Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2015-09-20 Scan Time: 12:30 PM Logfile: mbam scan log.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.09.20.03 Rootkit Database: v2015.09.18.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Christine Scan Type: Threat Scan Result: Completed Objects Scanned: 396737 Time Elapsed: 31 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 18 PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\shopperz170920151519, Quarantined, [889be949315a9a9cc8f9b0d106fe21df], PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV18.09, Quarantined, [60c364cee7a456e03d40305b768e51af], PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV18.09-nv, Quarantined, [1c078da537542115780553381ce809f7], PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV18.09-nv-ie, Quarantined, [60c352e0a3e8bb7bee8f2d5e6e967789], PUP.Optional.CinemaPlus, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV18.09, Quarantined, [b96afa38a9e2ba7c49ce7913fe06a35d], PUP.Optional.CinemaPlus, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV18.09-nv, Quarantined, [a67df141b6d5300692858c00e91b738d], PUP.Optional.CinemaPlus, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV18.09-nv-ie, Quarantined, [b172d161becde353bf582963b74ddb25], PUP.Optional.PhraseProfessor, HKLM\SOFTWARE\WOW6432NODE\PhraseProfessor_1.10.0.21, Quarantined, [7fa42a0895f6ec4a75faecc36a9a2cd4], PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\WordWizard_1.10.0.24, Quarantined, [988bec464f3c94a266fb11c051b322de], PUP.Optional.PhraseProfessor, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PhraseProfessor_1.10.0.21, Quarantined, [69bac56df5964ee8630bfbb408fc9967], PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{83338CBB-5F79-4B2D-A1DC-2B749FB11725}, Quarantined, [4ad985adfd8ea98d217e84fdcf35857b], PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{83338CBB-5F79-4B2D-A1DC-2B749FB11725}, Quarantined, [41e281b1652671c5900f542dfa0a768a], PUP.Optional.Cinema, HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\CinemaP-1.9cV18.09, Quarantined, [9a89062c216abb7b8be97219fb09e917], PUP.Optional.Cinema, HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\CinemaP-1.9cV18.09-nv, Quarantined, [44df87abcebd9b9b81f3f7947e86cb35], PUP.Optional.Cinema, HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\CinemaP-1.9cV18.09-nv-ie, Quarantined, [6fb4949ec0cbb482383c672418eccd33], PUP.Optional.CinemaPlus, HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\CinemaPlus-3.2cV18.09, Quarantined, [c06345ed5d2e90a68d6a2f5c4cb88a76], PUP.Optional.CinemaPlus, HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\CinemaPlus-3.2cV18.09-nv, Quarantined, [55cef2400d7eb383da1df2990afa6e92], PUP.Optional.CinemaPlus, HKU\S-1-5-21-755935381-1260166776-3288764244-1001\SOFTWARE\CinemaPlus-3.2cV18.09-nv-ie, Quarantined, [f231c2700b804ceaa057f794d33148b8], Registry Values: 5 PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, MyBrowser, Quarantined, [5cc7e151315a83b30a636965986c44bc] PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, Quarantined, [7fa455dde7a40234a9c48d41ee1605fb] PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, MyBrowser, Quarantined, [b96a3ef47c0f6bcb74f96569679d9f61] PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{83338CBB-5F79-4B2D-a1DC-2B749FB11725}|Name, C:\Program Files\shopperz170920151519\Pafyf.exe, Quarantined, [4ad985adfd8ea98d217e84fdcf35857b] PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{83338CBB-5F79-4B2D-a1DC-2B749FB11725}|Name, C:\Program Files\shopperz170920151519\Pafyf.exe, Quarantined, [41e281b1652671c5900f542dfa0a768a] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 8 PUP.Optional.Nova, C:\Program Files (x86)\Adobe\1d8cb70c-5a08-48ac-92cd-d95ef514bd64.dll, Quarantined, [3fe43bf72e5db77f629f407e0ef38e72], PUP.Optional.CrossRider, C:\Program Files (x86)\Adobe\564d6902-f317-4685-98cb-a4bee8930b2a.dll, Quarantined, [b66d4be7bbd0e4524466981eb44d51af], PUP.Optional.Nova, C:\Program Files (x86)\Adobe\5bba334c-ba10-4c6f-af21-902430025fdd.dll, Quarantined, [ea394be78209310515ecf5c9d72a47b9], PUP.Optional.CrossRider, C:\Program Files (x86)\Adobe\e1e64e83-5d44-4a2e-b248-6abc5a869e31.dll, Quarantined, [b0730f231d6e082ec4e6a610b54c817f], Rootkit.Agent.A, C:\Windows\System32\drivers\bsdriver.sys, Delete-on-Reboot, [160d2012315a5fd76c4f6310dd2460a0], PUP.Optional.Shopperz.BrwsrFlsh, C:\Windows\System32\drivers\cherimoya.sys, Delete-on-Reboot, [051e280a35569b9b0b8522857b8a5ba5], Rootkit.Agent.A, C:\Windows\System32\drivers\cherimoya.sys, Delete-on-Reboot, [022178ba88035cdaa24ad4617093af51], PUP.Optional.IQIYI, C:\Windows\Fonts\iqiyi_logo.ttf, Quarantined, [7ca757dbd3b823130d54f7aae12316ea], Physical Sectors: 0 (No malicious items detected) (end)