Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2014-07-07 Scan Time: 21:34:18 Logfile: mbm.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.07.08 Rootkit Database: v2014.07.03.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Malagorzala Scan Type: Threat Scan Result: Completed Objects Scanned: 309965 Time Elapsed: 9 min, 55 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 8 PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [3a7a1b81b4c71d19a9ab460edc2648b8], PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [3a7a1b81b4c71d19a9ab460edc2648b8], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3332081184-1491823389-1171079222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [3f75ccd005765cda32a7391425dd817f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [3f75ccd005765cda32a7391425dd817f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [2f85aeee7a0154e2b35bddd90ef48b75], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3332081184-1491823389-1171079222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [e8cc1e7ef289f442e5d339a1e121649c], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3332081184-1491823389-1171079222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [0fa59309bcbfbc7ad5ed9c54c53e1ae6], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3332081184-1491823389-1171079222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [b9fb5d3f502bde582ee1eec826dca759], Registry Values: 4 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, , [2f85aeee7a0154e2b35bddd90ef48b75] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, , [d4e09b016d0e57dfaeb4040c2fd539c7] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3332081184-1491823389-1171079222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O1C1R1H2Z1S1G1M1F, , [0fa59309bcbfbc7ad5ed9c54c53e1ae6] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3332081184-1491823389-1171079222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, , [b9fb5d3f502bde582ee1eec826dca759] Registry Data: 1 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0FyCyDyDyD0F0EtBtAyEtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0CyByEyDtDtDtGtByE0FzytGtCzz0EzytG0D0DtB0CtGyE0DyB0Ezz0AzzyDzyyCtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEtCyDyE0DtByEtGtD0A0B0BtGtAyB0EyEtGtDtBtC0FtGtAtD0CtAyB0C0D0BtDyCtC0D2Q&cr=702952702&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0FyCyDyDyD0F0EtBtAyEtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0CyByEyDtDtDtGtByE0FzytGtCzz0EzytG0D0DtB0CtGyE0DyB0Ezz0AzzyDzyyCtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEtCyDyE0DtByEtGtD0A0B0BtGtAyB0EyEtGtDtBtC0FtGtAtD0CtAyB0C0D0BtDyCtC0D2Q&cr=702952702&ir=),,[dcd8f0ac2d4e43f3dd2c1b7bae56b34d] Folders: 2 PUP.Optional.NextLive.A, C:\Users\Malagorzala\AppData\Roaming\newnext.me, , [bcf8cad2e6952f077d722d6e3bc7e719], PUP.Optional.NextLive.A, C:\Users\Malagorzala\AppData\Roaming\newnext.me\cache, , [bcf8cad2e6952f077d722d6e3bc7e719], Files: 10 PUP.Optional.Somoto, C:\Users\Malagorzala\AppData\Local\Temp\bitool.dll, , [7143fca01566b581a8bfc664837f758b], PUP.Optional.Somoto, C:\Users\Malagorzala\AppData\Local\Temp\nsk8E10.tmp, , [6450009c7407013566d441de60a43bc5], PUP.Optional.OpenCandy, C:\Users\Malagorzala\AppData\Local\Temp\DTLite4491-0356.exe, , [892b4d4f7506c67027f0a714aa5abb45], PUP.Optional.OpenCandy, C:\Users\Malagorzala\AppData\Local\Temp\nszAD13.tmp\OCSetupHlp.dll, , [278d5844730842f49681b605e81c857b], PUP.Optional.Monetizer, C:\Users\Malagorzala\AppData\Local\Temp\is-B9OGU.tmp\CBStub.exe, , [e2d22b71bac11e18455078c2877b1fe1], PUP.Optional.Monetizer, C:\Users\Malagorzala\AppData\Local\Temp\is-77M1H.tmp\CBStub.exe, , [5b59425a84f73600f99c96a459a98e72], PUP.Optional.OpenCandy, C:\Users\Malagorzala\Downloads\DTLite4481-0347(dobreprogramy.pl).exe, , [991bf6a67dfe68ce70a7e1daad576c94], PUP.Optional.MySearchDial.A, C:\Users\Malagorzala\AppData\Roaming\Mozilla\Firefox\Profiles\c73webav.default\searchplugins\Mysearchdial.xml, , [af05fe9ede9d171f224e943c12f006fa], PUP.Optional.NextLive.A, C:\Users\Malagorzala\AppData\Roaming\newnext.me\nengine.cookie, , [bcf8cad2e6952f077d722d6e3bc7e719], PUP.Optional.NextLive.A, C:\Users\Malagorzala\AppData\Roaming\newnext.me\cache\spark.bin, , [bcf8cad2e6952f077d722d6e3bc7e719], Physical Sectors: 0 (No malicious items detected) (end)