Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 14/04/2015 Scan Time: 10:27:34 Logfile: Malwarebytes log.txt Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.04.14.02 Rootkit Database: v2015.03.31.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kaktus Scan Type: Custom Scan Result: Completed Objects Scanned: 581044 Time Elapsed: 2 hr, 43 min, 10 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 24 PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{653549b5-5e8f-4862-84f9-f78b887b8a18}, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{653549B5-5E8F-4862-84F9-F78B887B8A18}, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P653549b5_5e8f_4862_84f9_f78b887b8a18_.P653549b5_5e8f_4862_84f9_f78b887b8a18_, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P653549b5_5e8f_4862_84f9_f78b887b8a18_.P653549b5_5e8f_4862_84f9_f78b887b8a18_.9, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P653549b5_5e8f_4862_84f9_f78b887b8a18_.P653549b5_5e8f_4862_84f9_f78b887b8a18_, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P653549b5_5e8f_4862_84f9_f78b887b8a18_.P653549b5_5e8f_4862_84f9_f78b887b8a18_.9, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P653549b5_5e8f_4862_84f9_f78b887b8a18_.P653549b5_5e8f_4862_84f9_f78b887b8a18_, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P653549b5_5e8f_4862_84f9_f78b887b8a18_.P653549b5_5e8f_4862_84f9_f78b887b8a18_.9, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKU\S-1-5-21-3030238434-3008618196-960345281-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{653549B5-5E8F-4862-84F9-F78B887B8A18}, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{653549B5-5E8F-4862-84F9-F78B887B8A18}, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{653549B5-5E8F-4862-84F9-F78B887B8A18}\INPROCSERVER32, Quarantined, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{d4527b9d-7d3c-43a3-a541-f637da72e802}, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4527B9D-7D3C-43A3-A541-F637DA72E802}, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pd4527b9d_7d3c_43a3_a541_f637da72e802_.Pd4527b9d_7d3c_43a3_a541_f637da72e802_, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pd4527b9d_7d3c_43a3_a541_f637da72e802_.Pd4527b9d_7d3c_43a3_a541_f637da72e802_.9, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pd4527b9d_7d3c_43a3_a541_f637da72e802_.Pd4527b9d_7d3c_43a3_a541_f637da72e802_, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pd4527b9d_7d3c_43a3_a541_f637da72e802_.Pd4527b9d_7d3c_43a3_a541_f637da72e802_.9, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Pd4527b9d_7d3c_43a3_a541_f637da72e802_.Pd4527b9d_7d3c_43a3_a541_f637da72e802_, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Pd4527b9d_7d3c_43a3_a541_f637da72e802_.Pd4527b9d_7d3c_43a3_a541_f637da72e802_.9, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D4527B9D-7D3C-43A3-A541-F637DA72E802}, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{D4527B9D-7D3C-43A3-A541-F637DA72E802}\INPROCSERVER32, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.Multiplug, HKU\S-1-5-21-3030238434-3008618196-960345281-1001_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [6d0d72fab1d91c1a4f63f14a778cf50b], PUP.Optional.Multiplug, HKU\S-1-5-21-3030238434-3008618196-960345281-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [6d0d72fab1d91c1a4f63f14a778cf50b], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-3030238434-3008618196-960345281-1001\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [87f3fa726d1dd165fd7ab853b54f17e9], Registry Values: 1 PUP.Optional.Spigot.A, HKU\S-1-5-21-3030238434-3008618196-960345281-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1C21D719-C031-482D-A625-A9A98863372B}|URL, https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}, Quarantined, [fe7cbab2cdbd34023eb9ffbf9e658b75] Registry Data: 0 (No malicious items detected) Folders: 6 PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofdlilkmbjagefccebhmhaiijmbnl\1.1, Quarantined, [8eec6b01b2d81c1a309d4a0a7a8b51af], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofdlilkmbjagefccebhmhaiijmbnl, Quarantined, [8eec6b01b2d81c1a309d4a0a7a8b51af], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb\132, Quarantined, [0f6bde8e0486ed49dbf2d57fa560e917], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb, Quarantined, [0f6bde8e0486ed49dbf2d57fa560e917], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Roaming\Mozilla\Firefox\Profiles\y34sbkho.default\extensions\sC77t@G.edu\content, Quarantined, [b8c2a9c31d6d2e08a13ade76ba4b619f], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Roaming\Mozilla\Firefox\Profiles\y34sbkho.default\extensions\sC77t@G.edu, Quarantined, [b8c2a9c31d6d2e08a13ade76ba4b619f], Files: 25 PUP.Optional.Multiplug, C:\Program Files (x86)\AdDToThis\H8bXSSHCTEChaY.x64.dll, Delete-on-Reboot, [22587cf0ef9b5cda2a9693a861a1f60a], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SpaceCCoeuPonuApp\Pdl6HBbLUkx94K.x64.dll, Quarantined, [4b2f7cf00387d85e5c61ef53867c768a], PUP.Optional.Multiplug, C:\Users\Kaktus\AppData\Local\Temp\83A8\temp\5AF4.exe, Quarantined, [6d0d72fab1d91c1a4f63f14a778cf50b], PUP.Optional.Spigot.SID, C:\Users\Kaktus\AppData\Local\Temp\utt5B79.tmp.exe, Quarantined, [97e3c9a3cfbbf046329ee35907ff966a], PUP.Optional.Spigot, C:\Users\Kaktus\AppData\Local\Temp\SearchProtectionSetup.exe, Quarantined, [15650765f09ace68bcf0ac2e61a0b848], PUP.Optional.Spigot.SID, C:\Users\Kaktus\AppData\Local\Temp\~sp7551.tmp, Quarantined, [7307bdafd4b6d660a9274def6d9939c7], PUP.Optional.OpenCandy, C:\Users\Kaktus\AppData\Local\Temp\NeroInstallFiles\NERO20131212105334547\ISSetupPrerequisites\opencandy\OCSetupHlp.dll, Quarantined, [2f4b19530e7c59ddd9c3bd6bf4129d63], PUP.Optional.Spigot.A, C:\Users\Kaktus\AppData\Roaming\Mozilla\Firefox\Profiles\y34sbkho.default\searchplugins\yahoo_ff.xml, Quarantined, [6812ff6db1d9c4723d792ea145be8977], PUP.Optional.ShoppingGate.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [96e4dc90bdcd66d050e5cc2d48bbf808], PUP.Optional.ShoppingGate.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [f189313bdbafa29453e25e9b669d8779], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofdlilkmbjagefccebhmhaiijmbnl\1.1\lsdb.js, Quarantined, [8eec6b01b2d81c1a309d4a0a7a8b51af], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofdlilkmbjagefccebhmhaiijmbnl\1.1\background.html, Quarantined, [8eec6b01b2d81c1a309d4a0a7a8b51af], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofdlilkmbjagefccebhmhaiijmbnl\1.1\CCFL.js, Quarantined, [8eec6b01b2d81c1a309d4a0a7a8b51af], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofdlilkmbjagefccebhmhaiijmbnl\1.1\content.js, Quarantined, [8eec6b01b2d81c1a309d4a0a7a8b51af], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofdlilkmbjagefccebhmhaiijmbnl\1.1\manifest.json, Quarantined, [8eec6b01b2d81c1a309d4a0a7a8b51af], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb\132\lsdb.js, Quarantined, [0f6bde8e0486ed49dbf2d57fa560e917], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb\132\background.html, Quarantined, [0f6bde8e0486ed49dbf2d57fa560e917], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb\132\content.js, Quarantined, [0f6bde8e0486ed49dbf2d57fa560e917], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb\132\fM.js, Quarantined, [0f6bde8e0486ed49dbf2d57fa560e917], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb\132\manifest.json, Quarantined, [0f6bde8e0486ed49dbf2d57fa560e917], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Roaming\Mozilla\Firefox\Profiles\y34sbkho.default\extensions\sC77t@G.edu\content\bg.js, Quarantined, [b8c2a9c31d6d2e08a13ade76ba4b619f], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Roaming\Mozilla\Firefox\Profiles\y34sbkho.default\extensions\sC77t@G.edu\bootstrap.js, Quarantined, [b8c2a9c31d6d2e08a13ade76ba4b619f], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Roaming\Mozilla\Firefox\Profiles\y34sbkho.default\extensions\sC77t@G.edu\chrome.manifest, Quarantined, [b8c2a9c31d6d2e08a13ade76ba4b619f], PUP.Optional.MultiPlug.A, C:\Users\Kaktus\AppData\Roaming\Mozilla\Firefox\Profiles\y34sbkho.default\extensions\sC77t@G.edu\install.rdf, Quarantined, [b8c2a9c31d6d2e08a13ade76ba4b619f], PUP.Optional.Spigot.A, C:\Users\Kaktus\AppData\Roaming\Mozilla\Firefox\Profiles\y34sbkho.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=");), Replaced,[7a00dc902b5f51e541aa18257492649c] Physical Sectors: 0 (No malicious items detected) (end)