Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30/11/2014 Scan Time: 12:12:20 Logfile: malwareresult.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.30.04 Rootkit Database: v2014.11.29.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Joey Scan Type: Threat Scan Result: Completed Objects Scanned: 373277 Time Elapsed: 15 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 13 PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [0fdd57ea0b71e0560a8d814208fac53b], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [0fdd57ea0b71e0560a8d814208fac53b], PUP.Optional.Spigot, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection, , [846851f0a0dc88ae7328e8ce17eaea16], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, , [c02c18296517290df8f36a1819eaf010], PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\klibnahbojhkanfgaglnlalfkgpcppfi, , [6a8251f0d5a7ab8bbbfc024b31d2bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, , [cb21aa97136976c08863641e2bd817e9], PUP.Optional.WhiteSmoke.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WhiteSmoke_US Toolbar, , [b8346ed391eb7cbab535bb975da63fc1], PUP.Optional.Conduit.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [06e65be6ec906fc71db17bc73ac9e818], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [cf1d0938a5d70f272d36621adc27bb45], PUP.Optional.Conduit.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\klibnahbojhkanfgaglnlalfkgpcppfi, , [22ca58e95f1d3105d9df62ebbc47867a], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, , [48a41e23c6b68ea81eccf88aac5725db], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [7b71b68b3e3e0135235ad1afb2514bb5], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [ffed87ba552710264f56e5b1d92bfb05], Registry Values: 2 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, , [806c1c256d0fb77f6788476ef70d4bb5] PUP.Optional.InstallCore.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O0R1R1H2Z1S1G0H1F, , [ffed87ba552710264f56e5b1d92bfb05] Registry Data: 3 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=frg_14_19_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0D0BtC0AtAyCtCtCtC0FyBtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyC0CyC0F0D0EzztG0CzztB0DtGtB0CtCzztGyDtBtB0EtGyCtA0FyCyCtBtByCzz0FyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0C0C0E0F0DtCtGyC0AyBtCtG0E0C0ByEtGtCzyyEzytGyD0F0FtDyE0B0F0FyE0D0CtB2Q&cr=1591304546&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=frg_14_19_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0D0BtC0AtAyCtCtCtC0FyBtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyC0CyC0F0D0EzztG0CzztB0DtGtB0CtCzztGyDtBtB0EtGyCtA0FyCyCtBtByCzz0FyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0C0C0E0F0DtCtGyC0AyBtCtG0E0C0ByEtGtCzyyEzytGyD0F0FtDyE0B0F0FyE0D0CtB2Q&cr=1591304546&ir=),,[f2fa67daff7d092db8d167f3eb1a19e7] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=frg_14_19_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0D0BtC0AtAyCtCtCtC0FyBtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyC0CyC0F0D0EzztG0CzztB0DtGtB0CtCzztGyDtBtB0EtGyCtA0FyCyCtBtByCzz0FyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0C0C0E0F0DtCtGyC0AyBtCtG0E0C0ByEtGtCzyyEzytGyD0F0FtDyE0B0F0FyE0D0CtB2Q&cr=1591304546&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=frg_14_19_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0D0BtC0AtAyCtCtCtC0FyBtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyC0CyC0F0D0EzztG0CzztB0DtGtB0CtCzztGyDtBtB0EtGyCtA0FyCyCtBtByCzz0FyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0C0C0E0F0DtCtGyC0AyBtCtG0E0C0ByEtGtCzyyEzytGyD0F0FtDyE0B0F0FyE0D0CtB2Q&cr=1591304546&ir=),,[1dcfa39eb6c67fb7c9c0e3778184d62a] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2828569535-3307695315-1286302524-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=frg_14_19_ch&cd=2xzuyetn2y1l1qzuydtdyeycyd0d0btc0atayctctctc0fybtn0d0tzu0szzydybtn1l2xzutbtftbtdtfyctftdtn1l1czutcyetdtatdyd1v1ttn1l1g1b1v1n2y1l1qzu2stayc0cyc0f0d0ezztg0czztb0dtgtb0ctczztgydtbtb0etgycta0fycyctbtbyczz0fyeyb2qtn1m1f1b2z1v1n2y1l1qzu2sye0b0c0c0e0f0dtctgyc0aybtctg0e0c0byetgtczyyezytgyd0f0ftdye0b0f0fye0d0ctb2q&cr=1591304546&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=frg_14_19_ch&cd=2xzuyetn2y1l1qzuydtdyeycyd0d0btc0atayctctctc0fybtn0d0tzu0szzydybtn1l2xzutbtftbtdtfyctftdtn1l1czutcyetdtatdyd1v1ttn1l1g1b1v1n2y1l1qzu2stayc0cyc0f0d0ezztg0czztb0dtgtb0ctczztgydtbtb0etgycta0fycyctbtbyczz0fyeyb2qtn1m1f1b2z1v1n2y1l1qzu2sye0b0c0c0e0f0dtctgyc0aybtctg0e0c0byetgtczyyezytgyd0f0ftdye0b0f0fye0d0ctb2q&cr=1591304546&ir=),,[f1fbb988e3990a2cf0980951917408f8] Folders: 3 PUP.Optional.MySearchDial.A, C:\Users\Joey\AppData\Roaming\mysearchdial, , [63893809aad262d43152c34d15ee18e8], PUP.Optional.MySearchDial.A, C:\Users\Joey\AppData\Roaming\mysearchdial\icons_2.20.6.0, , [63893809aad262d43152c34d15ee18e8], PUP.Optional.BrowseToSave.A, C:\Program Files (x86)\BrowseToSave, , [f6f6cf7292ea86b0690bb47b54af936d], Files: 5 PUP.Optional.OpenCandy, C:\Users\Joey\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe, , [2cc0271a8def89ad6fa7c8b94db8738d], PUP.Optional.Spigot, C:\Users\Joey\AppData\Roaming\Search Protection\SearchProtection.exe, , [ce1efa472f4d989ed9c4c8ee798826da], PUP.Optional.Spigot, C:\Users\Joey\AppData\Roaming\Search Protection\Uninstall.exe, , [846851f0a0dc88ae7328e8ce17eaea16], Adware.Kraddare.gen, C:\Users\Joey\Downloads\Yesterdata-DataRecovery.exe, , [bb318ab7dca0e2548fdec40e39c78878], PUP.Optional.Conduit, C:\Users\Joey\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx, , [ac4021203c4040f6b32873e313f07b85], Physical Sectors: 0 (No malicious items detected) (end)