Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for hwopt

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is hwopt?

The Malwarebytes research team has determined that hwopt is adware. These adware applications display advertisements not originating from the sites you are browsing.
This one is a member of the Mintcast family.

How do I know if my computer is affected by hwopt?

You may see this entry in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning1.png

How did hwopt get on my computer?

Adware applications use different methods for distributing themselves. This particular one is offered as a windows utility.

How do I remove hwopt?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of hwopt?
  • No, Malwarebytes' Anti-Malware removes hwopt completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the hwopt adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


protection1.png


Technical details for experts

You may see these signs in FRST logs:
 () C:\Windows\hwopt_16022016082249\hwopt16022016082249.exe
 () C:\Windows\hwopt_16022016082249\hwopt16022016082249_updater_service.exe
 () C:\Windows\hwopt_16022016082249\addon\netman.exe
 FF user.js: detected! => C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js [2016-02-16]
 R2 hwopt16022016082249; C:\Windows\hwopt_16022016082249\hwopt16022016082249.exe [16384 2016-01-14] () [File not signed]
 R2 hwopt16022016082249_updater_service; C:\Windows\hwopt_16022016082249\hwopt16022016082249_updater_service.exe [12288 2016-01-14] () [File not signed]
 R4 WinDivert1.1; C:\Windows\hwopt_16022016082249\WinDivert64.sys [38064 2015-09-16] (Basil)
 C:\Windows\hwopt_16022016082249

hwopt 3.0.6 (HKLM\...\{29007E8C-251B-4F61-A70E-635906271727478077}_is1) (Version: 3.0.6 - hwopt) <==== ATTENTION
FirewallRules: [{2A3EC989-EADF-4046-8E83-DAE110CDE78B}] => (Allow) C:\Windows\hwopt_16022016082249\addon\netman.exe
FirewallRules: [{4810C7E3-740B-45A5-B4EA-6C4D3AAB5F04}] => (Allow) C:\Windows\hwopt_16022016082249\addon\netman.exe
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default
       Adds the file user.js"="2/16/2016 8:24 AM, 171 bytes, A
    Adds the folder C:\Windows\hwopt_16022016082249
       Adds the file AppSettings.config"="2/16/2016 8:24 AM, 590 bytes, A
       Adds the file hwopt16022016082249.exe"="1/14/2016 3:28 PM, 16384 bytes, A
       Adds the file hwopt16022016082249.InstallLog"="2/16/2016 8:24 AM, 732 bytes, A
       Adds the file hwopt16022016082249.InstallState"="2/16/2016 8:24 AM, 5012 bytes, A
       Adds the file hwopt16022016082249_updater_service.exe"="1/14/2016 3:28 PM, 12288 bytes, A
       Adds the file hwopt16022016082249_updater_service.InstallLog"="2/16/2016 8:24 AM, 876 bytes, A
       Adds the file hwopt16022016082249_updater_service.InstallState"="2/16/2016 8:24 AM, 5012 bytes, A
       Adds the file InstallationStatsUploder_16022016082249.exe"="1/14/2016 3:27 PM, 12288 bytes, A
       Adds the file InstallUtil.exe"="9/3/2015 9:26 AM, 24576 bytes, A
       Adds the file InstallUtil.InstallLog"="2/16/2016 8:24 AM, 1405 bytes, A
       Adds the file msvcp110.dll"="9/16/2015 3:42 PM, 661456 bytes, A
       Adds the file msvcr110.dll"="9/16/2015 3:42 PM, 849360 bytes, A
       Adds the file NetworkUtil.dll"="1/14/2016 3:27 PM, 147456 bytes, A
       Adds the file Newtonsoft.Json.dll"="9/3/2015 9:26 AM, 433664 bytes, A
       Adds the file unins000.dat"="2/16/2016 8:24 AM, 29105 bytes, A
       Adds the file unins000.exe"="2/16/2016 8:22 AM, 782497 bytes, A
       Adds the file Utils.dll"="2/16/2016 8:24 AM, 53248 bytes, A
       Adds the file WinDivert.dll"="9/16/2015 2:42 PM, 21504 bytes, A
       Adds the file WinDivert64.sys"="9/16/2015 3:42 PM, 38064 bytes, A
    Adds the folder C:\Windows\hwopt_16022016082249\addon
       Adds the file atl110.dll"="9/16/2015 3:42 PM, 192584 bytes, A
       Adds the file defcert.pem"="5/24/2015 3:05 PM, 985 bytes, A
       Adds the file defcertkey.pem"="5/24/2015 2:57 PM, 1679 bytes, A
       Adds the file dhparam2048.pem"="5/24/2015 6:55 AM, 424 bytes, A
       Adds the file mitmCA.pem"="2/9/2016 3:06 PM, 1419 bytes, A
       Adds the file mitmCAder.crt"="2/9/2016 3:06 PM, 1007 bytes, A
       Adds the file mitmCAprivkey.pem"="2/9/2016 3:06 PM, 1675 bytes, A
       Adds the file msvcr110.dll"="9/16/2015 3:42 PM, 849360 bytes, A
       Adds the file msvcr120.dll"="9/16/2015 3:42 PM, 963232 bytes, A
       Adds the file msvcr120d.dll"="9/16/2015 3:42 PM, 2150568 bytes, A
       Adds the file netman.exe"="1/13/2016 6:47 PM, 1808384 bytes, A
       Adds the file WinDivert.dll"="9/16/2015 3:42 PM, 21504 bytes, A
       Adds the file WinDivert64.sys"="9/16/2015 3:42 PM, 38064 bytes, A
    Adds the folder C:\Windows\hwopt_16022016082249\addon\nss_tools
       Adds the file certutil.exe"="9/3/2015 9:26 AM, 103936 bytes, A
       Adds the file freebl3.dll"="9/3/2015 9:26 AM, 222208 bytes, A
       Adds the file libnspr4.dll"="9/3/2015 9:26 AM, 199680 bytes, A
       Adds the file libplc4.dll"="9/3/2015 9:26 AM, 14336 bytes, A
       Adds the file libplds4.dll"="9/3/2015 9:26 AM, 12288 bytes, A
       Adds the file msvcr100.dll"="9/3/2015 9:26 AM, 773968 bytes, A
       Adds the file msvcr110.dll"="9/3/2015 9:26 AM, 875472 bytes, A
       Adds the file nss3.dll"="9/3/2015 9:26 AM, 798720 bytes, A
       Adds the file nssckbi.dll"="9/3/2015 9:26 AM, 370176 bytes, A
       Adds the file nssdbm3.dll"="9/3/2015 9:26 AM, 108544 bytes, A
       Adds the file nssutil3.dll"="9/3/2015 9:26 AM, 93696 bytes, A
       Adds the file smime3.dll"="9/3/2015 9:26 AM, 97792 bytes, A
       Adds the file softokn3.dll"="9/3/2015 9:26 AM, 172544 bytes, A
       Adds the file sqlite3.dll"="9/3/2015 9:26 AM, 423936 bytes, A
       Adds the file ssl3.dll"="9/3/2015 9:26 AM, 190976 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29007E8C-251B-4F61-A70E-635906271727478077}_is1]
       "DisplayName"="REG_SZ", "hwopt 3.0.6"
       "DisplayVersion"="REG_SZ", "3.0.6"
       "EstimatedSize"="REG_DWORD", 13390
       "HelpLink"="REG_SZ", "http://genisys.online"
       "Inno Setup: App Path"="REG_SZ", "C:\Windows\hwopt_16022016082249"
       "Inno Setup: Icon Group"="REG_SZ", "hwopt"
       "Inno Setup: Language"="REG_SZ", "english"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20160216"
       "InstallLocation"="REG_SZ", "C:\Windows\hwopt_16022016082249\"
       "MajorVersion"="REG_DWORD", 3
       "MinorVersion"="REG_DWORD", 0
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "hwopt"
       "QuietUninstallString"="REG_SZ", ""C:\Windows\hwopt_16022016082249\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Windows\hwopt_16022016082249\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://genisys.online"
       "URLUpdateInfo"="REG_SZ", "http://genisys.online"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\data]
       "uninstaller_path"="REG_SZ", "C:\Windows\hwopt_16022016082249"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hwopt16022016082249]
       "Description"="REG_SZ", "hwopt"
       "DisplayName"="REG_SZ", "hwopt16022016082249"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Windows\hwopt_16022016082249\hwopt16022016082249.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hwopt16022016082249_updater_service]
       "Description"="REG_SZ", "This service will update hwopt16022016082249"
       "DisplayName"="REG_SZ", "hwopt16022016082249_updater_service"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Windows\hwopt_16022016082249\hwopt16022016082249_updater_service.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert1.1]
       "DeleteFlag"="REG_DWORD", 1
       "DisplayName"="REG_SZ", "WinDivert1.1"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "\??\C:\Windows\hwopt_16022016082249\WinDivert64.sys"
       "Start"="REG_DWORD", 4
       "Type"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert1.1\Enum]
       "0"="REG_SZ", "Root\LEGACY_WINDIVERT1.1\0000"
       "Count"="REG_DWORD", 1
       "NextInstance"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert1.1\Parameters\Wdf]
       "TimeOfLastSqmLog"="REG_QWORD, ....
       "WdfMajorVersion"="REG_DWORD", 1
       "WdfMinorVersion"="REG_DWORD", 9
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/16/2016
Scan Time: 8:35 AM
Logfile: mbamHwopt.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.16.01
Rootkit Database: v2016.02.08.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364399
Time Elapsed: 4 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\hwopt16022016082249.exe, 1972, Delete-on-Reboot, [aab7baa73564a0967ff4c9279c66629e]
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\hwopt16022016082249_updater_service.exe, 2580, Delete-on-Reboot, [82df5b06366310261c577f712dd5b749]
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\netman.exe, 940, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898]

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\hwopt16022016082249_RASAPI32, Quarantined, [ec75550cafea1422b2be5997c63cdb25], 
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\hwopt16022016082249_RASMANCS, Quarantined, [81e0c39e5e3b50e6a8c97779a75b23dd], 
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\hwopt16022016082249_updater_service_RASAPI32, Quarantined, [124fdb860099d660eb855e92fd05dc24], 
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\TRACING\hwopt16022016082249_updater_service_RASMANCS, Quarantined, [471a80e1bddc78bec9a823cddd25c23e], 
PUP.Optional.MintCast, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{29007E8C-251B-4F61-A70E-635906271727478077}_is1, Quarantined, [cd94ee73a2f7013506783d14ca3ad030], 
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\hwopt16022016082249, Quarantined, [421f3b264653aa8c0b67ef0129d91ce4], 
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HWOPT16022016082249, Quarantined, [aab7baa73564a0967ff4c9279c66629e], 
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HWOPT16022016082249_UPDATER_SERVICE, Quarantined, [82df5b06366310261c577f712dd5b749], 
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDIVERT1.1, Quarantined, [bba6e27f39609c9acaadfcf4e919c33d], 

Registry Values: 5
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hwopt16022016082249|ImagePath, "C:\Windows\hwopt_16022016082249\hwopt16022016082249.exe", Quarantined, [aab7baa73564a0967ff4c9279c66629e]
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hwopt16022016082249_updater_service|ImagePath, "C:\Windows\hwopt_16022016082249\hwopt16022016082249_updater_service.exe", Quarantined, [82df5b06366310261c577f712dd5b749]
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{2A3EC989-EADF-4046-8E83-DAE110CDE78B}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\hwopt_16022016082249\addon\netman.exe|Name=netman in|, Quarantined, [59080b565940989eda9bea06669cf808]
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{4810C7E3-740B-45A5-B4EA-6C4D3AAB5F04}, v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Windows\hwopt_16022016082249\addon\netman.exe|Name=netman out|, Quarantined, [9bc6ee736c2d62d4e68fa44cbf43df21]
PUP.Optional.MintCast, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDivert1.1|ImagePath, \??\C:\Windows\hwopt_16022016082249\WinDivert64.sys, Quarantined, [bba6e27f39609c9acaadfcf4e919c33d]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 

Files: 54
PUP.Optional.MintCast, C:\Users\{username}\Desktop\hwopt_3.0.6.exe, Quarantined, [1849174ac0d984b2fc494aa78e73f50b], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\hwopt16022016082249.exe, Delete-on-Reboot, [aab7baa73564a0967ff4c9279c66629e], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\hwopt16022016082249_updater_service.exe, Delete-on-Reboot, [82df5b06366310261c577f712dd5b749], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\WinDivert64.sys, Quarantined, [bba6e27f39609c9acaadfcf4e919c33d], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\InstallUtil.InstallLog, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\AppSettings.config, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\hwopt16022016082249.InstallLog, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\hwopt16022016082249.InstallState, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\hwopt16022016082249_updater_service.InstallLog, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\hwopt16022016082249_updater_service.InstallState, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\InstallationStatsUploder_16022016082249.exe, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\InstallUtil.exe, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\msvcp110.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\msvcr110.dll, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\NetworkUtil.dll, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\Newtonsoft.Json.dll, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\unins000.dat, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\unins000.exe, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\Utils.dll, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\WinDivert.dll, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\atl110.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\defcert.pem, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\defcertkey.pem, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\dhparam2048.pem, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\mitmCA.pem, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\mitmCAder.crt, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\mitmCAprivkey.pem, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\msvcr110.dll, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\msvcr120.dll, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\msvcr120d.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\netman.exe, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\WinDivert.dll, Delete-on-Reboot, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\WinDivert64.sys, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\certutil.exe, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\freebl3.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\libnspr4.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\libplc4.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\libplds4.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\msvcr100.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\msvcr110.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\nss3.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\nssckbi.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\nssdbm3.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\nssutil3.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\smime3.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\softokn3.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\sqlite3.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUP.Optional.MintCast, C:\Windows\hwopt_16022016082249\addon\nss_tools\ssl3.dll, Quarantined, [a6bb7de49cfdc2746a00a34d50b26898], 
PUM.Optional.FireFoxSecurityOverride, C:\Users\MBAM\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Good: (user_pref("browser.safebrowsing.downloads.enabled", true), Bad: (user_pref("browser.safebrowsing.downloads.enabled", false), Replaced,[0d540958099086b0d104c64e4eb7659b]
PUM.Optional.FireFoxSecurityOverride, C:\Users\MBAM\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Good: (user_pref("browser.safebrowsing.malware.enabled", true), Bad: (user_pref("browser.safebrowsing.malware.enabled", false), Replaced,[c899065b8316ff37884e4fc5b550c33d]
PUM.Optional.FireFoxSecurityOverride, C:\Users\MBAM\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Good: (user_pref("browser.safebrowsing.enabled", true), Bad: (user_pref("browser.safebrowsing.enabled", false), Replaced,[bca5da878019f83ec215d73dc63f0000]
PUM.Optional.FireFoxSecurityOverride, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Good: (user_pref("browser.safebrowsing.downloads.enabled", true), Bad: (user_pref("browser.safebrowsing.downloads.enabled", false), Replaced,[3130dc85029793a3f9dcf71ddf265aa6]
PUM.Optional.FireFoxSecurityOverride, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Good: (user_pref("browser.safebrowsing.malware.enabled", true), Bad: (user_pref("browser.safebrowsing.malware.enabled", false), Replaced,[65fca1c0128751e505d1ad67699c56aa]
PUM.Optional.FireFoxSecurityOverride, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\user.js, Good: (user_pref("browser.safebrowsing.enabled", true), Bad: (user_pref("browser.safebrowsing.enabled", false), Replaced,[d889c39e7128e74f16c1b75d0ef736ca]

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.