Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for DefaultTab

- - - - -
Started by Metallica , Jul 22 2016 02:29 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 22 July 2016 - 02:29 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is DefaultTab?

The Malwarebytes research team has determined that DefaultTab is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by DefaultTab?

You may see this entry in your list of installed software:

warning4.png

and these browser add-ons:

warning1.png

warning2.png
Firefox disables the unsigned Extension

warning3.png

and you will see this startpage and search window:

main.png

How did DefaultTab get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove DefaultTab?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of DefaultTab?
  • No, Malwarebytes' Anti-Malware removes DefaultTab completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the DefaultTab hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png


and it stops the connections the browser hijacker tries to make:

protection2.png


Technical details for experts

Possible signs in FRST logs:

 () C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe
 () C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
 HKU\S-1-5-21-1350903546-318028887-1286703239-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mysearchresults.com/?c=9999&t=01
 SearchScopes: HKU\S-1-5-21-1350903546-318028887-1286703239-1003 -> {DA58A037-9798-4A46-A740-21039973307A} URL = hxxp://www.mysearchresults.com/search?c=9999&t=01&q={searchTerms}
 BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\{username}\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [2016-07-22] (Search Results LLC.)
 FF Extension: Default Tab - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\nch5mqsa.default\Extensions\[email protected] [2016-07-22] [not signed]
 CHR Extension: (DefaultTab) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2016-07-22]
 CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-10-07]
 R2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] () [File not signed]
 R2 DefaultTabUpdate; C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe [107520 2016-07-22] () [File not signed]
 C:\Program Files (x86)\DefaultTab
 C:\Users\{username}\AppData\Roaming\defaulttab

DefaultTab (HKLM-x32\...\DefaultTab) (Version: 2.3.3.0 - Search Results, LLC) <==== ATTENTION
Alterations made by the installer:

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\DefaultTab
       Adds the file DefaultTab.crx"="10/7/2013 6:54 PM, 332886 bytes, A
       Adds the file DefaultTabSearch.exe"="10/7/2013 6:54 PM, 573952 bytes, A
       Adds the file uid"="7/22/2016 9:25 AM, 64 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0
       Adds the file 18x18.png"="11/30/1979 12:00 AM, 697 bytes, A
       Adds the file background.html"="11/30/1979 12:00 AM, 418 bytes, A
       Adds the file blank.html"="11/30/1979 12:00 AM, 586 bytes, A
       Adds the file manifest.json"="11/30/1979 12:00 AM, 2834 bytes, A
       Adds the file manifest_no_button.json"="11/30/1979 12:00 AM, 2834 bytes, A
       Adds the file new_tab.html"="11/30/1979 12:00 AM, 181 bytes, A
       Adds the file search_box.html"="11/30/1979 12:00 AM, 606 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css
       Adds the file injection.css"="11/30/1979 12:00 AM, 15212 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui
       Adds the file jquery-ui-1.8.16.custom.css"="11/30/1979 12:00 AM, 34434 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js
       Adds the file bg.js"="11/30/1979 12:00 AM, 16247 bytes, A
       Adds the file ConfigManager.js"="11/30/1979 12:00 AM, 2642 bytes, A
       Adds the file content.js"="11/30/1979 12:00 AM, 659 bytes, A
       Adds the file InjectionManager.js"="11/30/1979 12:00 AM, 397 bytes, A
       Adds the file jquery.guid.js"="11/30/1979 12:00 AM, 3269 bytes, A
       Adds the file jquery-1.7.1.min.js"="11/30/1979 12:00 AM, 93868 bytes, A
       Adds the file jquery-ui-1.8.16.custom.min.js"="11/30/1979 12:00 AM, 210463 bytes, A
       Adds the file newTab.js"="11/30/1979 12:00 AM, 652 bytes, A
       Adds the file SearchBox.js"="11/30/1979 12:00 AM, 9775 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins
       Adds the file npDefaultTabSearch.dll"="11/30/1979 12:00 AM, 254976 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab
       Adds the file addon.ico"="7/22/2016 9:24 AM, 1078 bytes, A
       Adds the file DefaultTabBHO.cfg"="7/22/2016 9:25 AM, 3674 bytes, A
       Adds the file DefaultTabBHO.dll"="7/22/2016 9:24 AM, 462968 bytes, A
       Adds the file DefaultTabStart.exe"="7/22/2016 9:24 AM, 50296 bytes, A
       Adds the file DefaultTabStart64.exe"="7/22/2016 9:24 AM, 53880 bytes, A
       Adds the file defaulttabuninstaller.exe"="7/22/2016 9:24 AM, 53904 bytes, A
       Adds the file DefaultTabWrap.dll"="7/22/2016 9:24 AM, 436856 bytes, A
       Adds the file DefaultTabWrap64.dll"="7/22/2016 9:24 AM, 520824 bytes, A
       Adds the file DT.ico"="7/22/2016 9:24 AM, 2238 bytes, A
       Adds the file dtupdate.exe"="7/22/2016 9:24 AM, 107520 bytes, A
       Adds the file searchhere.ico"="7/22/2016 9:24 AM, 1150 bytes, A
       Adds the file uninstalldt.exe"="7/22/2016 9:27 AM, 636552 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions
       Adds the file [email protected]"="7/22/2016 9:27 AM, 44290 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}]
       "(Default)"="REG_SZ", "DefaultTabBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}]
       "LocalService"="REG_SZ", "DefaultTabUpdate"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL]
       "AppID"="REG_SZ", "{38495740-0035-4471-851E-F5BBB86AB085}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser]
       "(Default)"="REG_SZ", "DefaultTab Browser Helper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser\CLSID]
       "(Default)"="REG_SZ", "{7F6AFBF1-E065-4627-A2FD-810366367D01}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser\CurVer]
       "(Default)"="REG_SZ", "DefaultTabBHO.DefaultTabBrowser.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1]
       "(Default)"="REG_SZ", "DefaultTab Browser Helper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1\CLSID]
       "(Default)"="REG_SZ", "{7F6AFBF1-E065-4627-A2FD-810366367D01}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX]
       "(Default)"="REG_SZ", "DefaultTabBrowserActiveX Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX\CLSID]
       "(Default)"="REG_SZ", "{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX\CurVer]
       "(Default)"="REG_SZ", "DefaultTabBHO.DefaultTabBrowserActiveX.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1]
       "(Default)"="REG_SZ", "DefaultTabBrowserActiveX Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1\CLSID]
       "(Default)"="REG_SZ", "{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}]
       "(Default)"="REG_SZ", "IDefaultTabBrowser"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}\TypeLib]
       "(Default)"="REG_SZ", "{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}]
       "(Default)"="REG_SZ", "IDefaultTabBrowserActiveX"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}\TypeLib]
       "(Default)"="REG_SZ", "{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}\1.0]
       "(Default)"="REG_SZ", "DefaultTabBHO 1.0 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\DefaultTab\DefaultTab"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
       "(Default)"="REG_SZ", "DefaultTab Browser Helper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ProgID]
       "(Default)"="REG_SZ", "DefaultTabBHO.DefaultTabBrowser.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\TypeLib]
       "(Default)"="REG_SZ", "{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "DefaultTabBHO.DefaultTabBrowser"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}]
       "(Default)"="REG_SZ", "DefaultTabBrowserActiveX Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}\ProgID]
       "(Default)"="REG_SZ", "DefaultTabBHO.DefaultTabBrowserActiveX.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}\TypeLib]
       "(Default)"="REG_SZ", "{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "DefaultTabBHO.DefaultTabBrowserActiveX"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}]
       "(Default)"="REG_SZ", "IDefaultTabBrowser"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}\TypeLib]
       "(Default)"="REG_SZ", "{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}]
       "(Default)"="REG_SZ", "IDefaultTabBrowserActiveX"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}\TypeLib]
       "(Default)"="REG_SZ", "{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}"
       "Version"="REG_SZ", "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Default Tab]
       "001"="REG_SZ", "2.2.42.0"
       "002"="REG_SZ", "1.4.6.0"
       "003"="REG_SZ", "1.1.29.0"
       "InstallDate"="REG_SZ", "2016-07-22 09:27"
       "Version"="REG_SZ", "2.3.3.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Default Tab\P]
       "01"="REG_SZ", "E72F661A8A54C07E5D11C114523749F2"
       "02"="REG_SZ", "9999"
       "03"="REG_SZ", "255"
       "04"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Default Tab\Update]
       "ieVersion"="REG_SZ", "1.4.6.0"
       "last_update_check"="REG_QWORD, ....
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DefaultTab\ChromeExtension]
       "addedsearchengines"="REG_SZ", "|search here|facebook|amazon|wikipedia|twitter|ebay"
       "affid"="REG_SZ", "9999"
       "cfg"="REG_SZ", "255"
       "defaultState"="REG_SZ", "2"
       "homepage"="REG_SZ", ""
       "keyword"="REG_SZ", ""
       "LastUpdateCheck"="REG_SZ", "1469172309"
       "name"="REG_SZ", ""
       "silent"="REG_SZ", "0"
       "Status"="REG_SZ", "3"
       "UpdatePending"="REG_SZ", "0"
       "version"="REG_SZ", "1.1.29"
       "yw3i"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc]
       "path"="REG_SZ", "C:\Program Files (x86)\DefaultTab\DefaultTab.crx"
       "version"="REG_SZ", "1.1.29"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
       "(Default)"="REG_SZ", "DefaultTabBHO"
       "NoExplorer"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab]
       "Comments"="REG_SZ", "Search Results, LLC all rights reserved"
       "Contact"="REG_SZ", "Search Results, LLC"
       "DisplayName"="REG_SZ", "DefaultTab"
       "DisplayVersion"="REG_SZ", "2.3.3.0"
       "InstallLocation"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab""
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Search Results, LLC"
       "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DefaultTabSearch]
       "DisplayName"="REG_SZ", "DefaultTabSearch"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 272
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DefaultTabUpdate]
       "DependOnService"="REG_MULTI_SZ, "RPCSS "
       "Description"="REG_SZ", "DefaultTab Update Service"
       "DisplayName"="REG_SZ", "DefaultTabUpdate"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\DefaultTab\BHO]
       "extensions.defaulttab.browser_version"="REG_SZ", "11"
       "extensions.DefaultTab.browser_version2"="REG_SZ", "9.11.9600.18376"
       "extensions.defaulttab.browserID"="REG_SZ", "E72F661A8A54C07E5D11C114523749F2"
       "extensions.DefaultTab.channel"="REG_SZ", "9999"
       "extensions.defaulttab.DefaultScope"="REG_SZ", "Bing"
       "extensions.defaulttab.firstrun"="REG_SZ", "false"
       "extensions.defaulttab.firstSearch"="REG_SZ", "true"
       "extensions.DefaultTab.forcekeywordsearch"="REG_SZ", "true"
       "extensions.defaulttab.installedVersion"="REG_SZ", "1.4.0"
       "extensions.defaulttab.keyword.URL"="REG_SZ", "chrome://defaulttab/content/keywordURL.xul?"
       "extensions.DefaultTab.newtabsearch"="REG_SZ", "true"
       "extensions.DefaultTab.overridechromesearch"="REG_SZ", "true"
       "extensions.DefaultTab.overridekeywordsearch"="REG_SZ", "true"
       "extensions.DefaultTab.searchinnewtab"="REG_SZ", "true"
       "extensions.DefaultTab.setdefaultsearch"="REG_SZ", "true"
       "extensions.DefaultTab.sethomepage"="REG_SZ", "true"
       "extensions.DefaultTab.tabsearchbox"="REG_SZ", "true"
       "extensions.DefaultTab.yw3i"="REG_SZ", ""
       "extensions.defaulttab.zInitTimer"="REG_SZ", "false"
       "extensions.defaulttab.zInstallTime"="REG_SZ", "1469172301"
       "extensions.defaulttab.znew_tab_content"="REG_SZ", "{ html code removed, full log available on request } "
       "extensions.defaulttab.zREMDefaultScope"="REG_SZ", "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
       "extensions.defaulttab.zsearch_engine"="REG_SZ", "Google"
    [HKEY_CURRENT_USER\Software\Default Tab]
       "001"="REG_SZ", "2.2.42.0"
       "002"="REG_SZ", "1.4.6.0"
       "003"="REG_SZ", "1.1.29.0"
       "InstallDate"="REG_SZ", "2016-07-22 09:27"
       "Version"="REG_SZ", "2.3.3.0"
    [HKEY_CURRENT_USER\Software\DefaultTab]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{7F6AFBF1-E065-4627-A2FD-810366367D01}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE]
       "ShowTabsBelowAddressBar"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
       "(Default)"="REG_SZ", "DefaultTabBHO"
       "NoExplorer"="REG_DWORD", 1
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/22/2016
Scan Time: 9:42 AM
Logfile: mbamDefaultTab.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.22.02
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315615
Time Elapsed: 8 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe, 2868, Delete-on-Reboot, [947674b3f9a11f178ca221002ad6837d]
PUP.Optional.DefaultTab, C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe, 4060, Delete-on-Reboot, [ec1e8b9cb3e75cda9bacbe60ad57946c]

Modules: 0
(No malicious items detected)

Registry Keys: 53
PUP.Optional.DefaultTab, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DefaultTabUpdate, Quarantined, [947674b3f9a11f178ca221002ad6837d], 
PUP.Optional.DefaultTab, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DefaultTabSearch, Quarantined, [ec1e8b9cb3e75cda9bacbe60ad57946c], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\APPID\{38495740-0035-4471-851E-F5BBB86AB085}, Quarantined, [dc2eeb3c09916ec8b3e9771854ae827e], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38495740-0035-4471-851E-F5BBB86AB085}, Quarantined, [dc2eeb3c09916ec8b3e9771854ae827e], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{38495740-0035-4471-851E-F5BBB86AB085}, Quarantined, [dc2eeb3c09916ec8b3e9771854ae827e], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [2ae0bc6b96045ed88815ace328da3cc4], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [2ae0bc6b96045ed88815ace328da3cc4], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [2ae0bc6b96045ed88815ace328da3cc4], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\TYPELIB\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\INTERFACE\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\INTERFACE\{BE89FFB3-7F9C-4A16-B475-98B195A06628}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BE89FFB3-7F9C-4A16-B475-98B195A06628}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BE89FFB3-7F9C-4A16-B475-98B195A06628}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX.1, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DefaultTabBHO.DefaultTabBrowserActiveX, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX.1, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DefaultTabBHO.DefaultTabBrowserActiveX.1, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowser.1, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowser, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DefaultTabBHO.DefaultTabBrowser, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DefaultTabBHO.DefaultTabBrowser, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DefaultTabBHO.DefaultTabBrowser.1, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DefaultTabBHO.DefaultTabBrowser.1, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, Quarantined, [59b130f7d0ca67cf5e4209865ca63bc5], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, Quarantined, [f713de49fb9f0432c4ddeda2cc367789], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\APPID\DefaultTabBHO.DLL, Quarantined, [53b7f3341e7c6bcb789a158b7a8924dc], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DefaultTabBHO.DLL, Quarantined, [a367fb2c603a9d9912001d830cf741bf], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\Default Tab, Quarantined, [13f7ac7b3c5e79bd1ff86838946f32ce], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\DefaultTab, Quarantined, [848605229703f1454ccc851bc83b1be5], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DefaultTabBHO.DLL, Quarantined, [b456fb2cb5e57bbb81918b159c67f709], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kdidombaedgpfiiedeimiebkmbilgmlc, Quarantined, [0802998e9406ef47c653ecb4db28a25e], 
PUP.Optional.DefaultTab, HKCU\SOFTWARE\Default Tab, Quarantined, [7f8b56d15d3d71c525f01f81c83b946c], 
PUP.Optional.DefaultTab, HKCU\SOFTWARE\DefaultTab, Quarantined, [3ad0d45316845dd92ceac3dd41c259a7], 
PUP.Optional.DefaultTab, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [bc4e91962179e5512be9e7b9f2118977], 
PUP.Optional.MySearchResults, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DA58A037-9798-4A46-A740-21039973307A}, Quarantined, [44c67ea95a4066d0f465eebfc142d729], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DefaultTab, Quarantined, [e525c265faa030068ecd238f887af40c], 

Registry Values: 1
PUP.Optional.MySearchResults, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DA58A037-9798-4A46-A740-21039973307A}|URL, http://www.mysearchresults.com/search?c=9999&t=01&q={searchTerms}, Quarantined, [44c67ea95a4066d0f465eebfc142d729]

Registry Data: 1
PUP.Optional.MySearchResults, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mysearchresults.com/?c=9999&t=01, Good: (www.google.com), Bad: (http://www.mysearchresults.com/?c=9999&t=01),Replaced,[070330f78812e650d8881e59659f03fd]

Folders: 19
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Temp\installdt.tmp, Quarantined, [d535aa7d73274ee82ae7a7f9e41f57a9], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Temp\installdt.tmp\XPI, Quarantined, [d535aa7d73274ee82ae7a7f9e41f57a9], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Temp\installdt.tmp\XPI\defaulttab, Quarantined, [d535aa7d73274ee82ae7a7f9e41f57a9], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components, Quarantined, [d535aa7d73274ee82ae7a7f9e41f57a9], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale, Quarantined, [d535aa7d73274ee82ae7a7f9e41f57a9], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US, Quarantined, [d535aa7d73274ee82ae7a7f9e41f57a9], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab, Delete-on-Reboot, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab, Delete-on-Reboot, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\engines_icons, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\plugins, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Program Files (x86)\DefaultTab, Delete-on-Reboot, [7e8ce740e8b20c2add817042f21060a0], 

Files: 85
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe, Delete-on-Reboot, [947674b3f9a11f178ca221002ad6837d], 
PUP.Optional.DefaultTab, C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe, Delete-on-Reboot, [ec1e8b9cb3e75cda9bacbe60ad57946c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll, Quarantined, [a6643aed9a0049ed57470b84d929e719], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe, Quarantined, [ce3ca97eecae67cf3e00188af70939c7], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe, Quarantined, [c04a34f3bae00f27e955485a57a9cc34], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll, Quarantined, [88828f987921ac8a5ce21b873ec28e72], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll, Quarantined, [fe0c6fb84258ca6c05398d1517e96f91], 
PUP.Optional.DefaultTab, C:\Users\{username}\Desktop\setup.exe, Quarantined, [c04a40e7d2c89a9cf439938e8d73827e], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\[email protected], Quarantined, [7793889fdcbecd69818e316fcd3645bb], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi, Quarantined, [d535aa7d73274ee82ae7a7f9e41f57a9], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties, Quarantined, [d535aa7d73274ee82ae7a7f9e41f57a9], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\addon.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\amazon_ie.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.cfg, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\defaulttabuninstaller.exe, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\DT.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\ebay_ie.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\facebook_ie.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\searchhere.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\search_here_ie.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\twitter_ie.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Roaming\defaulttab\defaulttab\wikipedia_ie.ico, Quarantined, [e525c265faa030068ecd238f887af40c], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\18x18.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\background.html, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\blank.html, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\manifest.json, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\manifest_no_button.json, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\new_tab.html, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\search_box.html, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\injection.css, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\jquery-ui-1.8.16.custom.css, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-icons_222222_256x240.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-icons_2e83ff_256x240.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-icons_454545_256x240.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-icons_888888_256x240.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\help.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\engines_icons\Bing.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\engines_icons\Google.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\engines_icons\Search here.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\engines_icons\Yahoo.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_bottom_border_bg.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\bullet_arrow_down.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\bullet_arrow_down_old.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\icon.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search-inner-wrapper.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search-left.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_arrow_top_button.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_arrow_top_button_hovered.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_bottom_bg.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_bottom_left_before_corner.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_bottom_left_corner.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_bottom_right_before_corner.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_bottom_right_corner.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_left_border_bg.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_left_bottom_border_bg.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_middle_bg.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_right_border_bg.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_right_bottom_border_bg.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_top_bg.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_top_left_before_corner.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_top_left_corner.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_top_right_before_corner.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\images\injection\search_top_right_corner.png, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\bg.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\ConfigManager.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\content.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\InjectionManager.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\jquery-1.7.1.min.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\jquery-ui-1.8.16.custom.min.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\jquery.guid.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\newTab.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\js\SearchBox.js, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_1\plugins\npDefaultTabSearch.dll, Quarantined, [c04acb5ccfcbce689bc21999798924dc], 
PUP.Optional.DefaultTab, C:\Program Files (x86)\DefaultTab\DefaultTab.crx, Quarantined, [7e8ce740e8b20c2add817042f21060a0], 
PUP.Optional.DefaultTab, C:\Program Files (x86)\DefaultTab\uid, Quarantined, [7e8ce740e8b20c2add817042f21060a0], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 1

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.