Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 18.12.2014 Scan Time: 20:52:45 Logfile: MBAM.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.18.05 Rootkit Database: v2014.12.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: IcedInsanity Scan Type: Threat Scan Result: Completed Objects Scanned: 314436 Time Elapsed: 11 min, 37 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 9 PUP.Optional.InfoTrigger.A, HKU\S-1-5-21-679825473-3633097158-4084891219-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{93CD09AE-8875-4D49-8AF8-B1B2E7522C76}, Quarantined, [cb52085b8eee54e27f2bba1630d20000], PUP.Optional.InfoTrigger.A, HKU\S-1-5-21-679825473-3633097158-4084891219-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{93CD09AE-8875-4D49-8AF8-B1B2E7522C76}, Quarantined, [cb52085b8eee54e27f2bba1630d20000], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{90e09da0-0ad1-49b5-9322-1190a1ef7f5b}Gw64, Quarantined, [6bb2ea795a227db942afd09c45be8e72], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e4dc8fd4-f3a5-4e3d-bb2c-009536925e5d}Gw64, Quarantined, [c05d164d403c171ffcf519538d767888], PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [8a933033a2dad561db175ff97390d729], PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.4cV15.12-nv, Quarantined, [d8451a491f5da4929b60d68ffd06d22e], PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinemaP-1.4cV15.12, Quarantined, [c35ab3b0ee8e3204807cdf86f112ed13], PUP.Optional.CrossRider.A, HKU\S-1-5-21-679825473-3633097158-4084891219-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [849967fcdd9f3501ea8c655bf113916f], PUP.Optional.FileTypeAssistant, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Trusted Software Assistant_is1, Quarantined, [eb326ef54a3261d55d0982c102010af6], Registry Values: 0 (No malicious items detected) Registry Data: 6 PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV),Replaced,[26f7154e99e35adcbac4e384030234cc] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type=ds&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV&q={searchTerms}),Replaced,[68b5a8bbfc80f54166625f08e223e61a] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type=ds&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV&q={searchTerms}),Replaced,[36e770f3225afd39666369fe46bf49b7] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV),Replaced,[9e7fde85b4c849ed1e60d790f1144fb1] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type=ds&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV&q={searchTerms}),Replaced,[8c915d068fede35320a845226f96966a] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type=ds&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=ds&ts=1418679046&from=sfpsnew3&uid=ST500LT012-1DG142_S3P9QYYVXXXXS3P9QYYV&q={searchTerms}),Replaced,[869765fe0a7244f29f2a6dfa2bda7789] Folders: 1 PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant, Quarantined, [eb326ef54a3261d55d0982c102010af6], Files: 20 PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{90e09da0-0ad1-49b5-9322-1190a1ef7f5b}Gw64.sys, Delete-on-Reboot, [436446bc16d6f854c540cbd62b9e3fa3], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e4dc8fd4-f3a5-4e3d-bb2c-009536925e5d}Gw64.sys, Delete-on-Reboot, [092f4d6832a7d06af257a91f1c8f1fe2], PUP.Optional.CrossRider.A, C:\Users\IcedInsanity\AppData\Roaming\BPDI.exe, Quarantined, [64b96201e69681b5f209d5d0eb1a1de3], PUP.Optional.CrossRider.A, C:\Users\IcedInsanity\AppData\Roaming\WIBY.exe, Quarantined, [5bc2a6bddca0b97df7049a0b7a8bc43c], PUP.Optional.OpenCandy, C:\Users\IcedInsanity\Downloads\DAEMONToolsUltra240-0280.exe, Quarantined, [15087ee5e29a6ec887392d6ca461ce32], Hacktool.MSIL, C:\Users\IcedInsanity\Downloads\Setup_Hotmail_Account_Hacker.exe, Quarantined, [c95450130c703df98d66ce047c851ce4], PUP.Optional.MyStartSearch.A, C:\Users\IcedInsanity\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage, Delete-on-Reboot, [1409ec77d5a7c274c2fd282cd82b3bc5], PUP.Optional.MyStartSearch.A, C:\Users\IcedInsanity\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal, Quarantined, [0c11fb6899e31d19fbc477dd4ab933cd], PUP.Optional.FileTypeAssistant, C:\Windows\System32\Tasks\ProgramUpdateCheck, Quarantined, [b667d88b2458c571e70bc80742c24db3], PUP.Optional.FileTypeAssistant, C:\Windows\System32\Tasks\ProgramRefresh-ATFST, Quarantined, [a37a90d397e59b9b39baf2ddfd07bb45], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\ftacfg.exe, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\itdownload.dll, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\TSASetup.exe, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\tsassist.exe, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\tsassist.id, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\tsassist.pci, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\unins000.dat, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\unins000.exe, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\unins000.msg, Quarantined, [eb326ef54a3261d55d0982c102010af6], PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\unins000.ref, Quarantined, [eb326ef54a3261d55d0982c102010af6], Physical Sectors: 0 (No malicious items detected) (end)