000003.log, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\CURRENT, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\LOCK, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\LOG, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ophjmddaoidnhjpfjiipefgmjcjfbgal\MANIFEST-000001, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OPHJMDDAOIDNHJPFJIIPEFGMJCJFBGAL\13.421.12.64295_0\MANIFEST.JSON, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\extension-config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\config\extension-dev-config.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon128.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon16.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon19disabled.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon19on.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\icons\icon48.png, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\logger.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\ajax.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\b2b-partner-tracking.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\background.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\chrome.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\content_script.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\dlp.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\dlpHelper.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\extension_detect.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\genericLoadRemoteSettings.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\index.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\initOfferCEF.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\offerService.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\pageUtils.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\PartnerId.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\product.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\storage.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\TabManager.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\TemplateParser.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\ul.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\urlFragmentActions.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\urlUtils.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\util.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\js\webtooltabAPI.js, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata\computed_hashes.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\_metadata\verified_contents.json, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\dynamicNewTab.html, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\productnewtab.html, Quarantined, [1702], [467555],1.0.7239 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjmddaoidnhjpfjiipefgmjcjfbgal\13.421.12.64295_0\stubby.html, Quarantined, [1702], [467555],1.0.7239 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  21. What is Your Daily Trailer?The Malwarebytes research team has determined that Your Daily Trailer is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Your Daily Trailer is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Your Daily Trailer?You may see these browser extensions/add-ons:these warnings during install:and this new homepage in the affected browsers:How did Your Daily Trailer get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove Your Daily Trailer?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Your Daily Trailer? No, Malwarebytes' Anti-Malware removes Your Daily Trailer completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Your Daily Trailer hijacker. It would have blocked traffic to their domains: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_ooMembers_@yourdailytrailer.yournewtab.com.xpi [2018-10-04] CHR Extension: (Your Daily Trailer) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj [2018-10-04] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0 Adds the file manifest.json"="10/4/2018 8:44 AM, 2472 bytes, A Adds the file newtabproduct.html"="9/25/2018 4:02 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_locales\en Adds the file messages.json"="10/4/2018 8:44 AM, 213 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_metadata Adds the file computed_hashes.json"="10/4/2018 8:44 AM, 4688 bytes, A Adds the file verified_contents.json"="9/25/2018 4:02 PM, 5540 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\config Adds the file config.json"="9/25/2018 4:02 PM, 1999 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons Adds the file icon128.png"="10/4/2018 8:44 AM, 19835 bytes, A Adds the file icon16.png"="9/25/2018 4:02 PM, 847 bytes, A Adds the file icon19disabled.png"="9/25/2018 4:02 PM, 579 bytes, A Adds the file icon19on.png"="10/4/2018 8:44 AM, 1232 bytes, A Adds the file icon48.png"="10/4/2018 8:44 AM, 5688 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js Adds the file ajax.js"="9/25/2018 4:02 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="9/25/2018 4:02 PM, 11186 bytes, A Adds the file background.js"="9/25/2018 4:02 PM, 23425 bytes, A Adds the file browserUtils.js"="9/25/2018 4:02 PM, 912 bytes, A Adds the file chrome.js"="9/25/2018 4:02 PM, 146 bytes, A Adds the file content_script.js"="9/25/2018 4:02 PM, 2151 bytes, A Adds the file dlp.js"="9/25/2018 4:02 PM, 5659 bytes, A Adds the file dlpHelper.js"="9/25/2018 4:02 PM, 1799 bytes, A Adds the file extension_detect.js"="9/25/2018 4:02 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="9/25/2018 4:02 PM, 2855 bytes, A Adds the file index.js"="9/25/2018 4:02 PM, 49 bytes, A Adds the file initOfferCEF.js"="9/25/2018 4:02 PM, 8802 bytes, A Adds the file logger.js"="9/25/2018 4:02 PM, 541 bytes, A Adds the file offerService.js"="9/25/2018 4:02 PM, 10337 bytes, A Adds the file pageUtils.js"="9/25/2018 4:02 PM, 2805 bytes, A Adds the file PartnerId.js"="9/25/2018 4:02 PM, 16402 bytes, A Adds the file product.js"="9/25/2018 4:02 PM, 8403 bytes, A Adds the file splashPageLocalStorageSetter.js"="9/25/2018 4:02 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="9/25/2018 4:02 PM, 2868 bytes, A Adds the file storage.js"="9/25/2018 4:02 PM, 1640 bytes, A Adds the file TabManager.js"="9/25/2018 4:02 PM, 151 bytes, A Adds the file TemplateParser.js"="9/25/2018 4:02 PM, 3038 bytes, A Adds the file ul.js"="9/25/2018 4:02 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="9/25/2018 4:02 PM, 1631 bytes, A Adds the file urlUtils.js"="9/25/2018 4:02 PM, 5349 bytes, A Adds the file util.js"="9/25/2018 4:02 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="9/25/2018 4:02 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="9/25/2018 4:02 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj Adds the file 000003.log"="10/4/2018 8:47 AM, 5680 bytes, A Adds the file CURRENT"="10/4/2018 8:44 AM, 16 bytes, A Adds the file LOCK"="10/4/2018 8:44 AM, 0 bytes, A Adds the file LOG"="10/4/2018 8:45 AM, 412 bytes, A Adds the file LOG.old"="10/4/2018 8:44 AM, 185 bytes, A Adds the file MANIFEST-000001"="10/4/2018 8:44 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_ooMembers_@yourdailytrailer.yournewtab.com Adds the file storage.js"="10/4/2018 8:52 AM, 2739 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _ooMembers_@yourdailytrailer.yournewtab.com.xpi"="10/4/2018 8:49 AM, 66631 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "olnecppbhecjfoffhlfekoeombkegcjj"="REG_SZ", "16DB6B07070DF02BA82DE57047E1C1A3C8D1A6E775FD727332730814FB5C4A82" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/4/18 Scan Time: 8:56 AM Log File: 968571c8-c7a2-11e8-b806-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.7173 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 239013 Threats Detected: 59 Threats Quarantined: 59 Time Elapsed: 2 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_ooMembers_@yourdailytrailer.yournewtab.com, Quarantined, [1703], [468075],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_locales\en, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_metadata, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_locales, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\config, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OLNECPPBHECJFOFFHLFEKOEOMBKEGCJJ, Quarantined, [1703], [467555],1.0.7173 File: 49 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_ooMembers_@yourdailytrailer.yournewtab.com.xpi, Quarantined, [1703], [457930],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_ooMembers_@yourdailytrailer.yournewtab.com\storage.js, Quarantined, [1703], [468075],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\000003.log, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\CURRENT, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\LOCK, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\LOG, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\LOG.old, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnecppbhecjfoffhlfekoeombkegcjj\MANIFEST-000001, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OLNECPPBHECJFOFFHLFEKOEOMBKEGCJJ\13.809.14.8557_0\MANIFEST.JSON, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\config\config.json, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon128.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon16.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon19disabled.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon19on.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\icons\icon48.png, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\initOfferCEF.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\ajax.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\b2b-partner-tracking.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\background.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\browserUtils.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\chrome.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\content_script.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\dlp.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\dlpHelper.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\extension_detect.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\genericLoadRemoteSettings.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\index.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\logger.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\offerService.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\pageUtils.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\PartnerId.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\product.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\splashPageLocalStorageSetter.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\splashPageRedirectHandler.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\storage.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\TabManager.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\TemplateParser.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\ul.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\urlFragmentActions.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\urlUtils.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\util.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\webtooltabAPI.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\js\webTooltabAPIProxy.js, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_locales\en\messages.json, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_metadata\computed_hashes.json, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\_metadata\verified_contents.json, Quarantined, [1703], [467555],1.0.7173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnecppbhecjfoffhlfekoeombkegcjj\13.809.14.8557_0\newtabproduct.html, Quarantined, [1703], [467555],1.0.7173 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  22. What is SimpleHolidayRecipes?The Malwarebytes research team has determined that SimpleHolidayRecipes is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.SimpleHolidayRecipes is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by SimpleHolidayRecipes?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did SimpleHolidayRecipes get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove SimpleHolidayRecipes?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of SimpleHolidayRecipes? No, Malwarebytes' Anti-Malware removes SimpleHolidayRecipes completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the SimpleHolidayRecipes hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/simpleholidayrecipes/ttab02/index.html?n={n1}&p2={p2}5ETTAB02&ptb={ptb}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_reMembers_@www.simpleholidayrecipes.com.xpi [2018-08-30] CHR Extension: (SimpleHolidayRecipes) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc [2018-08-30] C:\Users\{username}\AppData\Local\SimpleHolidayRecipesTooltab SimpleHolidayRecipes Internet Explorer Homepage and New Tab (HKCU\...\SimpleHolidayRecipesTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0 Adds the file manifest.json"="8/30/2018 8:59 AM, 2549 bytes, A Adds the file newtabproduct.html"="8/21/2018 9:47 AM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\_metadata Adds the file computed_hashes.json"="8/30/2018 8:59 AM, 4346 bytes, A Adds the file verified_contents.json"="8/21/2018 9:47 AM, 5148 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\config Adds the file config.json"="8/21/2018 9:47 AM, 1809 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js Adds the file ajax.js"="8/21/2018 9:47 AM, 2218 bytes, A Adds the file background.js"="8/21/2018 9:47 AM, 21378 bytes, A Adds the file browserUtils.js"="8/21/2018 9:47 AM, 912 bytes, A Adds the file chrome.js"="8/21/2018 9:47 AM, 146 bytes, A Adds the file content_script.js"="8/21/2018 9:47 AM, 2151 bytes, A Adds the file dlp.js"="8/21/2018 9:47 AM, 5659 bytes, A Adds the file dlpHelper.js"="8/21/2018 9:47 AM, 1799 bytes, A Adds the file extension_detect.js"="8/21/2018 9:47 AM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="8/21/2018 9:47 AM, 2855 bytes, A Adds the file index.js"="8/21/2018 9:47 AM, 49 bytes, A Adds the file initOfferCEF.js"="8/21/2018 9:47 AM, 8802 bytes, A Adds the file logger.js"="8/21/2018 9:47 AM, 541 bytes, A Adds the file offerService.js"="8/21/2018 9:47 AM, 10337 bytes, A Adds the file pageUtils.js"="8/21/2018 9:47 AM, 2805 bytes, A Adds the file PartnerId.js"="8/21/2018 9:47 AM, 16402 bytes, A Adds the file product.js"="8/21/2018 9:47 AM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="8/21/2018 9:47 AM, 2868 bytes, A Adds the file storage.js"="8/21/2018 9:47 AM, 1640 bytes, A Adds the file TabManager.js"="8/21/2018 9:47 AM, 151 bytes, A Adds the file TemplateParser.js"="8/21/2018 9:47 AM, 3038 bytes, A Adds the file ul.js"="8/21/2018 9:47 AM, 3832 bytes, A Adds the file urlFragmentActions.js"="8/21/2018 9:47 AM, 1825 bytes, A Adds the file urlUtils.js"="8/21/2018 9:47 AM, 5349 bytes, A Adds the file util.js"="8/21/2018 9:47 AM, 2184 bytes, A Adds the file webtooltabAPI.js"="8/21/2018 9:47 AM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="8/21/2018 9:47 AM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blalapdaiabdaclcbmjnlonbocmjllbc Adds the file 000003.log"="8/30/2018 9:02 AM, 4912 bytes, A Adds the file CURRENT"="8/30/2018 8:59 AM, 16 bytes, A Adds the file LOCK"="8/30/2018 8:59 AM, 0 bytes, A Adds the file LOG"="8/30/2018 9:01 AM, 412 bytes, A Adds the file LOG.old"="8/30/2018 9:00 AM, 412 bytes, A Adds the file MANIFEST-000001"="8/30/2018 8:59 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\SimpleHolidayRecipesTooltab Adds the file TooltabExtension.dll"="5/16/2018 9:30 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_reMembers_@www.simpleholidayrecipes.com Adds the file storage.js"="8/30/2018 9:01 AM, 2395 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _reMembers_@www.simpleholidayrecipes.com.xpi"="8/30/2018 8:56 AM, 66911 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "blalapdaiabdaclcbmjnlonbocmjllbc"="REG_SZ", "45ADB13A1CE95EE39B497B65F0AAD2C6B800F0261C1DC858B98ACB8737149DF6" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/simpleholidayrecipes/ttab02/index.html?n=n1&p2={p2}5ETTAB02&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SimpleHolidayRecipesTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "SimpleHolidayRecipes Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\SimpleHolidayRecipesTooltab\TooltabExtension.dll" U uninstall:SimpleHolidayRecipes" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\SimpleHolidayRecipes] "Start Page"="REG_SZ", "http://hp.myway.com/simpleholidayrecipes/ttab02/index.html?n=n1&p2={p22}TTAB02&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2F%3D{ptb}%26ptb%3D{p22}TTAB02" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/30/18 Scan Time: 9:09 AM Log File: 9317e6bf-ac23-11e8-b61b-00ffdcc6fdfc.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6563 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 252412 Threats Detected: 63 Threats Quarantined: 63 Time Elapsed: 3 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\SimpleHolidayRecipesTooltab\TooltabExtension.dll, Quarantined, [1695], [356944],1.0.6563 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SimpleHolidayRecipesTooltab Uninstall Internet Explorer, Quarantined, [1695], [356944],1.0.6563 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\SimpleHolidayRecipes, Quarantined, [1695], [444113],1.0.6563 Registry Value: 2 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SimpleHolidayRecipesTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [546], [352442],1.0.6563 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\SimpleHolidayRecipes|START PAGE, Quarantined, [1695], [444113],1.0.6563 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [546], [293497],1.0.6563 Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\SimpleHolidayRecipesTooltab, Quarantined, [1695], [356944],1.0.6563 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_reMembers_@www.simpleholidayrecipes.com, Quarantined, [1695], [468075],1.0.6563 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\blalapdaiabdaclcbmjnlonbocmjllbc, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\_metadata, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\config, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\icons, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BLALAPDAIABDACLCBMJNLONBOCMJLLBC, Quarantined, [1695], [467555],1.0.6563 File: 48 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_reMembers_@www.simpleholidayrecipes.com.xpi, Quarantined, [1695], [457930],1.0.6563 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\SimpleHolidayRecipesTooltab\TooltabExtension.dll, Quarantined, [1695], [356944],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_reMembers_@www.simpleholidayrecipes.com\storage.js, Quarantined, [1695], [468075],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blalapdaiabdaclcbmjnlonbocmjllbc\000003.log, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blalapdaiabdaclcbmjnlonbocmjllbc\CURRENT, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blalapdaiabdaclcbmjnlonbocmjllbc\LOCK, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blalapdaiabdaclcbmjnlonbocmjllbc\LOG, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blalapdaiabdaclcbmjnlonbocmjllbc\LOG.old, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blalapdaiabdaclcbmjnlonbocmjllbc\MANIFEST-000001, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BLALAPDAIABDACLCBMJNLONBOCMJLLBC\13.781.13.59100_0\MANIFEST.JSON, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\config\config.json, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\icons\icon128.png, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\icons\icon16.png, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\icons\icon19disabled.png, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\icons\icon19on.png, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\icons\icon48.png, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\pageUtils.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\ajax.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\background.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\browserUtils.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\chrome.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\content_script.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\dlp.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\dlpHelper.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\extension_detect.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\genericLoadRemoteSettings.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\index.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\initOfferCEF.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\logger.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\offerService.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\PartnerId.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\product.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\splashPageRedirectHandler.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\storage.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\TabManager.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\TemplateParser.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\ul.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\urlFragmentActions.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\urlUtils.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\util.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\webtooltabAPI.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\js\webTooltabAPIProxy.js, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\_metadata\computed_hashes.json, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\_metadata\verified_contents.json, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\blalapdaiabdaclcbmjnlonbocmjllbc\13.781.13.59100_0\newtabproduct.html, Quarantined, [1695], [467555],1.0.6563 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\SIMPLEHOLIDAYRECIPES.EXE, Quarantined, [546], [365288],1.0.6563 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  23. What is MapsGalaxy?The Malwarebytes research team has determined that MapsGalaxy is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.MapsGalaxy is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by MapsGalaxy?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did MapsGalaxy get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove MapsGalaxy?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MapsGalaxy? If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the MapsGalaxy entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the MapsGalaxy hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/mapsgalaxy/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF Homepage: moz-extension://a7a4f4e0-d8bc-4b9b-b0ba-1639bf175198/dynamicHomePage.html FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_39Members_@www.mapsgalaxy.com.xpi [2018-08-07] CHR Extension: (MapsGalaxy) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm [2018-08-07] C:\Users\{username}\AppData\Local\MapsGalaxyTooltab MapsGalaxy Internet Explorer Homepage and New Tab (HKCU\...\MapsGalaxyTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0 Adds the file manifest.json"="8/7/2018 10:47 AM, 2458 bytes, A Adds the file newtabproduct.html"="6/7/2018 10:22 AM, 1136 bytes, A Adds the file stubby.html"="6/7/2018 10:22 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\_metadata Adds the file computed_hashes.json"="8/7/2018 10:47 AM, 4096 bytes, A Adds the file verified_contents.json"="6/7/2018 10:22 AM, 4879 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\config Adds the file config.json"="6/7/2018 10:22 AM, 1733 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\icons Adds the file icon128.png"="8/7/2018 10:47 AM, 21746 bytes, A Adds the file icon16.png"="6/7/2018 10:22 AM, 1315 bytes, A Adds the file icon19disabled.png"="6/7/2018 10:22 AM, 1388 bytes, A Adds the file icon19on.png"="8/7/2018 10:47 AM, 961 bytes, A Adds the file icon48.png"="8/7/2018 10:47 AM, 5280 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js Adds the file ajax.js"="6/7/2018 10:22 AM, 2250 bytes, A Adds the file background.js"="6/7/2018 10:22 AM, 21002 bytes, A Adds the file chrome.js"="6/7/2018 10:22 AM, 180 bytes, A Adds the file content_script.js"="6/7/2018 10:22 AM, 5815 bytes, A Adds the file dlp.js"="6/7/2018 10:22 AM, 5690 bytes, A Adds the file dlpHelper.js"="6/7/2018 10:22 AM, 1836 bytes, A Adds the file extension_detect.js"="6/7/2018 10:22 AM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="6/7/2018 10:22 AM, 2908 bytes, A Adds the file index.js"="6/7/2018 10:22 AM, 82 bytes, A Adds the file initOfferCEF.js"="6/7/2018 10:22 AM, 8842 bytes, A Adds the file logger.js"="6/7/2018 10:22 AM, 575 bytes, A Adds the file offerService.js"="6/7/2018 10:22 AM, 13159 bytes, A Adds the file pageUtils.js"="6/7/2018 10:22 AM, 1811 bytes, A Adds the file PartnerId.js"="6/7/2018 10:22 AM, 16439 bytes, A Adds the file product.js"="6/7/2018 10:22 AM, 4511 bytes, A Adds the file storage.js"="6/7/2018 10:22 AM, 1675 bytes, A Adds the file TabManager.js"="6/7/2018 10:22 AM, 189 bytes, A Adds the file TemplateParser.js"="6/7/2018 10:22 AM, 3080 bytes, A Adds the file ul.js"="6/7/2018 10:22 AM, 3862 bytes, A Adds the file urlFragmentActions.js"="6/7/2018 10:22 AM, 2521 bytes, A Adds the file urlUtils.js"="6/7/2018 10:22 AM, 5385 bytes, A Adds the file util.js"="6/7/2018 10:22 AM, 3235 bytes, A Adds the file webtooltabAPI.js"="6/7/2018 10:22 AM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpjbkhbhimkbbekiaelopeddeheljabm Adds the file 000003.log"="8/7/2018 10:51 AM, 5065 bytes, A Adds the file CURRENT"="8/7/2018 10:47 AM, 16 bytes, A Adds the file LOCK"="8/7/2018 10:47 AM, 0 bytes, A Adds the file LOG"="8/7/2018 10:51 AM, 412 bytes, A Adds the file LOG.old"="8/7/2018 10:47 AM, 185 bytes, A Adds the file MANIFEST-000001"="8/7/2018 10:47 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\MapsGalaxyTooltab Adds the file TooltabExtension.dll"="5/18/2018 2:48 AM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_39Members_@www.mapsgalaxy.com Adds the file storage.js"="8/7/2018 10:51 AM, 2465 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _39Members_@www.mapsgalaxy.com.xpi"="8/7/2018 10:46 AM, 76061 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "cpjbkhbhimkbbekiaelopeddeheljabm"="REG_SZ", "1B5E475DC1D93D437EF5C57355445F2BAC569314B2518A5E2DD35F096B2D9275" [HKEY_CURRENT_USER\Software\MapsGalaxy] "Start Page"="REG_SZ", "http://hp.myway.com/mapsgalaxy/ttab02/index.html?n={n}&p2={ptb1}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=https%3A%2F%2Fwww.research.net%2Fr%2FZC5XFLJ%3Fc%3D{ptb}%26ptb%3D{ptb1}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/mapsgalaxy/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxyTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "MapsGalaxy Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\MapsGalaxyTooltab\TooltabExtension.dll" U uninstall:MapsGalaxy" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/7/18 Scan Time: 10:57 AM Log File: e1ed92d7-9a1f-11e8-ae50-00ffdcc6fdfc.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6235 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 252250 Threats Detected: 62 Threats Quarantined: 62 Time Elapsed: 3 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MapsGalaxyTooltab\TooltabExtension.dll, Quarantined, [1688], [356944],1.0.6235 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MapsGalaxyTooltab Uninstall Internet Explorer, Quarantined, [1688], [356944],1.0.6235 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MapsGalaxy, Quarantined, [1688], [444113],1.0.6235 Registry Value: 2 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MapsGalaxyTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [541], [352442],1.0.6235 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MapsGalaxy|START PAGE, Quarantined, [1688], [444113],1.0.6235 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [541], [293497],1.0.6235 Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MapsGalaxyTooltab, Quarantined, [1688], [356944],1.0.6235 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_39Members_@www.mapsgalaxy.com, Quarantined, [1688], [468075],1.0.6235 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\cpjbkhbhimkbbekiaelopeddeheljabm, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\_metadata, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\config, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\icons, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CPJBKHBHIMKBBEKIAELOPEDDEHELJABM\13.651.13.21587_0, Quarantined, [1688], [456842],1.0.6235 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MapsGalaxyTooltab\TooltabExtension.dll, Quarantined, [1688], [356944],1.0.6235 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_39Members_@www.mapsgalaxy.com.xpi, Quarantined, [1688], [457930],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_39Members_@www.mapsgalaxy.com\storage.js, Quarantined, [1688], [468075],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpjbkhbhimkbbekiaelopeddeheljabm\000003.log, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpjbkhbhimkbbekiaelopeddeheljabm\CURRENT, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpjbkhbhimkbbekiaelopeddeheljabm\LOCK, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpjbkhbhimkbbekiaelopeddeheljabm\LOG, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpjbkhbhimkbbekiaelopeddeheljabm\LOG.old, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpjbkhbhimkbbekiaelopeddeheljabm\MANIFEST-000001, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CPJBKHBHIMKBBEKIAELOPEDDEHELJABM\13.651.13.21587_0\CONFIG\CONFIG.JSON, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\icons\icon128.png, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\icons\icon16.png, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\icons\icon19disabled.png, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\icons\icon19on.png, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\icons\icon48.png, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\ajax.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\background.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\chrome.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\content_script.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\dlp.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\dlpHelper.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\extension_detect.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\genericLoadRemoteSettings.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\index.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\initOfferCEF.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\logger.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\offerService.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\pageUtils.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\PartnerId.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\product.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\storage.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\TabManager.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\TemplateParser.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\ul.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\urlFragmentActions.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\urlUtils.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\util.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\js\webtooltabAPI.js, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\_metadata\computed_hashes.json, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\_metadata\verified_contents.json, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\manifest.json, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\newtabproduct.html, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjbkhbhimkbbekiaelopeddeheljabm\13.651.13.21587_0\stubby.html, Quarantined, [1688], [456842],1.0.6235 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\MAPSGALAXY.EXE, Quarantined, [541], [365288],1.0.6235 PUP.Optional.MindSpark, C:\DOWNLOADS\MAPSGALAXY.EXE, Quarantined, [541], [365288],1.0.6235 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  24. What is ReadingFanatic?The Malwarebytes research team has determined that ReadingFanatic is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.ReadingFanatic is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by ReadingFanatic?You may see these browser extensions/add-ons:these warnings during install:and these changed settings:and this new homepage in the affected browsers:How did ReadingFanatic get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove ReadingFanatic?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of ReadingFanatic? If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the ReadingFanatic entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the ReadingFanatic hijacker. It would have blocked traffic to their domains: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_6xMembers_@www.readingfanatic.com.xpi [2018-06-28] CHR Extension: (ReadingFanatic) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf [2018-06-28] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0 Adds the file manifest.json"="6/28/2018 8:44 AM, 2569 bytes, A Adds the file newtabproduct.html"="4/7/2018 3:31 AM, 1136 bytes, A Adds the file stubby.html"="4/7/2018 3:31 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\_metadata Adds the file computed_hashes.json"="6/28/2018 8:44 AM, 4096 bytes, A Adds the file verified_contents.json"="4/7/2018 3:31 AM, 4877 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\config Adds the file config.json"="4/7/2018 3:31 AM, 1754 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\icons Adds the file icon128.png"="6/28/2018 8:44 AM, 6810 bytes, A Adds the file icon16.png"="4/7/2018 3:31 AM, 1424 bytes, A Adds the file icon19disabled.png"="4/7/2018 3:31 AM, 1388 bytes, A Adds the file icon19on.png"="6/28/2018 8:44 AM, 622 bytes, A Adds the file icon48.png"="6/28/2018 8:44 AM, 2259 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js Adds the file ajax.js"="4/7/2018 3:31 AM, 2250 bytes, A Adds the file background.js"="4/7/2018 3:31 AM, 21002 bytes, A Adds the file chrome.js"="4/7/2018 3:31 AM, 180 bytes, A Adds the file content_script.js"="4/7/2018 3:31 AM, 5815 bytes, A Adds the file dlp.js"="4/7/2018 3:31 AM, 5690 bytes, A Adds the file dlpHelper.js"="4/7/2018 3:31 AM, 1836 bytes, A Adds the file extension_detect.js"="4/7/2018 3:31 AM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/7/2018 3:31 AM, 2908 bytes, A Adds the file index.js"="4/7/2018 3:31 AM, 82 bytes, A Adds the file initOfferCEF.js"="4/7/2018 3:31 AM, 8842 bytes, A Adds the file logger.js"="4/7/2018 3:31 AM, 575 bytes, A Adds the file offerService.js"="4/7/2018 3:31 AM, 13159 bytes, A Adds the file pageUtils.js"="4/7/2018 3:31 AM, 1811 bytes, A Adds the file PartnerId.js"="4/7/2018 3:31 AM, 16439 bytes, A Adds the file product.js"="4/7/2018 3:31 AM, 4511 bytes, A Adds the file storage.js"="4/7/2018 3:31 AM, 1675 bytes, A Adds the file TabManager.js"="4/7/2018 3:31 AM, 189 bytes, A Adds the file TemplateParser.js"="4/7/2018 3:31 AM, 3080 bytes, A Adds the file ul.js"="4/7/2018 3:31 AM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/7/2018 3:31 AM, 2521 bytes, A Adds the file urlUtils.js"="4/7/2018 3:31 AM, 5385 bytes, A Adds the file util.js"="4/7/2018 3:31 AM, 3235 bytes, A Adds the file webtooltabAPI.js"="4/7/2018 3:31 AM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmmbajpcfedaechekcachdldkdfaalbf Adds the file 000003.log"="6/28/2018 8:51 AM, 4803 bytes, A Adds the file CURRENT"="6/28/2018 8:44 AM, 16 bytes, A Adds the file LOCK"="6/28/2018 8:44 AM, 0 bytes, A Adds the file LOG"="6/28/2018 8:50 AM, 412 bytes, A Adds the file LOG.old"="6/28/2018 8:44 AM, 185 bytes, A Adds the file MANIFEST-000001"="6/28/2018 8:44 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_6xMembers_@www.readingfanatic.com Adds the file storage.js"="6/28/2018 8:48 AM, 2351 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _6xMembers_@www.readingfanatic.com.xpi"="6/28/2018 8:48 AM, 58383 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "bmmbajpcfedaechekcachdldkdfaalbf"="REG_SZ", "B549BAA9009D3E7111F3FBB1FB6E471F5A91115689FDC3D9C60436FA632E4DA1" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/28/18 Scan Time: 8:55 AM Log File: 30240402-7aa0-11e8-b1b2-080027235d76.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.365 Update Package Version: 1.0.5663 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251542 Threats Detected: 52 Threats Quarantined: 52 Time Elapsed: 4 min, 30 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\_metadata, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\config, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\icons, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL EXTENSION SETTINGS\BMMBAJPCFEDAECHEKCACHDLDKDFAALBF, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_6xMembers_@www.readingfanatic.com, Quarantined, [1680], [468075],1.0.5663 File: 44 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_6xMembers_@www.readingfanatic.com.xpi, Quarantined, [1680], [457930],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmmbajpcfedaechekcachdldkdfaalbf\000003.log, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmmbajpcfedaechekcachdldkdfaalbf\CURRENT, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmmbajpcfedaechekcachdldkdfaalbf\LOCK, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmmbajpcfedaechekcachdldkdfaalbf\LOG, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmmbajpcfedaechekcachdldkdfaalbf\LOG.old, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmmbajpcfedaechekcachdldkdfaalbf\MANIFEST-000001, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\config\config.json, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\icons\icon128.png, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\icons\icon16.png, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\icons\icon19disabled.png, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\icons\icon19on.png, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\icons\icon48.png, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\ajax.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\background.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\chrome.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\content_script.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\dlp.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\dlpHelper.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\extension_detect.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\genericLoadRemoteSettings.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\index.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\initOfferCEF.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\logger.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\offerService.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\pageUtils.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\PartnerId.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\product.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\storage.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\TabManager.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\TemplateParser.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\ul.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\urlFragmentActions.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\urlUtils.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\util.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\js\webtooltabAPI.js, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\_metadata\computed_hashes.json, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\_metadata\verified_contents.json, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\manifest.json, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\newtabproduct.html, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf\13.611.13.3362_0\stubby.html, Quarantined, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [533], [383822],1.0.5663 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [533], [383822],1.0.5663 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_6xMembers_@www.readingfanatic.com\storage.js, Quarantined, [1680], [468075],1.0.5663 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  25. What is Screen Watch?The Malwarebytes research team has determined that Screen Watch is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Screen Watch is a member of the Mindspark/Ask family now known as APN applications.How do I know if my computer is affected by Screen Watch?You may see this Chrome browser extension:these warnings during install:this icon in the Chrome menu-bar:and this newtab-page in the affected browsers:How did Screen Watch get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove Screen Watch?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Screen Watch? If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the Screen Watch entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Screen Watch hijacker, by blocking traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: CHR Extension: (Screen Watch) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep [2018-06-20] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0 Adds the file dynamicNewTab.html"="4/10/2018 9:22 AM, 1136 bytes, A Adds the file manifest.json"="6/20/2018 8:43 AM, 2535 bytes, A Adds the file productnewtab.html"="4/10/2018 9:22 AM, 1136 bytes, A Adds the file stubby.html"="4/10/2018 9:22 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\_metadata Adds the file computed_hashes.json"="6/20/2018 8:43 AM, 4670 bytes, A Adds the file verified_contents.json"="4/10/2018 9:22 AM, 5391 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\config Adds the file config.json"="4/10/2018 9:22 AM, 1950 bytes, A Adds the file extension-config.json"="4/10/2018 9:22 AM, 1114 bytes, A Adds the file extension-dev-config.json"="4/10/2018 9:22 AM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\icons Adds the file icon128.png"="6/20/2018 8:43 AM, 1568 bytes, A Adds the file icon16.png"="4/10/2018 9:22 AM, 165 bytes, A Adds the file icon19disabled.png"="4/10/2018 9:22 AM, 152 bytes, A Adds the file icon19on.png"="6/20/2018 8:43 AM, 286 bytes, A Adds the file icon48.png"="6/20/2018 8:43 AM, 689 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js Adds the file ajax.js"="4/10/2018 9:22 AM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="4/10/2018 9:22 AM, 11023 bytes, A Adds the file background.js"="4/10/2018 9:22 AM, 21158 bytes, A Adds the file chrome.js"="4/10/2018 9:22 AM, 180 bytes, A Adds the file content_script.js"="4/10/2018 9:22 AM, 5815 bytes, A Adds the file dlp.js"="4/10/2018 9:22 AM, 5690 bytes, A Adds the file dlpHelper.js"="4/10/2018 9:22 AM, 1836 bytes, A Adds the file extension_detect.js"="4/10/2018 9:22 AM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/10/2018 9:22 AM, 2908 bytes, A Adds the file index.js"="4/10/2018 9:22 AM, 82 bytes, A Adds the file initOfferCEF.js"="4/10/2018 9:22 AM, 8991 bytes, A Adds the file logger.js"="4/10/2018 9:22 AM, 575 bytes, A Adds the file offerService.js"="4/10/2018 9:22 AM, 13159 bytes, A Adds the file pageUtils.js"="4/10/2018 9:22 AM, 1811 bytes, A Adds the file PartnerId.js"="4/10/2018 9:22 AM, 16439 bytes, A Adds the file product.js"="4/10/2018 9:22 AM, 4511 bytes, A Adds the file storage.js"="4/10/2018 9:22 AM, 1675 bytes, A Adds the file TabManager.js"="4/10/2018 9:22 AM, 189 bytes, A Adds the file TemplateParser.js"="4/10/2018 9:22 AM, 3080 bytes, A Adds the file ul.js"="4/10/2018 9:22 AM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/10/2018 9:22 AM, 2521 bytes, A Adds the file urlUtils.js"="4/10/2018 9:22 AM, 5385 bytes, A Adds the file util.js"="4/10/2018 9:22 AM, 4027 bytes, A Adds the file webtooltabAPI.js"="4/10/2018 9:22 AM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkmjlcbkppjpiianckgofgolfojkdeep Adds the file 000003.log"="6/20/2018 8:43 AM, 0 bytes, A Adds the file CURRENT"="6/20/2018 8:43 AM, 16 bytes, A Adds the file LOCK"="6/20/2018 8:43 AM, 0 bytes, A Adds the file LOG"="6/20/2018 8:43 AM, 0 bytes, A Adds the file MANIFEST-000001"="6/20/2018 8:43 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "bkmjlcbkppjpiianckgofgolfojkdeep"="REG_SZ", "831597C8713E92ECCA4C09E2F5E0F2139F33637C234A47CB97F7BA7A4F2E007C" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/20/18 Scan Time: 8:54 AM Log File: d80905a0-7456-11e8-b181-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.5550 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 238612 Threats Detected: 52 Threats Quarantined: 52 Time Elapsed: 2 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkmjlcbkppjpiianckgofgolfojkdeep, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\_metadata, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\config, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\icons, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKMJLCBKPPJPIIANCKGOFGOLFOJKDEEP, Quarantined, [1683], [467555],1.0.5550 File: 45 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkmjlcbkppjpiianckgofgolfojkdeep\000003.log, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkmjlcbkppjpiianckgofgolfojkdeep\CURRENT, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkmjlcbkppjpiianckgofgolfojkdeep\LOCK, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkmjlcbkppjpiianckgofgolfojkdeep\LOG, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkmjlcbkppjpiianckgofgolfojkdeep\MANIFEST-000001, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKMJLCBKPPJPIIANCKGOFGOLFOJKDEEP\13.421.12.64284_0\MANIFEST.JSON, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\config\config.json, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\config\extension-config.json, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\config\extension-dev-config.json, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\icons\icon128.png, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\icons\icon16.png, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\icons\icon19disabled.png, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\icons\icon19on.png, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\icons\icon48.png, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\logger.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\ajax.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\b2b-partner-tracking.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\background.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\chrome.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\content_script.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\dlp.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\dlpHelper.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\extension_detect.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\genericLoadRemoteSettings.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\index.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\initOfferCEF.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\offerService.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\pageUtils.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\PartnerId.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\product.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\storage.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\TabManager.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\TemplateParser.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\ul.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\urlFragmentActions.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\urlUtils.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\util.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\js\webtooltabAPI.js, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\_metadata\computed_hashes.json, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\_metadata\verified_contents.json, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\dynamicNewTab.html, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\productnewtab.html, Quarantined, [1683], [467555],1.0.5550 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjlcbkppjpiianckgofgolfojkdeep\13.421.12.64284_0\stubby.html, Quarantined, [1683], [467555],1.0.5550 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.