Jump to content

Removal instructions for Search Defence


Recommended Posts

  • Staff

What is Search Defence?

The Malwarebytes research team has determined that Search Defence is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Search Defence?

This is how the start-page looks:

main.png

And you may see these toolbars:

warning2.png

warning3.png

or this warning:

warning1.png

and this entry in your list of installed programs:

warning4.png

How did Search Defence get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Search Defence?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Search Defence?
  • The rogue replaces your hosts file, so you may have to restore the old one. You can find third-party hosts file alternatives at hpHosts or at mvps.org or you can simply reset the default hosts file as outlined here by Microsoft.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Search Defence rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3128O1 - Hosts: 54.235.90.58 nebipnoobechpjkccdjjeinmclomojdaO2 - BHO: Search Defense BHO - {71C000B9-44FE-4380-8A32-53B087223FD6} - C:\Program Files\Search Defense\FrameworkBHO.dllO4 - HKLM\..\Run: [BService] C:\Program Files\Bench\BService\1.1\bservice.exeO4 - HKLM\..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exeO4 - HKLM\..\Run: [Bench Communicator Watcher] C:\Program Files\Bench\Proxy\pwdg.exeO4 - HKLM\..\Run: [Bench Settings Cleaner] C:\Program Files\Bench\Proxy\cl.exeO4 - HKLM\..\RunOnce: [Search Defense-repairJob] wscript.exe "C:\Users\{username}\AppData\Local\Search Defense\repair.js" "Search Defense-repairJob"
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\Bench\BService\1.1       Adds the file bhelper.dll"="7/15/2014 11:10 PM, 53248 bytes, A       Adds the file bservice.exe"="7/15/2014 11:10 PM, 52736 bytes, A    Adds the folder C:\Program Files\Bench\NmHost       Adds the file manifest.json"="7/27/2014 9:39 AM, 215 bytes, A       Adds the file nmhost.exe"="7/15/2014 11:09 PM, 165376 bytes, A    Adds the folder C:\Program Files\Bench\NmHost\data\installer       Adds the file nebipnoobechpjkccdjjeinmclomojda"="7/27/2014 9:39 AM, 957 bytes, A    Adds the folder C:\Program Files\Bench\Proxy       Adds the file cl.exe"="7/15/2014 11:04 PM, 55296 bytes, A       Adds the file icon.ico"="7/25/2014 9:01 AM, 32038 bytes, A       Adds the file proc.exe"="7/15/2014 11:04 PM, 428544 bytes, A       Adds the file pwdg.exe"="7/15/2014 11:04 PM, 127488 bytes, A    Adds the folder C:\Program Files\Bench\Updater       Adds the file products.xml"="7/27/2014 9:39 AM, 377 bytes, A       Adds the file updater.exe"="7/15/2014 11:04 PM, 67072 bytes, A    Adds the folder C:\Program Files\Bench\Updater\1.7.0.0       Adds the file updater.exe"="7/15/2014 11:04 PM, 419840 bytes, A    Adds the folder C:\Program Files\Bench\Wd       Adds the file wd.exe"="7/15/2014 11:10 PM, 92672 bytes, A    Adds the folder C:\Program Files\Search Defense    Adds the folder C:\Program Files\Search Defense\AppFramework    Adds the folder C:\Program Files\Search Defense\CanvasFramework    Adds the folder C:\Program Files\Search Defense\framework    Adds the folder C:\Program Files\Search Defense\framework-ui    Adds the folder C:\Program Files\Search Defense\framework-ui\theme\bubble    Adds the folder C:\Program Files\Search Defense\icons    Adds the folder C:\Users\{username}\AppData\Local\BenchUpdater       Adds the file products.xml"="7/27/2014 9:39 AM, 447 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Search Defense    Adds the folder C:\Users\{username}\AppData\Local\Search Defense\firefox    Adds the folder C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework    Adds the folder C:\Users\{username}\AppData\Local\Search Defense\firefox\CanvasFramework    Adds the folder C:\Users\{username}\AppData\Local\Search Defense\firefox\framework    Adds the folder C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui    Adds the folder C:\Users\{username}\AppData\Local\Search Defense\firefox\icons    Adds the folder C:\Users\{username}\AppData\LocalLow\{71C000B9-44FE-4380-8A32-53B087223FD6}    Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\Blocker    Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\CanvasStorage    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Defense       Adds the file Search Defense Settings.url"="7/27/2014 9:39 AM, 125 bytes, A       Adds the file Search Defense.lnk"="7/27/2014 9:39 AM, 1970 bytes, A       Adds the file Uninstall.lnk"="7/27/2014 9:39 AM, 1086 bytes, A    In the existing folder C:\Windows\System32\drivers\etc       Alters the file hosts        6/10/2009 11:39 PM, 824 bytes, A ==> 7/27/2014 9:39 AM, 871 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001"="7/27/2014 9:39 AM, 3234 bytes, A       Adds the file bench-sys"="7/27/2014 9:39 AM, 3242 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="7/27/2014 9:39 AM, 346 bytes, A       Adds the file bench-sys.job"="7/27/2014 9:39 AM, 346 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE]       "39007"="REG_SZ", "Search Defense"    [HKEY_LOCAL_MACHINE\SOFTWARE\AdvertisingSupport]       "Existing"="REG_SZ", "1"       "Seen"="REG_SZ", "1"       "SeenDate"="REG_SZ", "1406446749"       "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService]       "Path"="REG_SZ", "C:\Program Files\Bench\BService\1.1"       "Version"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService\39007]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\InstalledExtensions]       "39007"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost]       "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\nmhost.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost\39007]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater]       "path"="REG_SZ", "C:\Program Files\Bench\Updater\updater.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater\39007]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37C06066-6D99-454B-8C74-908C9DFC68E9}]       "(Default)"="REG_SZ", "Search Defense"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37C06066-6D99-454B-8C74-908C9DFC68E9}\LocalServer32]       "(Default)"="REG_SZ", ""C:\Program Files\Search Defense\FrameworkEngine.exe""       "ServerExecutable"="REG_SZ", "C:\Program Files\Search Defense\FrameworkEngine.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37C06066-6D99-454B-8C74-908C9DFC68E9}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37C06066-6D99-454B-8C74-908C9DFC68E9}\TypeLib]       "(Default)"="REG_SZ", "{9FF65622-F27A-48DB-A58A-A1386EDC4030}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37C06066-6D99-454B-8C74-908C9DFC68E9}\Version]       "(Default)"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44461633-54B0-4113-8D1D-6D78C9CD901D}]       "(Default)"="REG_SZ", "Search Defense"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44461633-54B0-4113-8D1D-6D78C9CD901D}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44461633-54B0-4113-8D1D-6D78C9CD901D}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Search Defense\FrameworkBHO.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44461633-54B0-4113-8D1D-6D78C9CD901D}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44461633-54B0-4113-8D1D-6D78C9CD901D}\TypeLib]       "(Default)"="REG_SZ", "{8BF9A749-490B-4046-98EE-606AF345A22D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44461633-54B0-4113-8D1D-6D78C9CD901D}\Version]       "(Default)"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71C000B9-44FE-4380-8A32-53B087223FD6}]       "(Default)"="REG_SZ", "Search Defense BHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71C000B9-44FE-4380-8A32-53B087223FD6}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71C000B9-44FE-4380-8A32-53B087223FD6}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Search Defense\FrameworkBHO.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71C000B9-44FE-4380-8A32-53B087223FD6}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71C000B9-44FE-4380-8A32-53B087223FD6}\TypeLib]       "(Default)"="REG_SZ", "{8BF9A749-490B-4046-98EE-606AF345A22D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71C000B9-44FE-4380-8A32-53B087223FD6}\Version]       "(Default)"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37AD606E-6D8C-4550-BEBF-148CFDFC82E9}]       "(Default)"="REG_SZ", "IKangoEngine"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37AD606E-6D8C-4550-BEBF-148CFDFC82E9}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37AD606E-6D8C-4550-BEBF-148CFDFC82E9}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37AD606E-6D8C-4550-BEBF-148CFDFC82E9}\TypeLib]       "(Default)"="REG_SZ", "{9FF65622-F27A-48DB-A58A-A1386EDC4030}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44201657-5461-417F-B689-D078B7CD391D}]       "(Default)"="REG_SZ", "IKangoToolbar"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44201657-5461-417F-B689-D078B7CD391D}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44201657-5461-417F-B689-D078B7CD391D}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44201657-5461-417F-B689-D078B7CD391D}\TypeLib]       "(Default)"="REG_SZ", "{8BF9A749-490B-4046-98EE-606AF345A22D}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71E7001D-4450-43CF-8498-4CB0E822EAD6}]       "(Default)"="REG_SZ", "IKangoBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71E7001D-4450-43CF-8498-4CB0E822EAD6}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71E7001D-4450-43CF-8498-4CB0E822EAD6}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71E7001D-4450-43CF-8498-4CB0E822EAD6}\TypeLib]       "(Default)"="REG_SZ", "{8BF9A749-490B-4046-98EE-606AF345A22D}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8BF9A749-490B-4046-98EE-606AF345A22D}\1.0]       "(Default)"="REG_SZ", "Framework 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8BF9A749-490B-4046-98EE-606AF345A22D}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\Search Defense\FrameworkBHO.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8BF9A749-490B-4046-98EE-606AF345A22D}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8BF9A749-490B-4046-98EE-606AF345A22D}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\Search Defense"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9FF65622-F27A-48DB-A58A-A1386EDC4030}\1.0]       "(Default)"="REG_SZ", "EngineLib"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9FF65622-F27A-48DB-A58A-A1386EDC4030}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\Search Defense\FrameworkEngine.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9FF65622-F27A-48DB-A58A-A1386EDC4030}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9FF65622-F27A-48DB-A58A-A1386EDC4030}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\Search Defense"    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost]       "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\manifest.json"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C000B9-44FE-4380-8A32-53B087223FD6}]       "(Default)"="REG_SZ", "Search Defense BHO"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]       "ForceRefreshFG"="REG_DWORD", 0       "LastPolicyTime"="REG_DWORD", 18181899       "PrevRsopLogging"="REG_DWORD", 1       "PrevSlowLink"="REG_DWORD", 0       "RsopStatus"="REG_DWORD", 0       "Status"="REG_DWORD", 0    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{71C000B9-44FE-4380-8A32-53B087223FD6}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]       "Bench Communicator Watcher"="REG_SZ", "C:\Program Files\Bench\Proxy\pwdg.exe"       "Bench Settings Cleaner"="REG_SZ", "C:\Program Files\Bench\Proxy\cl.exe"       "BService"="REG_SZ", "C:\Program Files\Bench\BService\1.1\bservice.exe"       "Wd"="REG_SZ", "C:\Program Files\Bench\Wd\wd.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]       "Search Defense"="REG_SZ", ""       "Search Defense-repairJob"="REG_SZ", "wscript.exe "C:\Users\{username}\AppData\Local\Search Defense\repair.js" "Search Defense-repairJob""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\39007_Search Defense]       "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\Search Defense/icon.ico"       "DisplayName"="REG_SZ", "Search Defense"       "DisplayVersion"="REG_SZ", "1.0"       "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\Search Defense"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "Actually Apps"       "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\Search Defense\uninstall.exe "    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="REG_BINARY, ................................       "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job.fp"="REG_DWORD", 1415855467       "bench-sys.job"="REG_BINARY, ................................       "bench-sys.job.fp"="REG_DWORD", 1396185592    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]       "1"="REG_SZ", "nebipnoobechpjkccdjjeinmclomojda;http://nebipnoobechpjkccdjjeinmclomojda/check/.eJwNyUsKwCAMANG7ZC2l3XqZojFg_CSithRK716X8-aF6UYGCxi7VgIDN_XBKouObV_NMqYrhTrY2S8yQM88Oawv5LmJqieMLWXEkBKxVCxaNQUH3w_epiEz.7-7_fvALrEWeMm_1vDZU8RrgUJI"    [HKEY_LOCAL_MACHINE\SOFTWARE\Proxy\Installations\Search Defense]       "aoi"="REG_SZ", "1406453949"       "domain"="REG_SZ", "searchdefense-a.akamaihd.net"       "ext"="REG_SZ", "Search Defense"       "format"="REG_SZ", "//{domain}/loaders/{pid}/l.js?pid={pid}&systemid={systemid}&ext={ext}&aoi={aoi}&zoneid={zoneid}&crr={crr}&type=p"       "more_info_url"="REG_SZ", "http://search-defense.com"       "pid"="REG_SZ", "2083"       "protect_redirect_url"="REG_SZ", "http://search-defense.com/warning.php?%blocked_url%"       "settings_url"="REG_SZ", "http://search-defense.com/settings.php"       "system_black_list_url"="REG_SZ", "http://searchdefense-a.akamaihd.net/protect/rules.json"       "zoneid"="REG_SZ", "695186"    [HKEY_LOCAL_MACHINE\SOFTWARE\Search Defense]       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\Search Defense"       "AllowProxy"="REG_SZ", "1"       "CDN"="REG_SZ", "searchdefense-a.akamaihd.net"       "InstallTime"="REG_SZ", "1406453949"       "Pid"="REG_SZ", "2083"       "Seen"="REG_SZ", "1"       "SeenDate"="REG_SZ", "1406446749"       "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd"       "UTCInstallTime"="REG_SZ", "1406446749"       "ZoneId"="REG_SZ", "695186"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71C000B9-44FE-4380-8A32-53B087223FD6}]       "Flags"="REG_DWORD", 1024       "VerCache"="REG_BINARY, ......................    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]       "ProxyEnable        REG_DWORD, 0 ==> REG_DWORD, 1       "ProxyServer"="REG_SZ", "http=127.0.0.1:3128"    [HKEY_CURRENT_USER\Software\Proxy]       "app_name"="REG_SZ", "Search Defense"       "AutoConfigURL"="REG_SZ", ""       "disableChainProxy"="REG_DWORD", 0       "ProxyEnable"="REG_DWORD", 0       "ProxyServer"="REG_SZ", ""       "totalFail"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\Proxy\installations\Search Defense]       "czoneid"="REG_SZ", "699826"    [HKEY_CURRENT_USER\System\CurrentControlSet\Control\NetTrace\Session]
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 7/27/2014Scan Time: 9:46:14 AMLogfile: mbamSearchDefence.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.07.27.04Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 248514Time Elapsed: 3 min, 27 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 5PUP.Optional.Bench.A, C:\Program Files\Bench\Wd\wd.exe, 1408, Delete-on-Reboot, [fc840f9596e578be808016d817eb38c8]PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\pwdg.exe, 3148, Delete-on-Reboot, [760a495b017a78be1d90a539f80ae11f]PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, 2888, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca]PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\proc.exe, 3104, Delete-on-Reboot, [552bdbc9b6c51026295bfcba9171629e]PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\FrameworkEngine.exe, 3676, Delete-on-Reboot, [e19ffda789f2ad891bb6299f788a758b]Modules: 9PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], Registry Keys: 20PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\CLASSES\CLSID\{71C000B9-44FE-4380-8A32-53B087223FD6}, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\CLASSES\CLSID\{44461633-54B0-4113-8D1D-6D78C9CD901D}, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{8BF9A749-490B-4046-98EE-606AF345A22D}, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44201657-5461-417F-B689-D078B7CD391D}, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{71E7001D-4450-43CF-8498-4CB0E822EAD6}, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\CLASSES\CLSID\{71C000B9-44FE-4380-8A32-53B087223FD6}\INPROCSERVER32, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{71C000B9-44FE-4380-8A32-53B087223FD6}, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.SearchDefense.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{71C000B9-44FE-4380-8A32-53B087223FD6}, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.SearchDefense.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{71C000B9-44FE-4380-8A32-53B087223FD6}, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.ActuallyApps.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\39007_Search Defense, Quarantined, [027e8d170576ef476b5d297870913bc5], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\Search Defense, Quarantined, [324e6a3a6c0f57dfc25c02c727dbc23e], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\BService, Quarantined, [3a46e4c099e2360019651bbe92708b75], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\InstalledExtensions, Quarantined, [c2be43613d3ec57156290ccdc939f907], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\NmHost, Quarantined, [0f71079d017a95a1c9b77a5f877b728e], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\Updater, Quarantined, [5c24c2e29edd251185fc5b7e6e94c53b], PUP.Optional.Bench.A, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhost, Quarantined, [f78960447efd1c1a5ef754cf24e08e72], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\PROXY\INSTALLATIONS\Search Defense, Quarantined, [562af4b06714cc6ad944cdfc4fb35ea2], PUP.Optional.SearchDefense.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PROXY\INSTALLATIONS\Search Defense, Quarantined, [b8c813917dfe270f78a45a6f09f9a55b], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9FF65622-F27A-48DB-A58A-A1386EDC4030}, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37AD606E-6D8C-4550-BEBF-148CFDFC82E9}, Quarantined, [e19ffda789f2ad891bb6299f788a758b], Registry Values: 6PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Wd, C:\Program Files\Bench\Wd\wd.exe, Quarantined, [fc840f9596e578be808016d817eb38c8]PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Communicator Watcher, C:\Program Files\Bench\Proxy\pwdg.exe, Quarantined, [760a495b017a78be1d90a539f80ae11f]PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Settings Cleaner, C:\Program Files\Bench\Proxy\cl.exe, Quarantined, [bec2287cc7b4df57c5e9627c38ca44bc]PUP.Optional.SmartApps, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Search Defense-repairJob, wscript.exe "C:\Users\{username}\AppData\Local\Search Defense\repair.js" "Search Defense-repairJob", Quarantined, [324e2183314a88aeb06748dc808428d8]PUM.Bad.Proxy, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:3128, Quarantined, [285803a1e19a2214e1539d3b70928d73]PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BService, C:\Program Files\Bench\BService\1.1\bservice.exe, Quarantined, [a7d901a30378cd69fbf61399ed1536ca]Registry Data: 0(No malicious items detected)Folders: 34PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost, Quarantined, [0977198bfa81b581c1b7fafbaa586d93], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\data, Quarantined, [0977198bfa81b581c1b7fafbaa586d93], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\data\installer, Quarantined, [0977198bfa81b581c1b7fafbaa586d93], PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater, Quarantined, [b4cc2e76691253e3a4e3cb2bf70b748c], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater, Quarantined, [09776f354a31e94d26e973376b978779], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0, Quarantined, [09776f354a31e94d26e973376b978779], PUP.Optional.Bench.A, C:\Program Files\Bench\BService, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\Wd, Delete-on-Reboot, [136d8b19cfac2b0b45adaffdfc06ae52], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy, Delete-on-Reboot, [552bdbc9b6c51026295bfcba9171629e], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense, Delete-on-Reboot, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\CanvasFramework, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\icons, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense, Delete-on-Reboot, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\AppFramework, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\CanvasFramework, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\icons, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Defense, Quarantined, [6020f7ad1a612313b71b36921de550b0], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\AppFramework, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\CanvasFramework, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\icons, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\includes, Quarantined, [4b35743029522d0939a1efd98d75ae52], Files: 205PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\FrameworkBHO.dll, Quarantined, [ef915a4ab2c987af2c511744d72b52ae], PUP.Optional.ActuallyApps.A, C:\Users\{username}\Desktop\Search Defence.exe, Quarantined, [5927a5fff982ee48b612861b21e04db3], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Search Defense\uninstall.exe, Quarantined, [027e8d170576ef476b5d297870913bc5], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nebipnoobechpjkccdjjeinmclomojda_0.localstorage, Quarantined, [d5ab436190eb989e6db78d3c4db54fb1], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nebipnoobechpjkccdjjeinmclomojda_0.localstorage-journal, Quarantined, [245c554fb8c33ef8d4504f7a9270837d], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001, Quarantined, [512f01a365169f9777788f42e41ef30d], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-sys, Quarantined, [3c44574d3e3d00363fb0c60b6e944cb4], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\nmhost.exe, Quarantined, [0977198bfa81b581c1b7fafbaa586d93], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\manifest.json, Quarantined, [0977198bfa81b581c1b7fafbaa586d93], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\data\installer\nebipnoobechpjkccdjjeinmclomojda, Quarantined, [0977198bfa81b581c1b7fafbaa586d93], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job, Quarantined, [512f62426219f4429de9f10546bcd32d], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, Quarantined, [9ee2ddc75a2139fd36508c6a0bf70df3], PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater\products.xml, Quarantined, [b4cc2e76691253e3a4e3cb2bf70b748c], PUP.Optional.Bench.A, C:\Program Files\Bench\Wd\wd.exe, Delete-on-Reboot, [fc840f9596e578be808016d817eb38c8], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\pwdg.exe, Delete-on-Reboot, [760a495b017a78be1d90a539f80ae11f], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\cl.exe, Quarantined, [bec2287cc7b4df57c5e9627c38ca44bc], PUP.Optional.SmartApps, C:\Users\{username}\AppData\Local\Search Defense\repair.js, Quarantined, [324e2183314a88aeb06748dc808428d8], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\products.xml, Quarantined, [09776f354a31e94d26e973376b978779], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\updater.exe, Quarantined, [09776f354a31e94d26e973376b978779], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0\updater.exe, Quarantined, [09776f354a31e94d26e973376b978779], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, Delete-on-Reboot, [a7d901a30378cd69fbf61399ed1536ca], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\icon.ico, Quarantined, [552bdbc9b6c51026295bfcba9171629e], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\proc.exe, Delete-on-Reboot, [552bdbc9b6c51026295bfcba9171629e], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\chrome_gp_update.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\chrome_installer.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\clear_cache.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\common.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox_installer.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\gpedit.exe, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\icon.ico, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\ie_installer.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\installer.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\main_installer.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\migrate.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\projectInstaller.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\repair_data.json, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\SoftwareDetector.exe, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\sqlite3.exe, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\storageedit.exe, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\background.html, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\bootstrap.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\chrome.manifest, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\extension_info.json, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\install.rdf, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework\appAPI_bg.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework\appAPI_browseraction.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework\appAPI_common.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework\appAPI_content.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework\appAPI_settings.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework\appAPI_webrequest.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\AppFramework\jquery.min.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\CanvasFramework\canvasscript_engine.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\CanvasFramework\canvas_bg.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\CanvasFramework\md5.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\CanvasFramework\registry.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\CanvasFramework\webrequest.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\backgroundscript_engine.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\base.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\browser.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\chrome_windows.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\console.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\content_proxy.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\framework.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\i18n.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\invoke_async.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\io.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\lang.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\legacy.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\message_target.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\messaging.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\storage.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\timer.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\uninstall.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\userscript_client.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\userscript_engine.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\utils.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework\xhr.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\browser_button.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\contentNotification.tmpl, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\contentNotificationStyle.tmpl, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\content_notifications.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\context_menu.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\framework_api.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\notifications.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\options.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\framework-ui\ui_base.js, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\icons\button.png, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\icons\icon100.png, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\icons\icon128.png, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\icons\icon32.png, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Local\Search Defense\firefox\icons\icon48.png, Quarantined, [dba5515372093204aa262c9cd131f50b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\background.html, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\config.xml, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\extension_info.json, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\FrameworkBHO64.dll, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\FrameworkEngine.exe, Delete-on-Reboot, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\AppFramework\appAPI_bg.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\AppFramework\appAPI_browseraction.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\AppFramework\appAPI_common.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\AppFramework\appAPI_content.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\AppFramework\appAPI_settings.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\AppFramework\appAPI_webrequest.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\AppFramework\jquery.min.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\CanvasFramework\canvasscript_engine.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\CanvasFramework\canvas_bg.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\CanvasFramework\md5.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\CanvasFramework\registry.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\CanvasFramework\webrequest.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\backgroundscript_engine.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\base.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\browser.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\console.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\framework.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\global.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\i18n.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\initialize.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\invoke_async.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\io.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\json2.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\lang.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\legacy.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\message_target.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\messaging.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\storage.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\timer.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\updater.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\userscript_client.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\userscript_engine.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\utils.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework\xhr.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\browser_button.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\context_menu.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\context_menu_item_handler.html, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\framework_api.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\notification.html, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\notifications.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\options.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\ui_base.js, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\bottom-left.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\bottom-middle.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\bottom-right.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\middle-left.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\middle-right.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\tail-bottom.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\tail-left.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\tail-right.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\tail-top.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\top-left.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\top-middle.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\framework-ui\theme\bubble\top-right.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\icons\button.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\icons\icon100.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\icons\icon128.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\icons\icon32.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Program Files\Search Defense\icons\icon48.png, Quarantined, [e19ffda789f2ad891bb6299f788a758b], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Defense\Search Defense Settings.url, Quarantined, [6020f7ad1a612313b71b36921de550b0], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Defense\Search Defense.lnk, Quarantined, [6020f7ad1a612313b71b36921de550b0], PUP.Optional.SearchDefense.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Defense\Uninstall.lnk, Quarantined, [6020f7ad1a612313b71b36921de550b0], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\background.html, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\extension_info.json, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\manifest.json, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\AppFramework\appAPI_bg.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\AppFramework\appAPI_browseraction.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\AppFramework\appAPI_common.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\AppFramework\appAPI_content.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\AppFramework\appAPI_settings.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\AppFramework\appAPI_webrequest.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\AppFramework\jquery.min.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\CanvasFramework\canvasscript_engine.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\CanvasFramework\canvas_bg.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\CanvasFramework\webrequest.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\backgroundscript_engine.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\base.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\browser.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\console.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\framework.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\i18n.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\initialize.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\invoke_async.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\io.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\lang.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\legacy.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\message_target.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\messaging.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\storage.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\timer.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\userscript_client.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\userscript_engine.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\utils.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework\xhr.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui\browser_button.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui\context_menu.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui\framework_api.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui\notifications.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui\options.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui\remote_popup_host.html, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui\remote_popup_host.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\framework-ui\ui_base.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\icons\button.png, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\icons\icon100.png, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\icons\icon128.png, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\icons\icon32.png, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\icons\icon48.png, Quarantined, [4b35743029522d0939a1efd98d75ae52], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebipnoobechpjkccdjjeinmclomojda\1.0_0\includes\content.js, Quarantined, [4b35743029522d0939a1efd98d75ae52], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.