Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 29/2/2016 Scan Time: 5:44 PM Logfile: 123.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.29.02 Rootkit Database: v2016.02.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Asus Scan Type: Threat Scan Result: Completed Objects Scanned: 364836 Time Elapsed: 21 min, 52 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 RiskWare.Tool.CK, C:\Windows\KMService.exe, 2112, , [2a4c44225346f046b02447cf18ea8f71] Modules: 0 (No malicious items detected) Registry Keys: 27 PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.RegCleanerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2733058-7D8A-408F-8D2C-1BB5C3FE39D3}, , [c4b21a4c891058de57423cc51ae925db], PUP.Optional.RegCleanerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASP, , [e294b0b6c4d558de70b21af35ba8867a], PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASAPI32, , [1e5885e1e2b793a33e8236f21be91ce4], PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASMANCS, , [482e590dc8d123133e826eba739153ad], PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\RegCleanPro_RASAPI32, , [7ef83a2cf3a63204884025398a7a2cd4], PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\RegCleanPro_RASMANCS, , [7bfbfc6a0b8ef442ecdcd886e71dc838], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, , [fb7b91d5b9e050e6cc5b9984d033ce32], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2947222688-3133148344-3423361558-1000\SOFTWARE\SYSTWEAK\ssd, , [393dd294eeab60d666c0ea333dc6946c], Registry Values: 1 PUP.Optional.RegCleanerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2733058-7D8A-408F-8D2C-1BB5C3FE39D3}|Path, \ASP, , [c4b21a4c891058de57423cc51ae925db] Registry Data: 0 (No malicious items detected) Folders: 9 PUP.Optional.SystemSpeedup, C:\Users\Asus\AppData\Roaming\systweak\ssd, , [443299cd18815bdbeda47a51758dfd03], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\2.1.1000.13665, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\Users\Asus\AppData\Roaming\systweak\Advanced-System-Protector, , [fe7879ed5f3ae0564b30963b19e98f71], PUP.Optional.AdvancedSystemProtector, C:\Users\Asus\AppData\Roaming\systweak\Advanced-System-Protector\2.1.1000.13665, , [fe7879ed5f3ae0564b30963b19e98f71], PUP.Optional.RegCleanerPro, C:\Users\Asus\AppData\Roaming\systweak\regclean pro, , [1363db8b0b8ea39333ae24cad032ca36], PUP.Optional.RegCleanerPro, C:\Users\Asus\AppData\Roaming\systweak\regclean pro\Version 6.1, , [1363db8b0b8ea39333ae24cad032ca36], Files: 41 RiskWare.Tool.CK, C:\Windows\KMService.exe, , [2a4c44225346f046b02447cf18ea8f71], HackTool.Agent, C:\Program Files\Adobe\ADOBE CS6 ACTIVATOR.exe, , [e690066098016ec88fd37d893ec2d927], PUP.Optional.RegCleanPro, C:\Windows\System32\roboot64.exe, , [9dd95214534682b4730a8848a65a3bc5], PUP.Optional.InstallMonetizer, C:\Users\Asus\AppData\Local\Temp\nsq29ED.tmp\nsManeshWeb.dll, , [7cfa82e47c1d5bdb6572aa8f649ed030], PUP.Optional.InstallCore, C:\Users\Asus\AppData\Local\Temp\nsq29ED.tmp\nsvmd.dll, , [4c2af274e3b6d660a09af6575fa3ac54], PUP.Optional.Wajam, C:\Users\Asus\AppData\Local\Temp\nsq29ED.tmp\OurChecker.exe, , [2056660078211323af6f8fa9c33f847c], PUP.Optional.InstallMonetizer, C:\Users\Asus\AppData\Local\Temp\nsy3BF7.tmp\nsManeshWeb.dll, , [8fe70e586435d95d08cff54471912ad6], PUP.Optional.InstallCore, C:\Users\Asus\AppData\Local\Temp\nsy3BF7.tmp\nsvmd.dll, , [a1d5b7af5841dc5ab288123b867c926e], PUP.Optional.Wajam, C:\Users\Asus\AppData\Local\Temp\nsy3BF7.tmp\OurChecker.exe, , [caacbcaafa9f74c2a27c6ccc8979ff01], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Local\Temp\HYD639B.tmp.1449558048\HTA\install.1449558048.zip, , [80f683e32475e353713d9260c341926e], PUP.Optional.OpenCandy, C:\Users\Asus\AppData\Local\Temp\HYD639B.tmp.1449558048\HTA\3rdparty\OCComSDK.dll, , [f08621452871171fd7d79b5753b13dc3], PUP.Optional.InstallMonetizer, C:\Users\Asus\AppData\Local\Temp\nsc447F.tmp\nsManeshWeb.dll, , [314588de5f3a40f6b027a594d03217e9], PUP.Optional.InstallCore, C:\Users\Asus\AppData\Local\Temp\nsc447F.tmp\nsvmd.dll, , [294d01658019b284c77391bca260956b], PUP.Optional.Wajam, C:\Users\Asus\AppData\Local\Temp\nsc447F.tmp\OurChecker.exe, , [43330d593168c67042dce05821e1b24e], PUP.Optional.Freemium, C:\Users\Asus\Downloads\download-windows-movie-maker.exe, , [d2a4b8ae1683c76f5586d24e42c335cb], PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, , [5e181c4a6a2f7fb7454411092fd433cd], PUP.Optional.SystemSpeedup, C:\Users\Asus\AppData\Roaming\systweak\ssd\SSDPTstub.exe, , [443299cd18815bdbeda47a51758dfd03], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\completedatabase.db, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Cookies.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\DigSign.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FilePathFIX.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FilePaths.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FileSignature.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Folders.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Md5.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Registry.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\SetupSign.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\StrSetupSign.bin, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\100oupdate.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1835completedatabase.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1912mupdate.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1913update.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1914update.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1915update.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1916update.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1917update.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1918update.zip, , [3c3aee788d0c7cba5229bf12f90924dc], PUP.Optional.AdvancedSystemProtector, C:\Users\Asus\AppData\Roaming\systweak\Advanced-System-Protector\QDetail.db, , [fe7879ed5f3ae0564b30963b19e98f71], PUP.Optional.AdvancedSystemProtector, C:\Users\Asus\AppData\Roaming\systweak\Advanced-System-Protector\Settings.db, , [fe7879ed5f3ae0564b30963b19e98f71], PUP.Optional.AdvancedSystemProtector, C:\Users\Asus\AppData\Roaming\systweak\Advanced-System-Protector\Update.ini, , [fe7879ed5f3ae0564b30963b19e98f71], PUP.Optional.AdvancedSystemProtector, C:\Users\Asus\AppData\Roaming\systweak\Advanced-System-Protector\2.1.1000.13665\ASPLog.txt, , [fe7879ed5f3ae0564b30963b19e98f71], Physical Sectors: 0 (No malicious items detected) (end)