Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 20/8/16 Scan Time: 12:49 PM Logfile: Malwarebytes-Scan-20160820.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.20.03 Rootkit Database: v2016.08.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: USER Scan Type: Threat Scan Result: Completed Objects Scanned: 316988 Time Elapsed: 4 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 24 PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\4164462efde48482cad7c683546e44ee, Quarantined, [193a7ecf5743181ef9d32c96fe06c23e], PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [460d35189109f442b71d2c6b9072be42], PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [173cde6f5d3d52e42ba9762115ed06fa], PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [173c6de09efc33038054613623dff20e], PUP.Optional.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Quarantined, [173c71dcf3a77cba4ebf5a77689c44bc], PUP.Optional.BrowserAir, HKLM\SOFTWARE\BrowserAir, Quarantined, [f55ee16ca7f3d46230d9489010f2fa06], PUP.Optional.Social2Search, HKLM\SOFTWARE\Social2Se Browser Enhancer, Quarantined, [c291cd8014863ef829cd0ebd689c1ee2], PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C46E85AD-C43F-4FE1-9FBB-6934E5845B44}, Delete-on-Reboot, [252e79d46e2cc076ce3d5d93be45a25e], PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C5E7618D-2C33-4B07-AE9D-1064EC7EE23B}, Delete-on-Reboot, [2330b994d6c43006b52fea0dcc371ae6], PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E1257B42-CC90-413F-8450-7074A7E7517C}, Delete-on-Reboot, [b89bbc91cdcd94a210e75e91030040c0], PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF39E735-C37C-4F12-A54D-9B584407CEA2}, Delete-on-Reboot, [183b2e1f8e0cba7cc82e40affd06629e], PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IBUpd, Delete-on-Reboot, [411299b4bdddfb3b8d2e6b5524dff010], PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IBUpd2, Delete-on-Reboot, [500385c8a6f469cde0e65d882dd605fb], PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_P, Delete-on-Reboot, [fa590c41930753e3d114a55252b13cc4], PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_UpdateTask_Time_333732363137363438322d37785545412a503457324a57, Delete-on-Reboot, [c09384c973276fc7f43feeebf40e6997], PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [e76c301d2f6b4ee8a47af9d148ba748c], PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\INFO, Quarantined, [b89bd875643623134b426c548d7630d0], PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\SMUPD, Quarantined, [7ad9f459aceeb48297ba10949a6938c8], PUP.Optional.Social2Search, HKLM\SOFTWARE\WOW6432NODE\Social2Se Browser Enhancer, Quarantined, [242ffe4f94066fc77a7c26a507fd45bb], PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [242f0845465485b165b9458515edea16], PUP.Optional.SoEasySvc, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SoEasySvc, Quarantined, [2b2806473664a98d0f90eedca55f1de3], PUP.Optional.Wajam, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\WajIEnhance, Quarantined, [c192f756425832040c19605bfe05f907], PUP.Optional.BrowserAir, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\CLIENTS\STARTMENUINTERNET\BrowserAir.7X6XNJIPXTMSTPXUOSWBXC3SKA, Quarantined, [64effa5319813006c7dcc4ff20e3e917], PUP.Optional.Youndoo, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [e370ba93019940f65fbd616921e116ea], Registry Values: 20 PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C46E85AD-C43F-4FE1-9FBB-6934E5845B44}|Path, \SMW_UpdateTask_Time_333732363137363438322d37785545412a503457324a57, Delete-on-Reboot, [252e79d46e2cc076ce3d5d93be45a25e] PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C5E7618D-2C33-4B07-AE9D-1064EC7EE23B}|Path, \SMW_P, Delete-on-Reboot, [2330b994d6c43006b52fea0dcc371ae6] PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E1257B42-CC90-413F-8450-7074A7E7517C}|Path, \IBUpd, Delete-on-Reboot, [b89bbc91cdcd94a210e75e91030040c0] PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF39E735-C37C-4F12-A54D-9B584407CEA2}|Path, \IBUpd2, Delete-on-Reboot, [183b2e1f8e0cba7cc82e40affd06629e] PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.youndoo.com/?z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=hp&mode=ffsengext, Quarantined, [e76c301d2f6b4ee8a47af9d148ba748c] PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.youndoo.com/?z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=hp&mode=ffsengext, Quarantined, [c48f5bf25b3f35019f7f9f2b986a15eb] PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.youndoo.com/search/?q={searchTerms}&z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=sp, Quarantined, [5003fe4f6b2f3006ca5406c4e51d7987] PUP.Optional.Youndoo, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.youndoo.com/search/?&z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=sp&q=, Quarantined, [361d0548c2d82313869845858f73926e] PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\INFO|Aff, g8dzamobl11426at,fca22d23-2f7c-4234-b940-17e2fd4afbc8,, Quarantined, [b89bd875643623134b426c548d7630d0] PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\SMUPD|Scf, f›|5 $e ; >HFq{Oj L.#8[\ m) GNr<ūZ Q ; ; xn@^\o, Quarantined, [7ad9f459aceeb48297ba10949a6938c8] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.youndoo.com/?z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=hp&mode=ffsengext, Quarantined, [242f0845465485b165b9458515edea16] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.youndoo.com/?z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=hp&mode=ffsengext, Quarantined, [a1b288c5930739fd26f87c4ef60c768a] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.youndoo.com/search/?q={searchTerms}&z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=sp, Quarantined, [4b0861ecafeb989ebc623a90f70bca36] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.youndoo.com/search/?&z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=sp&q=, Quarantined, [8fc43b12c6d41f17ca547d4de51d28d8] PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;, Quarantined, [7dd66edfd3c70f27e2440dc9de25ea16] PUP.Optional.Youndoo, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.youndoo.com/?z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=hp&mode=ffsengext, Quarantined, [e370ba93019940f65fbd616921e116ea] PUP.Optional.Youndoo, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.youndoo.com/?z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=hp&mode=ffsengext, Quarantined, [e46ff05dd7c3c373e03c81496c967888] PUP.Optional.Youndoo, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.youndoo.com/search/?q={searchTerms}&z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=sp, Quarantined, [79da6de0b1e9e155819b00ca659d37c9] PUP.Optional.Youndoo, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.youndoo.com/search/?&z=a090ae14b9b833a732450aeg2z0m6g1ebt9oew8o4o&from=wak&uid=HGSTXHTS721010A9E630_JR10006P2PKRXF2PKRXFX&type=sp&q=, Quarantined, [2231bd90f5a5ff37fd1fb218c9392ad6] PUP.Optional.BrowserAir, HKU\S-1-5-21-3974427370-3116195899-1950622911-1001\SOFTWARE\REGISTEREDAPPLICATIONS|BrowserAir.7X6XNJIPXTMSTPXUOSWBXC3SKA, Software\Clients\StartMenuInternet\BrowserAir.7X6XNJIPXTMSTPXUOSWBXC3SKA\Capabilities, Quarantined, [85ce7fce6a30ef4758763bb5a261af51] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 16 PUP.Optional.Wajam, C:\Windows\System32\drivers\4164462efde48482cad7c683546e44ee.sys, Delete-on-Reboot, [193a7ecf5743181ef9d32c96fe06c23e], Trojan.Script.AutoIt, C:\Users\USER\AppData\Roaming\ZfgTgZcFLQKGHMMDOQEQf.cmd, Quarantined, [81d28dc0d4c669cd0e4f51802cd8ef11], Trojan.Addrop, C:\$Recycle.Bin\S-1-5-21-3974427370-3116195899-1950622911-1001\$R05XUNE.exe, Quarantined, [94bf5cf1a9f1fe3889b14279a361b34d], Trojan.Addrop, C:\$Recycle.Bin\S-1-5-21-3974427370-3116195899-1950622911-1001\$RXWO9ZC.exe, Quarantined, [044f1b326337fd3942f704b77d87e11f], PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-3974427370-3116195899-1950622911-1001\$RVY6W4Q.exe, Quarantined, [411299b4eab03600c31a7a5229dbb050], PUP.Optional.ConvertAd, C:\$Recycle.Bin\S-1-5-21-3974427370-3116195899-1950622911-1001\$ROO02T3\ic-0.5b463be3888588.exe, Quarantined, [c3909ab35941a78f774608a2d0344fb1], PUP.Optional.Wajam, C:\$Recycle.Bin\S-1-5-21-3974427370-3116195899-1950622911-1001\$ROO02T3\ic-0.8291f8362aa04.exe, Quarantined, [ea697dd0207ab6803252804bd0346e92], PUP.Optional.YesSearches, C:\$Recycle.Bin\S-1-5-21-3974427370-3116195899-1950622911-1001\$ROO02T3\ic-0.97d47ad4096d7.exe, Quarantined, [5af925288119ae882e3bab2bfe03b848], Trojan.Dropper, C:\Users\USER\AppData\Local\Temp\msconfig.exe, Quarantined, [0c4764e9e2b853e36f3bbdfd24e001ff], PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333732363137363438322d37785545412a503457324a57, Quarantined, [e17272db71295cda4e0d697c2ad83dc3], PUP.Optional.SearchModule, C:\Windows\Temp\SM_cache_chrome.exe.cache, Quarantined, [d1820845b5e5c96dfd9b0ca7fe05619f], PUP.Optional.SearchModule, C:\Windows\Temp\SM_cache_iexplore.exe.cache, Quarantined, [0c47de6f435793a3f3a5179c10f3f10f], PUP.Optional.MyBrowser, C:\Windows\System32\Tasks\IBUpd, Quarantined, [2d26c5885a407bbbc5f48040ff04f808], PUP.Optional.FakeIELaunch, C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, Quarantined, [242f1538376349ed37e23d85956e60a0], PUP.Optional.MyBrowser, C:\Windows\System32\Tasks\IBUpd2, Quarantined, [d2815af3940671c5cef69e4736cdde22], PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_P, Quarantined, [ce8558f5dbbf181e2db5b83f7e85639d], Physical Sectors: 0 (No malicious items detected) (end)