What is Get-a-Clip?
The Malwarebytes research team has determined that Get-a-Clip is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Get-a-Clip?
You may see this entry in your list of installed programs:
this site during install:
and these browser extensions/helper objects:
How did Get-a-Clip get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Get-a-Clip?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to:
Launch Malwarebytes Anti-Malware - Then click Finish.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- If an update is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes Get-a-Clip completely.
- You may experience problems updating the browsers Chrome and Firefox. If this is true we recommend to re-install them.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Get-a-Clip adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Possible signs in FRST logs:
() C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
() C:\Program Files (x86)\Get-a-Clip\mflstart.exe
HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [117240 2016-08-30] ()
AppInit_DLLs-x32: mfllib.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64\MFLPluginIE.dll [2016-08-30] (Get-a-Clip)
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll [2016-08-30] (Get-a-Clip)
FF user.js: detected! => C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js [2016-08-30]
FF Extension: Get-a-Clip Extension - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\[email protected] [2016-08-30]
FF Extension: Get-a-Clip Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2016-08-30]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!mercury-autoenable.js [2016-08-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!mercury-csp.js [2016-08-30]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mercury-autoenable.cfg [2016-08-30] <==== ATTENTION
R2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [3275744 2016-08-30] ()
R1 mfldriver2; C:\Windows\System32\drivers\mfldriver2.sys [61656 2016-08-30] (Windows (R) Win 7 DDK provider)
C:\Program Files (x86)\Get-a-Clip
C:\Windows\SysWOW64\mfllib.dll
(Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\mfldriver2.sys
Get-a-Clip (HKLM-x32\...\Get-a-Clip) (Version: - Get-a-Clip)
() C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll
Alterations made by the installer:File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files (x86)\Get-a-Clip
Adds the file cfg.dat"="8/30/2016 8:39 AM, 580 bytes, A
Adds the file EULA.rtf"="8/30/2016 8:38 AM, 39440 bytes, A
Adds the file ffmpeg.exe"="8/30/2016 8:38 AM, 34170880 bytes, A
Adds the file Get-a-Clip.Config.dll"="8/30/2016 8:38 AM, 121920 bytes, A
Adds the file Get-a-Clip.exe"="8/30/2016 8:38 AM, 773368 bytes, A
Adds the file Get-a-Clip.Lib.dll"="8/30/2016 8:38 AM, 196056 bytes, A
Adds the file MFLPluginIE.dll"="8/30/2016 8:38 AM, 154832 bytes, A
Adds the file MFLService2.exe"="8/30/2016 8:38 AM, 3275744 bytes, A
Adds the file mflstart.exe"="8/30/2016 8:38 AM, 117240 bytes, A
Adds the file SetupWizard.exe"="8/30/2016 8:38 AM, 3224768 bytes, A
Adds the file SpinWheel.gif"="8/30/2016 8:38 AM, 1728 bytes, A
Adds the file vr.dat"="8/30/2016 8:39 AM, 0 bytes, A
Adds the folder C:\Program Files (x86)\Get-a-Clip\nss
Adds the file certutil.exe"="8/30/2016 8:38 AM, 90112 bytes, A
Adds the file mozcrt19.dll"="8/30/2016 8:38 AM, 718296 bytes, A
Adds the file nspr4.dll"="8/30/2016 8:38 AM, 169432 bytes, A
Adds the file nss3.dll"="8/30/2016 8:38 AM, 364544 bytes, A
Adds the file plc4.dll"="8/30/2016 8:38 AM, 20440 bytes, A
Adds the file plds4.dll"="8/30/2016 8:38 AM, 17368 bytes, A
Adds the file smime3.dll"="8/30/2016 8:38 AM, 106496 bytes, A
Adds the file softokn3.dll"="8/30/2016 8:38 AM, 372736 bytes, A
Adds the folder C:\Program Files (x86)\Get-a-Clip\Plugins\CH
Adds the file 128x128.png"="8/30/2016 8:38 AM, 14238 bytes, A
Adds the file 16x16.png"="8/30/2016 8:38 AM, 3625 bytes, A
Adds the file 48x48.png"="8/30/2016 8:38 AM, 7254 bytes, A
Adds the file background.html"="8/30/2016 8:38 AM, 101 bytes, A
Adds the file background.js"="8/30/2016 8:38 AM, 2643 bytes, A
Adds the file manifest.json"="8/30/2016 8:38 AM, 868 bytes, A
Adds the file mercury.bootstrap.js"="8/30/2016 8:38 AM, 1173 bytes, A
Adds the folder C:\Program Files (x86)\Get-a-Clip\Plugins\FF
Adds the file [email protected]"="8/30/2016 8:38 AM, 7253 bytes, A
Adds the folder C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64
Adds the file Get-a-Clip.Config.dll"="8/30/2016 8:38 AM, 145080 bytes, A
Adds the file MFLPluginIE.dll"="8/30/2016 8:38 AM, 182696 bytes, A
In the existing folder C:\Windows\System32\drivers
Adds the file mfldriver2.sys"="8/30/2016 8:38 AM, 61656 bytes, A
In the existing folder C:\Windows\SysWOW64
Adds the file mfllib.dll"="8/30/2016 8:38 AM, 120360 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0F6A75F8-A032-4CF7-A6CC-1D85A077EDB2}]
"(Default)"="REG_SZ", "MFLPluginIE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MFLPluginIE.DLL]
"AppID"="REG_SZ", "{0F6A75F8-A032-4CF7-A6CC-1D85A077EDB2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}]
"(Default)"="REG_SZ", "MFLHelper Class"
"AppID"="REG_SZ", "{0F6A75F8-A032-4CF7-A6CC-1D85A077EDB2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\Implemented Categories]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64\MFLPluginIE.dll"
"ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\ProgID]
"(Default)"="REG_SZ", "MFLPluginIE.MFLHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\TypeLib]
"(Default)"="REG_SZ", "{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\VersionIndependentProgID]
"(Default)"="REG_SZ", "MFLPluginIE.MFLHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GETACLIP]
"(Default)"="REG_SZ", "URL:GETACLIP Protocol"
"URL Protocol"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GETACLIP\DefaultIcon]
"(Default)"="REG_SZ", "Get-a-Clip.exe,1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GETACLIP\shell\open\command]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.exe %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}]
"(Default)"="REG_SZ", "IMFLHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}\TypeLib]
"(Default)"="REG_SZ", "{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MFLPluginIE.MFLHelper]
"(Default)"="REG_SZ", "MFLHelper Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MFLPluginIE.MFLHelper\CLSID]
"(Default)"="REG_SZ", "{B0932222-51E2-47D1-A4EF-CB10AE7DF086}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MFLPluginIE.MFLHelper\CurVer]
"(Default)"="REG_SZ", "MFLPluginIE.MFLHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MFLPluginIE.MFLHelper.1]
"(Default)"="REG_SZ", "MFLHelper Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MFLPluginIE.MFLHelper.1\CLSID]
"(Default)"="REG_SZ", "{B0932222-51E2-47D1-A4EF-CB10AE7DF086}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0]
"(Default)"="REG_SZ", "MFLPluginIE 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win64]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\FLAGS]
"(Default)"="REG_SZ", "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\HELPDIR]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}]
"(Default)"="REG_SZ", "MFLHelper Class"
"AppID"="REG_SZ", "{0F6A75F8-A032-4CF7-A6CC-1D85A077EDB2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\Implemented Categories]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
"ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\ProgID]
"(Default)"="REG_SZ", "MFLPluginIE.MFLHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\TypeLib]
"(Default)"="REG_SZ", "{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\VersionIndependentProgID]
"(Default)"="REG_SZ", "MFLPluginIE.MFLHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}]
"(Default)"="REG_SZ", "IMFLHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}\ProxyStubClsid32]
"(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}\TypeLib]
"(Default)"="REG_SZ", "{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}"
"Version"="REG_SZ", "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Get-a-Clip]
"ChName"="REG_SZ", "CH"
"InstallDir"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip"
"InstallRefId"="REG_SZ", "00000000-0000-0000-0000-000000000015"
"InstallTime"="REG_SZ", "1472539139000"
"MachineId"="REG_SZ", "7D1CCEE2-B1A4-F523-23F8-0963D3E7A7E5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}]
"(Default)"="REG_SZ", "MFLHelper"
"NoExplorer"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext]
"DisableAddonLoadTimePerformanceNotifications"="REG_DWORD", 1
"IgnoreFrameApprovalCheck"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{B0932222-51E2-47D1-A4EF-CB10AE7DF086}"="REG_SZ", "1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Activities]
"NoActivities"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Get-a-Clip]
"ChName"="REG_SZ", "CH"
"InstallDir"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip"
"InstallRefId"="REG_SZ", "00000000-0000-0000-0000-000000000015"
"InstallTime"="REG_SZ", "1472539139000"
"MachineId"="REG_SZ", "7D1CCEE2-B1A4-F523-23F8-0963D3E7A7E5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Get-a-Clip\vr]
"vr"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs"="REG_DWORD", 15000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}]
"(Default)"="REG_SZ", "MFLHelper"
"NoExplorer"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mflstart"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip\mflstart.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.exe"
"DisplayName"="REG_SZ", "Get-a-Clip"
"HelpLink"="REG_SZ", "http://get-a-clip.com"
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "Get-a-Clip"
"UninstallString"="REG_SZ", "C:\Program Files (x86)\Get-a-Clip\SetupWizard.exe /u /uid 7D1CCEE2-B1A4-F523-23F8-0963D3E7A7E5"
"URLInfoAbout"="REG_SZ", "http://get-a-clip.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = REG_SZ, "mfllib.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfldriver2]
"DisplayName"="REG_SZ", "mfldriver2"
"ErrorControl"="REG_DWORD", 1
"Group"="REG_SZ", "PNP_TDI"
"ImagePath"="REG_EXPAND_SZ, "system32\drivers\mfldriver2.sys"
"Start"="REG_DWORD", 1
"Tag"="REG_DWORD", 9
"Type"="REG_DWORD", 1
"WOW64"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfldriver2\Enum]
"0"="REG_SZ", "Root\LEGACY_MFLDRIVER2\0000"
"Count"="REG_DWORD", 1
"NextInstance"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MFLService2]
"Description"="REG_SZ", "Get-A-Clip helper service"
"DisplayName"="REG_SZ", "MFL Service"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, ""C:\Program Files (x86)\Get-a-Clip\MFLService2.exe""
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 16
"WOW64"="REG_DWORD", 1
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/30/2016
Scan Time: 8:52 AM
Logfile: mbamGetAClip.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.08.30.04
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319235
Time Elapsed: 9 min, 7 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 2
PUP.Optional.GetAClip.AppFlsh, C:\Program Files (x86)\Get-a-Clip\mflstart.exe, 3812, Delete-on-Reboot, [6bd18fc29a0089ad3b7ddfdf2cd8c040]
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\MFLService2.exe, 2176, Delete-on-Reboot, [89b3450cc0daaf87f64404b9df25db25]
Modules: 1
PUP.Optional.GetAClip.AppFlsh, C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll, Delete-on-Reboot, [3b014f02306a3afc16a28f2f7d87639d],
Registry Keys: 33
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\TYPELIB\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\INTERFACE\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AF141839-3CC0-4ED3-A8FF-BC95B9341C43}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\MFLPluginIE.MFLHelper.1, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\MFLPluginIE.MFLHelper, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MFLPluginIE.MFLHelper, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MFLPluginIE.MFLHelper, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MFLPluginIE.MFLHelper.1, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MFLPluginIE.MFLHelper.1, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\CLASSES\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\INPROCSERVER32, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip, HKLM\SOFTWARE\CLASSES\APPID\{0F6A75F8-A032-4CF7-A6CC-1D85A077EDB2}, Quarantined, [57e5aea3b2e8ee48dde58f2fc63e4bb5],
PUP.Optional.GetAClip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0F6A75F8-A032-4CF7-A6CC-1D85A077EDB2}, Quarantined, [57e5aea3b2e8ee48dde58f2fc63e4bb5],
PUP.Optional.GetAClip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{0F6A75F8-A032-4CF7-A6CC-1D85A077EDB2}, Quarantined, [57e5aea3b2e8ee48dde58f2fc63e4bb5],
PUP.Optional.GetAClip, HKLM\SOFTWARE\CLASSES\APPID\MFLPluginIE.DLL, Quarantined, [81bb450cff9b3afc1aa7c4fa7d87d22e],
PUP.Optional.GetAClip, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\MFLPluginIE.DLL, Quarantined, [56e6ed6498028caad3ee2a94e123c937],
PUP.Optional.GetAClip, HKLM\SOFTWARE\GET-A-CLIP, Quarantined, [201c9cb50f8bd165b40f06b843c1cc34],
PUP.Optional.GetAClip, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\MFLPluginIE.DLL, Quarantined, [9d9fda77c3d76ec8c6fbe9d5ac581ce4],
PUP.Optional.GetAClip, HKLM\SOFTWARE\WOW6432NODE\GET-A-CLIP, Quarantined, [2a12064bfb9fad894b784a7453b111ef],
PUP.Optional.NetFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mfldriver2, Quarantined, [5ddf72df6f2b55e12316eecf36ce56aa],
PUP.Optional.GetAClip, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MFLSERVICE2, Quarantined, [89b3450cc0daaf87f64404b9df25db25],
PUP.Optional.GetAClip, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Get-a-Clip, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
Registry Values: 4
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mflstart, C:\Program Files (x86)\Get-a-Clip\mflstart.exe, Quarantined, [6bd18fc29a0089ad3b7ddfdf2cd8c040]
PUP.Optional.GetAClip, HKLM\SOFTWARE\GET-A-CLIP|MachineId, 7D1CCEE2-B1A4-F523-23F8-0963D3E7A7E5, Quarantined, [201c9cb50f8bd165b40f06b843c1cc34]
PUP.Optional.GetAClip, HKLM\SOFTWARE\WOW6432NODE\GET-A-CLIP|MachineId, 7D1CCEE2-B1A4-F523-23F8-0963D3E7A7E5, Quarantined, [2a12064bfb9fad894b784a7453b111ef]
PUP.Optional.GetAClip, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MFLSERVICE2|ImagePath, "C:\Program Files (x86)\Get-a-Clip\MFLService2.exe", Quarantined, [89b3450cc0daaf87f64404b9df25db25]
Registry Data[b]:[/b] 1
PUP.Optional.GetAClip.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, mfllib.dll, Good: (), Bad: (mfllib.dll),Replaced,[0b312e23f2a82e08a90f665828dc42be]
Folders: 6
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip, Delete-on-Reboot, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\CH, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\FF, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
Files: 43
PUP.Optional.NetFilter, C:\WINDOWS\SYSTEM32\drivers\mfldriver2.sys, Delete-on-Reboot, [61d8488ec408c5fb70d76b372be25281],
PUP.Optional.GetAClip.AppFlsh, C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll, Delete-on-Reboot, [3b014f02306a3afc16a28f2f7d87639d],
PUP.Optional.GetAClip.AppFlsh, C:\Program Files (x86)\Get-a-Clip\mflstart.exe, Delete-on-Reboot, [6bd18fc29a0089ad3b7ddfdf2cd8c040],
PUP.Optional.GetAClip.AppFlsh, C:\Windows\SysWOW64\mfllib.dll, Delete-on-Reboot, [0b312e23f2a82e08a90f665828dc42be],
PUP.Optional.GetAClip.AppFlsh, C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64\MFLPluginIE.dll, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip.AppFlsh, C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll, Quarantined, [1d1fe869693156e0dddb5a646d97e31d],
PUP.Optional.GetAClip, C:\Users\{username}\Desktop\gcl-Install-silent-v5.2-ref15.exe, Quarantined, [73c9c091534758de84368b337e8620e0],
PUP.Optional.Mercury, C:\Program Files (x86)\Mozilla Firefox\defaults\preferences\!mercury-csp.js, Quarantined, [c87468e92f6bd95d4d6ea81649bbcc34],
PUP.Optional.Mercury, C:\Program Files (x86)\Mozilla Firefox\mercury-autoenable.cfg, Quarantined, [89b34c057e1ca294d9e3407e3cc8fb05],
PUP.Optional.Mercury, C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\!mercury-autoenable.js, Quarantined, [3b01a6ab0c8e1d1916a7e6d821e326da],
PUP.Optional.Mercury, C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\!mercury-csp.js, Quarantined, [6bd1331ed6c4b08610ae9f1f6a9a1be5],
PUP.Optional.Mercury, C:\Program Files (x86)\Mozilla Firefox\defaults\preferences\!mercury-autoenable.js, Quarantined, [8ab2430eddbd1323dce39a2440c401ff],
PUP.Optional.GetAClip, C:\Users\{otheruser}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\[email protected], Quarantined, [2a12c48d3b5fb581c5fbb707c83c0ef2],
PUP.Optional.GetAClip, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\[email protected], Quarantined, [c27a08491d7d6acc4a76437b48bc9967],
PUP.Optional.GetAClip, C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected], Quarantined, [d567cd841c7e48eeb80cb905d03425db],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\MFLService2.exe, Delete-on-Reboot, [89b3450cc0daaf87f64404b9df25db25],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\cfg.dat, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\EULA.rtf, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\ffmpeg.exe, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.exe, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Lib.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\SetupWizard.exe, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\SpinWheel.gif, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\vr.dat, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss\certutil.exe, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss\mozcrt19.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss\nspr4.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss\nss3.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss\plc4.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss\plds4.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss\smime3.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\nss\softokn3.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\CH\128x128.png, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\CH\16x16.png, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\CH\48x48.png, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\CH\background.html, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\CH\background.js, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\CH\manifest.json, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\CH\mercury.bootstrap.js, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\FF\[email protected], Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUP.Optional.GetAClip, C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64\Get-a-Clip.Config.dll, Quarantined, [ae8e0d446436320443f26a538a7a3ac6],
PUM.Optional.FireFoxSearchOverride, C:\Users\{otheruser}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Quarantined, [6fcdde73f3a73df9aa590498bc48738d],
PUM.Optional.FireFoxSearchOverride, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Quarantined, [d16bce832c6e6dc98d769efe23e1847c],
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
