What is Popcornew?
The Malwarebytes research team has determined that Popcornew is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.
How do I know if my computer is affected by Popcornew?
You may see this during install:
And you may see these browser extensions:
or this entry in your list of installed programs:
How did Popcornew get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Popcornew?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Popcornew listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Popcornew hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Signs in a HijackThis log:
O2 - BHO: Boxore - {EFA7A511-B491-4312-BB35-4586B99E45ED} - C:\Program Files\Popcornew\Popcornew\IE\AdRotate32.dll O4 - HKLM\..\Run: [Popcornew] C:\Program Files\Popcornew\Popcornew\popcornew.exe O23 - Service: Popcornew Update Service (Popcornew_update) (Popcornew_update) - The Popcornew Group - C:\Program Files\Popcornew\Update\PopcornewUpdate.exe O23 - Service: Popcornew Update Service (Popcornew_update_m) (Popcornew_update_m) - The Popcornew Group - C:\Program Files\Popcornew\Update\PopcornewUpdate.exe
Alterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Program Files\Popcornew Adds the folder C:\Program Files\Popcornew\CrashReports Adds the folder C:\Program Files\Popcornew\Popcornew Adds the file index.dat"="10/21/2014 10:06 PM, 425812 bytes, A Adds the file popcornew.exe"="10/26/2014 5:03 PM, 1858120 bytes, A Adds the file Popcornew.xpi"="10/21/2014 8:38 PM, 340569 bytes, A Adds the file rules.dat"="10/21/2014 10:06 PM, 1078660 bytes, A Adds the folder C:\Program Files\Popcornew\Popcornew\CRX Adds the file background.js"="10/21/2014 4:47 PM, 14476 bytes, A Adds the file block.html"="1/18/2014 5:56 PM, 2216 bytes, A Adds the file block.js"="1/18/2014 5:56 PM, 3113 bytes, A Adds the file config.js"="10/17/2014 6:47 PM, 96 bytes, A Adds the file i18n.js"="1/18/2014 5:56 PM, 4169 bytes, A Adds the file iconAnimation.js"="1/18/2014 5:56 PM, 3091 bytes, A Adds the file include.idle.js"="3/3/2014 5:53 PM, 669 bytes, A Adds the file include.postload.js"="1/18/2014 5:56 PM, 20929 bytes, A Adds the file include.preload.js"="10/21/2014 4:47 PM, 3895 bytes, A Adds the file manifest.json"="10/21/2014 4:47 PM, 1933 bytes, A Adds the file notification.html"="1/18/2014 5:56 PM, 639 bytes, A Adds the file notification.js"="1/18/2014 5:56 PM, 2780 bytes, A Adds the file options.html"="1/18/2014 5:56 PM, 8119 bytes, A Adds the file options.js"="1/18/2014 5:56 PM, 19960 bytes, A Adds the file popcornew.png"="10/21/2014 4:47 PM, 35474 bytes, A Adds the file popupBlocker.js"="1/18/2014 5:56 PM, 2060 bytes, A Adds the file smartdisplay.js"="10/21/2014 4:47 PM, 793 bytes, A Adds the file stats.js"="1/18/2014 5:56 PM, 4198 bytes, A Adds the file subscriptions.xml"="1/18/2014 5:56 PM, 5439 bytes, A Adds the file utils.js"="1/18/2014 5:56 PM, 871 bytes, A Adds the file webrequest.js"="1/18/2014 10:30 PM, 5810 bytes, A Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\_locales Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\ext Adds the file background.js"="1/18/2014 5:56 PM, 9864 bytes, A Adds the file common.js"="1/18/2014 5:56 PM, 2971 bytes, A Adds the file content.js"="1/18/2014 5:56 PM, 1 bytes, A Adds the file popup.js"="1/18/2014 5:56 PM, 240 bytes, A Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\icons Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness Adds the file jquery-ui-1.8.16.custom.css"="1/18/2014 5:56 PM, 22785 bytes, A Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\js Adds the file jquery-1.7.1.min.js"="1/18/2014 5:56 PM, 93868 bytes, A Adds the file jquery-ui-1.8.16.custom.min.js"="1/18/2014 5:56 PM, 30148 bytes, A Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\lib Adds the file adblockplus.js"="1/18/2014 9:47 PM, 107497 bytes, A Adds the file basedomain.js"="1/18/2014 5:56 PM, 6667 bytes, A Adds the file compat.js"="1/18/2014 5:56 PM, 5449 bytes, A Adds the file info.js"="1/18/2014 5:56 PM, 1118 bytes, A Adds the file io.js"="1/18/2014 5:56 PM, 6340 bytes, A Adds the file jsbn.js"="1/18/2014 5:56 PM, 17236 bytes, A Adds the file publicSuffixList.js"="1/18/2014 5:56 PM, 134254 bytes, A Adds the file punycode.js"="1/18/2014 5:56 PM, 14067 bytes, A Adds the file rsa.js"="1/18/2014 5:56 PM, 5420 bytes, A Adds the file sha1.js"="1/18/2014 5:56 PM, 3600 bytes, A Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\skin Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\skin\features Adds the folder C:\Program Files\Popcornew\Popcornew\CRX\skin\social Adds the folder C:\Program Files\Popcornew\Popcornew\IE Adds the file AdRotate32.dll"="10/26/2014 4:04 PM, 605696 bytes, A Adds the file AdRotateEngine.exe"="10/26/2014 4:04 PM, 4348416 bytes, A Adds the folder C:\Program Files\Popcornew\Update Adds the file PopcornewUpdate.exe"="11/3/2014 6:27 PM, 119200 bytes, A Adds the folder C:\Program Files\Popcornew\Update\1.3.25.0 Adds the file goopdate.dll"="11/3/2014 6:27 PM, 789408 bytes, A Adds the file goopdateres_am.dll"="11/3/2014 6:27 PM, 25504 bytes, A Adds the file goopdateres_ar.dll"="11/3/2014 6:27 PM, 27040 bytes, A Adds the file goopdateres_bg.dll"="11/3/2014 6:27 PM, 30624 bytes, A Adds the file goopdateres_bn.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_ca.dll"="11/3/2014 6:27 PM, 30112 bytes, A Adds the file goopdateres_cs.dll"="11/3/2014 6:27 PM, 29088 bytes, A Adds the file goopdateres_da.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_de.dll"="11/3/2014 6:27 PM, 31648 bytes, A Adds the file goopdateres_el.dll"="11/3/2014 6:27 PM, 31136 bytes, A Adds the file goopdateres_en.dll"="11/3/2014 6:27 PM, 28064 bytes, A Adds the file goopdateres_en-GB.dll"="11/3/2014 6:27 PM, 28576 bytes, A Adds the file goopdateres_es.dll"="11/3/2014 6:27 PM, 31648 bytes, A Adds the file goopdateres_es-419.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_et.dll"="11/3/2014 6:27 PM, 28576 bytes, A Adds the file goopdateres_fa.dll"="11/3/2014 6:27 PM, 28064 bytes, A Adds the file goopdateres_fi.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_fil.dll"="11/3/2014 6:27 PM, 30112 bytes, A Adds the file goopdateres_fr.dll"="11/3/2014 6:27 PM, 31136 bytes, A Adds the file goopdateres_gu.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_hi.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_hr.dll"="11/3/2014 6:27 PM, 30112 bytes, A Adds the file goopdateres_hu.dll"="11/3/2014 6:27 PM, 30112 bytes, A Adds the file goopdateres_id.dll"="11/3/2014 6:27 PM, 28576 bytes, A Adds the file goopdateres_is.dll"="11/3/2014 6:27 PM, 29088 bytes, A Adds the file goopdateres_it.dll"="11/3/2014 6:27 PM, 31136 bytes, A Adds the file goopdateres_iw.dll"="11/3/2014 6:27 PM, 26528 bytes, A Adds the file goopdateres_ja.dll"="11/3/2014 6:27 PM, 24992 bytes, A Adds the file goopdateres_kn.dll"="11/3/2014 6:27 PM, 30112 bytes, A Adds the file goopdateres_ko.dll"="11/3/2014 6:27 PM, 24480 bytes, A Adds the file goopdateres_lt.dll"="11/3/2014 6:27 PM, 28576 bytes, A Adds the file goopdateres_lv.dll"="11/3/2014 6:27 PM, 30624 bytes, A Adds the file goopdateres_ml.dll"="11/3/2014 6:27 PM, 32160 bytes, A Adds the file goopdateres_mr.dll"="11/3/2014 6:27 PM, 29088 bytes, A Adds the file goopdateres_ms.dll"="11/3/2014 6:27 PM, 28576 bytes, A Adds the file goopdateres_nl.dll"="11/3/2014 6:27 PM, 30624 bytes, A Adds the file goopdateres_no.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_pl.dll"="11/3/2014 6:27 PM, 30624 bytes, A Adds the file goopdateres_pt-BR.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_pt-PT.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_ro.dll"="11/3/2014 6:27 PM, 30112 bytes, A Adds the file goopdateres_ru.dll"="11/3/2014 6:27 PM, 29088 bytes, A Adds the file goopdateres_sk.dll"="11/3/2014 6:27 PM, 30112 bytes, A Adds the file goopdateres_sl.dll"="11/3/2014 6:27 PM, 30112 bytes, A Adds the file goopdateres_sr.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_sv.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_sw.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_ta.dll"="11/3/2014 6:27 PM, 30624 bytes, A Adds the file goopdateres_te.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_th.dll"="11/3/2014 6:27 PM, 28064 bytes, A Adds the file goopdateres_tr.dll"="11/3/2014 6:27 PM, 29600 bytes, A Adds the file goopdateres_uk.dll"="11/3/2014 6:27 PM, 29088 bytes, A Adds the file goopdateres_ur.dll"="11/3/2014 6:27 PM, 29088 bytes, A Adds the file goopdateres_vi.dll"="11/3/2014 6:27 PM, 28576 bytes, A Adds the file goopdateres_zh-CN.dll"="11/3/2014 6:27 PM, 22432 bytes, A Adds the file goopdateres_zh-TW.dll"="11/3/2014 6:27 PM, 22432 bytes, A Adds the file npPopcornewUpdate3.dll"="11/3/2014 6:27 PM, 228768 bytes, A Adds the file PopcornewCrashHandler.exe"="11/3/2014 6:27 PM, 119200 bytes, A Adds the file PopcornewUpdate.exe"="11/3/2014 6:27 PM, 119200 bytes, A Adds the file PopcornewUpdateBroker.exe"="11/3/2014 6:27 PM, 52128 bytes, A Adds the file PopcornewUpdateHelper.msi"="11/3/2014 6:27 PM, 45056 bytes, A Adds the file PopcornewUpdateOnDemand.exe"="11/3/2014 6:27 PM, 52128 bytes, A Adds the file psmachine.dll"="11/3/2014 6:27 PM, 161696 bytes, A Adds the file psuser.dll"="11/3/2014 6:27 PM, 161696 bytes, A Adds the folder C:\Program Files\Popcornew\Update\Download\{82BE43A3-77AF-4978-B081-893EF286DC00}\5.2.0.0 Adds the file PopcornewInstaller_5.2.msi"="10/26/2014 3:35 PM, 5713920 bytes, A Adds the folder C:\Program Files\Popcornew\Update\Install\{FB0EFB0D-F6A6-4830-8A49-224A868E10E0} Adds the file PopcornewInstaller_5.2.msi"="10/26/2014 3:35 PM, 5713920 bytes, A Adds the file PopcornewInstaller_5.2.msi.log"="11/3/2014 6:27 PM, 30494 bytes, A Adds the folder C:\Program Files\Popcornew\Update\Offline\{EC915D95-34E8-4246-B659-F3B07839F5FB} Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0 Adds the file background.js"="10/21/2014 4:47 PM, 14476 bytes, A Adds the file block.html"="1/18/2014 5:56 PM, 2216 bytes, A Adds the file block.js"="1/18/2014 5:56 PM, 3113 bytes, A Adds the file config.js"="11/3/2014 6:27 PM, 88 bytes, A Adds the file i18n.js"="1/18/2014 5:56 PM, 4169 bytes, A Adds the file iconAnimation.js"="1/18/2014 5:56 PM, 3091 bytes, A Adds the file include.idle.js"="3/3/2014 5:53 PM, 669 bytes, A Adds the file include.postload.js"="1/18/2014 5:56 PM, 20929 bytes, A Adds the file include.preload.js"="10/21/2014 4:47 PM, 3895 bytes, A Adds the file manifest.json"="10/21/2014 4:47 PM, 1933 bytes, A Adds the file notification.html"="1/18/2014 5:56 PM, 639 bytes, A Adds the file notification.js"="1/18/2014 5:56 PM, 2780 bytes, A Adds the file options.html"="1/18/2014 5:56 PM, 8119 bytes, A Adds the file options.js"="1/18/2014 5:56 PM, 19960 bytes, A Adds the file popcornew.png"="10/21/2014 4:47 PM, 35474 bytes, A Adds the file popupBlocker.js"="1/18/2014 5:56 PM, 2060 bytes, A Adds the file smartdisplay.js"="10/21/2014 4:47 PM, 793 bytes, A Adds the file stats.js"="1/18/2014 5:56 PM, 4198 bytes, A Adds the file subscriptions.xml"="1/18/2014 5:56 PM, 5439 bytes, A Adds the file utils.js"="1/18/2014 5:56 PM, 871 bytes, A Adds the file webrequest.js"="1/18/2014 10:30 PM, 5810 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\ext Adds the file background.js"="1/18/2014 5:56 PM, 9864 bytes, A Adds the file common.js"="1/18/2014 5:56 PM, 2971 bytes, A Adds the file content.js"="1/18/2014 5:56 PM, 1 bytes, A Adds the file popup.js"="1/18/2014 5:56 PM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness Adds the file jquery-ui-1.8.16.custom.css"="1/18/2014 5:56 PM, 22785 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\js Adds the file jquery-1.7.1.min.js"="1/18/2014 5:56 PM, 93868 bytes, A Adds the file jquery-ui-1.8.16.custom.min.js"="1/18/2014 5:56 PM, 30148 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib Adds the file adblockplus.js"="1/18/2014 9:47 PM, 107497 bytes, A Adds the file basedomain.js"="1/18/2014 5:56 PM, 6667 bytes, A Adds the file compat.js"="1/18/2014 5:56 PM, 5449 bytes, A Adds the file info.js"="1/18/2014 5:56 PM, 1118 bytes, A Adds the file io.js"="1/18/2014 5:56 PM, 6340 bytes, A Adds the file jsbn.js"="1/18/2014 5:56 PM, 17236 bytes, A Adds the file publicSuffixList.js"="1/18/2014 5:56 PM, 134254 bytes, A Adds the file punycode.js"="1/18/2014 5:56 PM, 14067 bytes, A Adds the file rsa.js"="1/18/2014 5:56 PM, 5420 bytes, A Adds the file sha1.js"="1/18/2014 5:56 PM, 3600 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\features Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\social Adds the folder C:\Users\{username}\AppData\Local\Popcornew Adds the file state"="11/3/2014 6:27 PM, 866 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Popcornew\CrashReports In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions Adds the file {4585447E-5FD3-4281-BD73-DD57B2DCE8C5}.xpi"="11/3/2014 6:27 PM, 343657 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file PopcornewUpdateTaskMachineCore"="11/3/2014 6:27 PM, 3672 bytes, A Adds the file PopcornewUpdateTaskMachineUA"="11/3/2014 6:27 PM, 3924 bytes, A In the existing folder C:\Windows\Tasks Adds the file PopcornewUpdateTaskMachineCore.job"="11/3/2014 6:27 PM, 924 bytes, A Adds the file PopcornewUpdateTaskMachineUA.job"="11/3/2014 6:27 PM, 928 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdRotate.AdRotate] "(Default)"="REG_SZ", "Boxore" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdRotate.AdRotate\CLSID] "(Default)"="REG_SZ", "{EFA7A511-B491-4312-BB35-4586B99E45ED}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdRotate.AdRotate\CurVer] "(Default)"="REG_SZ", "AdRotate.AdRotate.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdRotate.AdRotate.1] "(Default)"="REG_SZ", "Boxore" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdRotate.AdRotate.1\CLSID] "(Default)"="REG_SZ", "{EFA7A511-B491-4312-BB35-4586B99E45ED}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2BB27047-C938-4EBC-9158-6C84F1CC09D1}] "(Default)"="REG_SZ", "ServiceModule" "LocalService"="REG_SZ", "Popcornew_update" "ServiceParameters"="REG_SZ", "/comsvc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6A700506-A641-475A-8538-44AEE2F45DD0}] "(Default)"="REG_SZ", "ServiceModule" "LocalService"="REG_SZ", "Popcornew_update_m" "ServiceParameters"="REG_SZ", "/comsvc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PopcornewUpdate.exe] "AppID"="REG_SZ", "{6A700506-A641-475A-8538-44AEE2F45DD0}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D692BF5-6C8C-4141-8C24-9CB731D78F75}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F840CB3-F4B0-4746-9211-94E5372FBD05}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BB27047-C938-4EBC-9158-6C84F1CC09D1}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C9F2C34-8F06-442D-90BE-B23C0A31983F}\InprocHandler32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DD579C6-640C-4873-9596-D5BD8ECB8E99}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52A8C674-98FA-4A0A-9F64-C8B9D161FDC4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A700506-A641-475A-8538-44AEE2F45DD0}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E377247-6BEC-4961-84B4-B0FB7ADF84AD}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7081BB03-D2E6-4797-A2E7-C9EB331636C8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74DDBF4E-EC16-468A-A6F4-6C1D250A4EC9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7CD8A44F-6DEF-4D91-952D-4492AC5E4306}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{909F2E0D-650B-46B9-A27D-5A893BDDF58D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9892108A-038E-4D48-9D3C-D1E2A9B706EC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADA3F4C6-F003-41AE-968D-6C2FFF09DA28}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0EE992D-B820-48A3-9339-363F5DA9545E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFA7A511-B491-4312-BB35-4586B99E45ED}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFD2925B-400E-4B47-8CC4-33EB2E3232F6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F930C6AB-C4F4-4CBC-97CB-49ED410F99CF}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE97B593-B850-47EA-A787-977274C3B5B5}] { Due to the length of the log and limited post length I had to skip some less important parts. Full log available on request } [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9E598662-1ABE-48BC-B522-EF13ED372D08}\1.0] "(Default)"="REG_SZ", "AdRotate Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9E598662-1ABE-48BC-B522-EF13ED372D08}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Program Files\Popcornew\Popcornew\IE\AdRotate32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9E598662-1ABE-48BC-B522-EF13ED372D08}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9E598662-1ABE-48BC-B522-EF13ED372D08}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Program Files\Popcornew\Popcornew\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFA7A511-B491-4312-BB35-4586B99E45ED}] "NoExplorer"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Popcornew"="REG_SZ", "C:\Program Files\Popcornew\Popcornew\popcornew.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A5536-9D75-49B3-B36E-41FB6DB5A3CC}] "AuthorizedCDFPrefix"="REG_SZ", "" "Comments"="REG_SZ", "" "Contact"="REG_SZ", "" "DisplayName"="REG_SZ", "Popcornew" "DisplayVersion"="REG_SZ", "5.2.0.0" "EstimatedSize"="REG_DWORD", 9914 "HelpLink"="REG_SZ", "" "HelpTelephone"="REG_SZ", "" "InstallDate"="REG_SZ", "20141103" "InstallLocation"="REG_SZ", "" "InstallSource"="REG_SZ", "C:\Program Files\Popcornew\Update\Install\{FB0EFB0D-F6A6-4830-8A49-224A868E10E0}\" "Language"="REG_DWORD", 1033 "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /X{662A5536-9D75-49B3-B36E-41FB6DB5A3CC}" "NoModify"="REG_DWORD", 1 "Publisher"="REG_SZ", "Popcornew OU" "Readme"="REG_SZ", "" "Size"="REG_SZ", "" "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /X{662A5536-9D75-49B3-B36E-41FB6DB5A3CC}" "URLInfoAbout"="REG_SZ", "" "URLUpdateInfo"="REG_SZ", "" "Version"="REG_DWORD", 84017152 "VersionMajor"="REG_DWORD", 5 "VersionMinor"="REG_DWORD", 2 "WindowsInstaller"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PopcornewUpdate.exe] "DisableExceptionChainValidation"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "PopcornewUpdateTaskMachineCore.job"="REG_BINARY, ................................ "PopcornewUpdateTaskMachineCore.job.fp"="REG_DWORD", -1171927971 "PopcornewUpdateTaskMachineUA.job"="REG_BINARY, ................................ "PopcornewUpdateTaskMachineUA.job.fp"="REG_DWORD", 1276819495 [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.Popcornew.com/Popcornew Update;version=3] "Description"="REG_SZ", "Popcornew Update" "Path"="REG_SZ", "C:\Program Files\Popcornew\Update\1.3.25.0\npPopcornewUpdate3.dll" "ProductName"="REG_SZ", "Popcornew Update" "Vendor"="REG_SZ", "The Popcornew Group" "Version"="REG_SZ", "3" [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.Popcornew.com/Popcornew Update;version=3\MimeTypes\application/x-vnd.Popcornew.update3webcontrol.3] [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.Popcornew.com/Popcornew Update;version=9] "Description"="REG_SZ", "Popcornew Update" "Path"="REG_SZ", "C:\Program Files\Popcornew\Update\1.3.25.0\npPopcornewUpdate3.dll" "ProductName"="REG_SZ", "Popcornew Update" "Vendor"="REG_SZ", "The Popcornew Group" "Version"="REG_SZ", "9" [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.Popcornew.com/Popcornew Update;version=9\MimeTypes\application/x-vnd.Popcornew.oneclickctrl.9] [HKEY_LOCAL_MACHINE\SOFTWARE\Popcornew\Popcornew] "name"="REG_SZ", "Popcornew" "version"="REG_SZ", "5.2.0.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Popcornew\Update] "path"="REG_SZ", "C:\Program Files\Popcornew\Update\PopcornewUpdate.exe" "version"="REG_SZ", "1.3.25.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Popcornew\Update\Clients\{82BE43A3-77AF-4978-B081-893EF286DC00}] "name"="REG_SZ", "Popcornew" "pv"="REG_SZ", "5.2.0.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Popcornew\Update\Clients\{B14D2C5E-4B8A-4C67-BB4E-F1CF2C680AEC}] "name"="REG_SZ", "Popcornew Update" "pv"="REG_SZ", "1.3.25.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Popcornew\Update\ClientState\{82BE43A3-77AF-4978-B081-893EF286DC00}] "brand"="REG_SZ", "GGLS" "client"="REG_SZ", "1" "InstallTime"="REG_DWORD", 1415035653 "lang"="REG_SZ", "en" "LastCheckSuccess"="REG_DWORD", 1415035668 "pv"="REG_SZ", "5.2.0.0" "tttoken"="REG_SZ", "PopcornewToken" [HKEY_LOCAL_MACHINE\SOFTWARE\Popcornew\Update\ClientState\{B14D2C5E-4B8A-4C67-BB4E-F1CF2C680AEC}] "brand"="REG_SZ", "GGLS" "client"="REG_SZ", "1" "InstallTime"="REG_DWORD", 1415035646 "pv"="REG_SZ", "1.3.25.0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Popcornew_update] "DelayedAutostart"="REG_DWORD", 1 "DependOnService"="REG_MULTI_SZ, "RPCSS " "Description"="REG_SZ", "Keeps your Popcornew software up to date. If this service is disabled or stopped, your Popcornew software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Popcornew software using it." "DisplayName"="REG_SZ", "Popcornew Update Service (Popcornew_update)" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Popcornew\Update\PopcornewUpdate.exe /svc" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Popcornew_update_m] "DelayedAutostart"="REG_DWORD", 1 "DependOnService"="REG_MULTI_SZ, "RPCSS " "Description"="REG_SZ", "Keeps your Popcornew software up to date. If this service is disabled or stopped, your Popcornew software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Popcornew software using it." "DisplayName"="REG_SZ", "Popcornew Update Service (Popcornew_update_m)" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Popcornew\Update\PopcornewUpdate.exe /medsvc" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 3 "Type"="REG_DWORD", 16 [HKEY_CURRENT_USER\Software\Popcornew] "id"="REG_SZ", "{F2E321AA-A2A3-4C60-8A59-5D90324C6C18}" [HKEY_CURRENT_USER\Software\Popcornew\Update\network\secure] [HKEY_CURRENT_USER\Software\Popcornew\Update\proxy] "source"="REG_SZ", "IE"
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/3/2014 Scan Time: 7:09:21 PM Logfile: mbamPopcornew.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.03.08 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 273830 Time Elapsed: 3 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\popcornew.exe, 6648, Delete-on-Reboot, [d391da5d4735b68047fe5f0dff066f91] PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\popcornew.exe, 5680, Delete-on-Reboot, [d391da5d4735b68047fe5f0dff066f91] Modules: 0 (No malicious items detected) Registry Keys: 54 PUP.Optional.Popcornew.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Popcornew_update, Quarantined, [b5afab8cc8b482b4cd77650732d341bf], PUP.Optional.Popcornew.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Popcornew_update_m, Quarantined, [b5afab8cc8b482b4cd77650732d341bf], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\POPCORNEWUPDATE.EXE, Quarantined, [b5afab8cc8b482b4cd77650732d341bf], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\CLSID\{EFA7A511-B491-4312-BB35-4586B99E45ED}, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9E598662-1ABE-48BC-B522-EF13ED372D08}, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7711974F-6685-46CD-A62E-63C7B46F9705}, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\AdRotate.AdRotate.1, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\AdRotate.AdRotate, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EFA7A511-B491-4312-BB35-4586B99E45ED}, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EFA7A511-B491-4312-BB35-4586B99E45ED}, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EFA7A511-B491-4312-BB35-4586B99E45ED}, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EFA7A511-B491-4312-BB35-4586B99E45ED}, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\CLSID\{EFA7A511-B491-4312-BB35-4586B99E45ED}\INPROCSERVER32, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\Popcornew, Quarantined, [9fc51126adcf89ad115e3deacd36ed13], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\Popcornew.OneClickCtrl.9, Quarantined, [79eba394d5a776c0cca05bcc748f38c8], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\Popcornew.OneClickProcessLauncherMachine, Quarantined, [2341ae895d1f082e98d450d75ca7de22], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\Popcornew.OneClickProcessLauncherMachine.1.0, Quarantined, [80e4d95e5e1ef83e4f1dce594eb5bb45], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\Popcornew.Update3WebControl.3, Quarantined, [b0b48daabac290a68ddf55d2649f30d0], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.CoCreateAsync, Quarantined, [65ffa790215b1a1ccba19196e32025db], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.CoCreateAsync.1.0, Quarantined, [eb79ef48146881b579f3f532ec17ad53], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.CoreClass, Quarantined, [db89ce699ce03402fe6e41e6b2511fe1], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.CoreClass.1, Quarantined, [570d84b37efe082e3d2fd354db286a96], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.CoreMachineClass, Quarantined, [e3815cdbcab269cd6a0258cfe3201be5], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.CoreMachineClass.1, Quarantined, [5410db5cbbc13ff71557a48348bbda26], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.CredentialDialogMachine, Quarantined, [283cbc7bde9e4fe781ebef382bd8f30d], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.CredentialDialogMachine.1.0, Quarantined, [f371bd7ae498c1757cf080a79d6631cf], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.OnDemandCOMClassMachine, Quarantined, [53111f181e5e88aeb0bcea3d49ba4eb2], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [c79d2c0b334945f1b7b5e047ee15e11f], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.OnDemandCOMClassMachineFallback, Quarantined, [89db80b7b4c82412c3a91d0aa1629c64], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [5e06f740601cd06671fb83a4bf448c74], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.OnDemandCOMClassSvc, Quarantined, [90d4280f255789ad3834de49ef1438c8], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [88dc79be3b4105311a520a1d83802fd1], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.ProcessLauncher, Quarantined, [c89c51e6780449ed06663bec0df6b24e], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.ProcessLauncher.1.0, Quarantined, [fd67b483fc808ea8c7a5e64126dd738d], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.Update3COMClassService, Quarantined, [382c092efe7e63d316564add2dd65ea2], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.Update3COMClassService.1.0, Quarantined, [263e4fe89fdd8fa70c600e1936cd26da], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.Update3WebMachine, Quarantined, [6103d36418647eb8e785141336cda957], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.Update3WebMachine.1.0, Quarantined, [b5afa493225a8da9bbb1e93ede2520e0], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.Update3WebMachineFallback, Quarantined, [32324deac0bcb58185e7260155ae7090], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.Update3WebMachineFallback.1.0, Quarantined, [ea7a0f28d8a460d67bf1270031d27a86], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.Update3WebSvc, Quarantined, [4321989f99e381b5ff6d121507fcf907], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\PopcornewUpdate.Update3WebSvc.1.0, Quarantined, [ea7adb5c611b74c2ee7eca5db1520bf5], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\APPID\PopcornewUpdate.exe, Quarantined, [d58f2116116b67cf0d5e3bec3dc6ee12], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@tools.Popcornew.com/Popcornew Update;version=3, Quarantined, [78ec40f7b6c6e74fb6b81215c63df907], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@tools.Popcornew.com/Popcornew Update;version=9, Quarantined, [253fcb6c6814b2846707be69897ae31d], PUP.Optional.Popcornew.A, HKCU\SOFTWARE\Popcornew, Quarantined, [10540b2c81fb1422026e34f334cf857b], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\CLSID\{909F2E0D-650B-46B9-A27D-5A893BDDF58D}, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{909F2E0D-650B-46B9-A27D-5A893BDDF58D}, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{909F2E0D-650B-46B9-A27D-5A893BDDF58D}, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\CLSID\{ADA3F4C6-F003-41AE-968D-6C2FFF09DA28}, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ADA3F4C6-F003-41AE-968D-6C2FFF09DA28}, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{ADA3F4C6-F003-41AE-968D-6C2FFF09DA28}, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\CLSID\{0F840CB3-F4B0-4746-9211-94E5372FBD05}, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, HKLM\SOFTWARE\CLASSES\CLSID\{9892108A-038E-4D48-9D3C-D1E2A9B706EC}, Quarantined, [c2a244f393e94bebafaf171026ddac54], Registry Values: 1 PUP.Optional.Popcornew.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Popcornew, C:\Program Files\Popcornew\Popcornew\popcornew.exe, Quarantined, [d391da5d4735b68047fe5f0dff066f91] Registry Data: 0 (No malicious items detected) Folders: 135 PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\ext, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\icons, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\features, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\social, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\_locales, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\_locales\it, Quarantined, [d193d76082fae551b2a845e2df241ce4], { many more of these } PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Popcornew, Quarantined, [4e1646f16517340283d8e14604ff0ff1], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Popcornew\CrashReports, Quarantined, [4e1646f16517340283d8e14604ff0ff1], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew, Delete-on-Reboot, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\CrashReports, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew, Delete-on-Reboot, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\ext, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\icons, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\features, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\social, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\_locales, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\_locales\ja, Quarantined, [c2a244f393e94bebafaf171026ddac54], { many more of these } PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\IE, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\Download, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\Download\{82BE43A3-77AF-4978-B081-893EF286DC00}, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\Download\{82BE43A3-77AF-4978-B081-893EF286DC00}\5.2.0.0, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\Install, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\Offline, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\Offline\{EC915D95-34E8-4246-B659-F3B07839F5FB}, Quarantined, [c2a244f393e94bebafaf171026ddac54], Files: 400 PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\popcornew.exe, Delete-on-Reboot, [d391da5d4735b68047fe5f0dff066f91], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\PopcornewUpdate.exe, Quarantined, [b5afab8cc8b482b4cd77650732d341bf], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\IE\AdRotate32.dll, Quarantined, [1c4851e6473593a3c382214b17ee619f], PUP.Optional.Popcornew.A, C:\Users\{username}\Desktop\PopcornewInstaller (1).exe, Quarantined, [d1935addc8b40234c57f07655baa49b7], PUP.Optional.Popcornew.A, C:\Windows\Installer\61e218.msi, Quarantined, [3c28191e314b42f45ce9bab295706b95], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\6qeoodjs.default-1401006518835\extensions\{4585447E-5FD3-4281-BD73-DD57B2DCE8C5}.xpi, Quarantined, [72f2de59b1cb59ddda8ae443f90a29d7], PUP.Optional.Popcornew.A, C:\Windows\Tasks\PopcornewUpdateTaskMachineCore.job, Quarantined, [0c5848efff7d013524444bdca063e719], PUP.Optional.Popcornew.A, C:\Windows\System32\Tasks\PopcornewUpdateTaskMachineCore, Quarantined, [283ca0976c1055e11257ef38927118e8], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\notification.html, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\background.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\block.html, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\block.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\config.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\i18n.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\iconAnimation.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\include.idle.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\include.postload.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\include.preload.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\manifest.json, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\notification.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\options.html, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\options.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\popcornew.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\popupBlocker.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\smartdisplay.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\stats.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\subscriptions.xml, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\utils.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\webrequest.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\ext\background.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\ext\common.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\ext\content.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\ext\popup.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\icons\abp-19-notification-critical-4.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], { many more of these } PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\jquery-ui-1.8.16.custom.css, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-bg_flat_0_aaaaaa_40x100.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-bg_flat_75_ffffff_40x100.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-bg_glass_55_fbf9ee_1x400.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-bg_glass_75_dadada_1x400.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-bg_glass_75_e6e6e6_1x400.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-bg_glass_95_fef1ec_1x400.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-icons_222222_256x240.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-icons_2e83ff_256x240.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-icons_454545_256x240.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-icons_888888_256x240.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\css\smoothness\images\ui-icons_cd0a0a_256x240.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\js\jquery-1.7.1.min.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\jquery-ui\js\jquery-ui-1.8.16.custom.min.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\adblockplus.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\basedomain.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\compat.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\info.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\io.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\jsbn.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\publicSuffixList.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\punycode.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\rsa.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\lib\sha1.js, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\abp-icon-big.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\ajax-loader.gif, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\background-main.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\background-share.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\background.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\donate.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\firstRun.css, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\popup.css, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\popup.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\features\malware.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\features\social.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\features\tracking.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\social\facebook.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\social\googleplus.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\social\renren.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\social\twitter.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\skin\social\weibo.png, Quarantined, [d193d76082fae551b2a845e2df241ce4], PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\engaigpbgdjjmanonjcjkcmomgibneba\2.1_0\_locales\it\messages.json, Quarantined, [d193d76082fae551b2a845e2df241ce4], { many more of these }PUP.Optional.Popcornew.A, C:\Users\{username}\AppData\Local\Popcornew\state, Quarantined, [4e1646f16517340283d8e14604ff0ff1], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\index.dat, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\Popcornew.xpi, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\rules.dat, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\manifest.json, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\background.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\block.html, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\block.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\config.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\i18n.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\iconAnimation.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\include.idle.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\include.postload.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\include.preload.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\notification.html, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\notification.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\options.html, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\options.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\popcornew.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\popupBlocker.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\smartdisplay.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\stats.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\subscriptions.xml, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\utils.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\webrequest.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\ext\background.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\ext\common.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\ext\content.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\ext\popup.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\icons\abp-19-notification-information-5.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\icons\abp-19-whitelisted-notification-information-3.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\icons\abp-19-notification-information-6.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], { many more of these } PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\jquery-ui-1.8.16.custom.css, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-bg_flat_0_aaaaaa_40x100.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-bg_flat_75_ffffff_40x100.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-bg_glass_55_fbf9ee_1x400.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-bg_glass_75_dadada_1x400.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-bg_glass_75_e6e6e6_1x400.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-bg_glass_95_fef1ec_1x400.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-icons_222222_256x240.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-icons_2e83ff_256x240.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-icons_454545_256x240.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-icons_888888_256x240.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\css\smoothness\images\ui-icons_cd0a0a_256x240.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\js\jquery-1.7.1.min.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\jquery-ui\js\jquery-ui-1.8.16.custom.min.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\adblockplus.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\basedomain.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\compat.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\info.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\io.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\jsbn.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\publicSuffixList.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\punycode.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\rsa.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\lib\sha1.js, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\abp-icon-big.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\ajax-loader.gif, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\background-main.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\background-share.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\background.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\donate.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\firstRun.css, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\popup.css, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\popup.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\features\malware.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\features\social.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\features\tracking.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\social\facebook.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\social\googleplus.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\social\renren.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\social\twitter.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\skin\social\weibo.png, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\CRX\_locales\ja\messages.json, Quarantined, [c2a244f393e94bebafaf171026ddac54], { many more of these } PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Popcornew\IE\AdRotateEngine.exe, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\goopdateres_de.dll, Quarantined, [c2a244f393e94bebafaf171026ddac54], { many more of these } PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\npPopcornewUpdate3.dll, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\PopcornewCrashHandler.exe, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\PopcornewUpdate.exe, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\PopcornewUpdateBroker.exe, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\PopcornewUpdateHelper.msi, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\PopcornewUpdateOnDemand.exe, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\psmachine.dll, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\psuser.dll, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\goopdateres_da.dll, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\goopdateres_is.dll, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\1.3.25.0\goopdateres_ru.dll, Quarantined, [c2a244f393e94bebafaf171026ddac54], PUP.Optional.Popcornew.A, C:\Program Files\Popcornew\Update\Download\{82BE43A3-77AF-4978-B081-893EF286DC00}\5.2.0.0\PopcornewInstaller_5.2.msi, Quarantined, [c2a244f393e94bebafaf171026ddac54], Physical Sectors: 0 (No malicious items detected) (end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention