Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30/08/2015 Scan Time: 10:25 Logfile: mbam.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.29.05 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Marianne Scan Type: Threat Scan Result: Completed Objects Scanned: 341425 Time Elapsed: 20 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.IOProtect, C:\Users\Marianne\AppData\Local\Temp\WIZZ\ioproduct.exe, 3744, Delete-on-Reboot, [4257c14dd0bbcf679c18d1c53ec66898] PUP.Optional.IOProtect, C:\Users\Marianne\AppData\Local\Temp\WIZZ\ioprotect.exe, 3884, Delete-on-Reboot, [4257c14dd0bbcf679c18d1c53ec66898] Modules: 0 (No malicious items detected) Registry Keys: 6 PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\HQ_Video_2.1V28.08, Quarantined, [a0f952bc454626108384c2c6ba4aad53], PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MyBrowser 1.0.2V29.08, Quarantined, [b2e7f21c3754ef47535aacf447bdf709], PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\WIntEnhancer, Quarantined, [70295cb279125dd979a02f8b0afaac54], PUP.Optional.MyBrowser, HKU\S-1-5-18\SOFTWARE\MyBrowser 1.0.2V29.08-nv, Quarantined, [5c3de12d048756e03676346ca95b1ce4], PUP.Optional.MyBrowser, HKU\S-1-5-21-3452607516-3714550235-3732008897-1001\SOFTWARE\MyBrowser 1.0.2V29.08, Quarantined, [fc9d25e9e6a5d462a10b069ad82cad53], PUP.Optional.Wajam, HKU\S-1-5-21-3452607516-3714550235-3732008897-1001\SOFTWARE\WIntEnhancer, Quarantined, [afea20eec5c6ee48bf3b15a46c987888], Registry Values: 4 PUP.Optional.IOProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|IOPROTECT, C:\Users\Marianne\AppData\Local\Temp\WIZZ\ioproduct_service.bat, Quarantined, [4257c14dd0bbcf679c18d1c53ec66898] PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, Crossbrowse, Quarantined, [e7b2fa145338d1655bba95f08084a15f] PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, Quarantined, [693042cc3754fe388a8b92f356aeb947] PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, Crossbrowse, Quarantined, [3e5b040a276465d159bc95f0ab5941bf] Registry Data: 0 (No malicious items detected) Folders: 8 PUP.Optional.CrossRider, C:\Program Files (x86)\HQ_Video_2.1V28.08, Quarantined, [3465c846bad1ed4904a52462778d1be5], PUP.Optional.IOProtect, C:\Users\Marianne\AppData\Local\Temp\WIZZ, Delete-on-Reboot, [4257c14dd0bbcf679c18d1c53ec66898], PUP.Optional.GlobalUpdate, C:\Users\Marianne\AppData\Local\Temp\comh.299320, Quarantined, [4059927ce1aafb3b309940c88a79a957], PUP.Optional.GlobalUpdate, C:\Users\Marianne\AppData\Local\Temp\comh.314711, Quarantined, [d4c537d79fec8da9824710f83dc601ff], PUP.Optional.Wajam, C:\Program Files (x86)\WIntEnhancer, Quarantined, [63361bf3ff8c162074d9b9643dc67c84], PUP.Optional.Wajam, C:\Program Files (x86)\WIntEnhancer\WIntEnhancer Internet Enhancer, Quarantined, [63361bf3ff8c162074d9b9643dc67c84], PUP.Optional.PullUpdate, C:\ProgramData\fmqTHARNtS\dat, Quarantined, [a2f7ab63018a25112b613e5add28e51b], PUP.Optional.PullUpdate, C:\ProgramData\fmqTHARNtS, Quarantined, [a2f7ab63018a25112b613e5add28e51b], Files: 66 Adware.PullUpdate, C:\ProgramData\fmqTHARNtS\dat\aClIcT.dll, Quarantined, [fc9dc846553679bd529f487be61b53ad], PUP.Optional.ZombieInvasion, C:\ProgramData\fmqTHARNtS\dat\cftfiiOeg.dll, Quarantined, [cecb67a7305bcc6a585291c0c441d22e], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\19bbb379-1b22-409a-ad1b-51bd9eaa6f13-10.exe, Quarantined, [f9a03fcf2665f640246b721e40c504fc], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\19bbb379-1b22-409a-ad1b-51bd9eaa6f13-3.exe, Quarantined, [c8d1d836612a3ff7830cdab609fce11f], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\19bbb379-1b22-409a-ad1b-51bd9eaa6f13-6.exe, Quarantined, [3e5b62acb8d3b87e028d632d6e97db25], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\19bbb379-1b22-409a-ad1b-51bd9eaa6f13-64.exe, Quarantined, [d0c98e800a8154e2454a335dae573fc1], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\19bbb379-1b22-409a-ad1b-51bd9eaa6f13-7.exe, Quarantined, [80190806e8a343f35e312070b74e48b8], PUP.Optional.ModGoog, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\globalupdate.exe, Quarantined, [e2b724ea800b0333257db1d5a958619f], PUP.Optional.ModGoog, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\globalupdateBroker.exe, Quarantined, [fc9dbf4f85064ceaacf69de950b1d62a], PUP.Optional.ModGoog, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\globalupdateCrashHandler.exe, Quarantined, [9bfe0d01246736006042c2c4e61bfe02], PUP.Optional.ModGoog, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\globalupdateOnDemand.exe, Quarantined, [148515f90a81a195366c4b3b7190fc04], PUP.Optional.ModGoog, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\goopdate.dll, Quarantined, [3465e42ab3d8092d5151394df30e916f], PUP.Optional.ModGoog, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\goopdateres_en.dll, Quarantined, [5e3bac62c6c5d2646a38fb8b39c8d729], PUP.Optional.WebShield, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\HqRhWb.exe, Quarantined, [9cfd7995b9d20d2994715f77b94854ac], PUP.Optional.WebShield, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\pjuGcv.exe, Quarantined, [8c0dce409eed0333af568a4c758c7888], PUP.Optional.Bundle, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\ProtectService.exe, Quarantined, [78218d81850664d25849197f6a9860a0], PUP.Optional.ModGoog, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\psmachine.dll, Quarantined, [2a6fea249eed62d4f1b12f570bf6c43c], PUP.Optional.ModGoog, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\psuser.dll, Quarantined, [6138be5077140432a7fb0b7b7d848b75], PUP.Optional.CrossRider, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\utility.exe, Quarantined, [4e4b9c72d5b638fe8a58c2cf9c69a55b], PUP.Optional.WProtectManager, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\WdsManPro.exe, Quarantined, [d8c1ce40375491a5fc2823700bfa7987], PUP.Optional.WebShield, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\xmeFjSUiL.exe, Quarantined, [9207b7570b80221455b0498d06fbe61a], Adware.PullUpdate, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\mseusawe.exe, Quarantined, [e1b84dc155368fa70f1f3a9041c0d030], PUP.Optional.Nova, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\43f06783-6e60-41e1-b4ec-c79cf0d00603\01b599d4-4320-4209-9397-9d0507e6904f.dll, Quarantined, [0693a36b98f3e0568017c40f22dfcd33], PUP.Optional.CrossRider, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\43f06783-6e60-41e1-b4ec-c79cf0d00603\cf87e3a5-a5d9-4bd9-8a3f-5c3fdcc6347b.dll, Quarantined, [9504bf4f0a81c5713cdee1ebc938946c], PUP.Optional.PullUpdate, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\WebShield\WebShield\Uninstall.exe, Quarantined, [3b5e0d01e3a83df9bfee70223acbf10f], PUP.Optional.MiniLite, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\MiniLite\Uninstall.exe, Quarantined, [a8f157b79cef0b2be43b686b9f6250b0], PUP.Optional.CrossRider, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\MyBrowser 1.0.2V29.08\1dd2f273-0284-4551-adfc-cc855f5a1717.dll, Quarantined, [d7c254bac8c3e650fe1c7b518e7344bc], PUP.Optional.Nova, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\MyBrowser 1.0.2V29.08\d34c0e51-9667-4210-96d4-bb87b3dd3ba7.dll, Quarantined, [fe9b808e98f391a556416e6519e8c13f], PUP.Optional.Downloader, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\MyBrowser 1.0.2V29.08\Uninstall.exe, Quarantined, [7623db33d4b7d56199f1bf1191707888], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\MyBrowser 1.0.2V29.08\UninstallBrw.exe, Quarantined, [4851d33baeddef47dcb3abe5e322f20e], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Roaming\ZHP\Quarantine\MyBrowser 1.0.2V29.08\utils.exe, Quarantined, [2a6ff91598f3a096474820708f765ca4], PUP.Optional.CrossRider, C:\Program Files (x86)\AGEIA Technologies\43f06783-6e60-41e1-b4ec-c79cf0d00603.dll, Quarantined, [396015f90e7d0e2873a7b01cc53cd927], PUP.Optional.Nova, C:\Program Files (x86)\AGEIA Technologies\a92366e9-dd60-425c-a2ca-8897c0ffde3a.dll, Quarantined, [653419f51873a4926f283a99887915eb], PUP.Optional.CrossRider, C:\Users\Marianne\AppData\Local\Temp\1222.exe, Quarantined, [b4e5aa641774c86ec220f39e1fe6f907], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Local\Temp\990.exe, Quarantined, [475252bc5635c5717718830df312847c], PUP.Optional.SystemNotifier, C:\Users\Marianne\AppData\Local\Temp\bsgxh1ie.4as\mini_installer.exe, Quarantined, [2d6c88867f0c87afa62f0f8149bce11f], PUP.Optional.WebShield, C:\Users\Marianne\AppData\Local\Temp\uhjcenzn.t1l\Setup.exe, Quarantined, [089142cc7615f0469d04411eda26d12f], PUP.Optional.MyBrowser, C:\Users\Marianne\AppData\Local\Temp\nsyBC87.tmp\Loiqp.exe, Quarantined, [3e5b22ec5437e84eb7d8c8c8f90c51af], PUP.Optional.CrossRider, C:\Users\Marianne\AppData\Local\Temp\i1vmfzhn.h5c\setup.exe, Quarantined, [8a0f67a77c0f072f1bfdd1bf24e16e92], PUP.Optional.EoRezo, C:\Users\Marianne\AppData\Local\Temp\is-0CFVK.tmp\package_csdi_oursurfing_installer_multilang.exe, Quarantined, [099031dd0982a0969a15904024dd36ca], PUP.Optional.SearchProtect, C:\Users\Marianne\AppData\Local\Temp\is-BQ7KP.tmp\package_secureprotect_installer_multilang.exe, Quarantined, [8e0baa64f19a24127b79b4a50ef21fe1], PUP.Optional.EoRezo, C:\Users\Marianne\AppData\Local\Temp\is-BQ7KP.tmp\380.exe, Quarantined, [f3a64dc1aedd3ff7ded119b751b0dc24], PUP.Optional.EoRezo, C:\Users\Marianne\AppData\Local\Temp\is-BQ7KP.tmp\381.exe, Quarantined, [a1f8e5292863979f159ae5eb877aa65a], PUP.Optional.EoRezo, C:\Users\Marianne\AppData\Local\Temp\is-BQ7KP.tmp\382.exe, Quarantined, [9dfcb35bed9e6cca6c435c749d6460a0], PUP.Optional.EoRezo, C:\Users\Marianne\AppData\Local\Temp\is-BQ7KP.tmp\491.exe, Quarantined, [4e4b020cbdceb284545b10c02dd49a66], PUP.Optional.EoRezo, C:\Users\Marianne\AppData\Local\Temp\is-BQ7KP.tmp\583.exe, Quarantined, [7821a965a0eb181ec8e70cc47a87b848], PUP.Optional.EoRezo, C:\Users\Marianne\AppData\Local\Temp\is-BQ7KP.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [c5d49b73f8933df99e1129a7ee13e11f], PUP.Optional.OurSeaching, C:\Users\Marianne\AppData\Local\Temp\is-VSSHE.tmp\csdi_oursurfing_soft_partner.exe, Quarantined, [3960e42a6f1cd5611a824050c93cd030], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Marianne\AppData\Local\Temp\j15a1z35.dtl\lly_istartsurf.exe, Quarantined, [3069f915ddaec86e1ad1e9a38382e31d], PUP.Optional.CrossRider, C:\Program Files (x86)\HQ_Video_2.1V28.08\bgNova.html, Quarantined, [3465c846bad1ed4904a52462778d1be5], PUP.Optional.IOProtect, C:\Users\Marianne\AppData\Local\Temp\WIZZ\ioprotect_conf.xml, Quarantined, [4257c14dd0bbcf679c18d1c53ec66898], PUP.Optional.IOProtect, C:\Users\Marianne\AppData\Local\Temp\WIZZ\config.cfg, Quarantined, [4257c14dd0bbcf679c18d1c53ec66898], PUP.Optional.IOProtect, C:\Users\Marianne\AppData\Local\Temp\WIZZ\ioproduct.exe, Delete-on-Reboot, [4257c14dd0bbcf679c18d1c53ec66898], PUP.Optional.IOProtect, C:\Users\Marianne\AppData\Local\Temp\WIZZ\ioproduct_service.bat, Quarantined, [4257c14dd0bbcf679c18d1c53ec66898], PUP.Optional.IOProtect, C:\Users\Marianne\AppData\Local\Temp\WIZZ\ioprotect.exe, Delete-on-Reboot, [4257c14dd0bbcf679c18d1c53ec66898], PUP.Optional.GlobalUpdate, C:\Users\Marianne\AppData\Local\Temp\comh.314711\globalupdateHelper.msi, Quarantined, [d4c537d79fec8da9824710f83dc601ff], PUP.Optional.Wajam, C:\Program Files (x86)\WIntEnhancer\WIntEnhancer Internet Enhancer\ApiHandlr.dll, Quarantined, [63361bf3ff8c162074d9b9643dc67c84], PUP.Optional.Wajam, C:\Program Files (x86)\WIntEnhancer\WIntEnhancer Internet Enhancer\FiddlerCore.dll, Quarantined, [63361bf3ff8c162074d9b9643dc67c84], PUP.Optional.Wajam, C:\Program Files (x86)\WIntEnhancer\WIntEnhancer Internet Enhancer\InternetEnhancer.exe, Quarantined, [63361bf3ff8c162074d9b9643dc67c84], PUP.Optional.Wajam, C:\Program Files (x86)\WIntEnhancer\WIntEnhancer Internet Enhancer\Newtonsoft.Json.dll, Quarantined, [63361bf3ff8c162074d9b9643dc67c84], PUP.Optional.PullUpdate, C:\ProgramData\fmqTHARNtS\dat\HqRhWb.exe.config, Quarantined, [a2f7ab63018a25112b613e5add28e51b], PUP.Optional.PullUpdate, C:\ProgramData\fmqTHARNtS\dat\aClIcT.dll, Quarantined, [a2f7ab63018a25112b613e5add28e51b], PUP.Optional.PullUpdate, C:\ProgramData\fmqTHARNtS\dat\pjuGcv.exe.config, Quarantined, [a2f7ab63018a25112b613e5add28e51b], PUP.Optional.PullUpdate, C:\ProgramData\fmqTHARNtS\info.dat, Quarantined, [a2f7ab63018a25112b613e5add28e51b], PUP.Optional.PullUpdate, C:\ProgramData\fmqTHARNtS\xmeFjSUiL.dat, Quarantined, [a2f7ab63018a25112b613e5add28e51b], PUP.Optional.PullUpdate, C:\ProgramData\fmqTHARNtS\xmeFjSUiL.exe.config, Quarantined, [a2f7ab63018a25112b613e5add28e51b], Physical Sectors: 0 (No malicious items detected) (end)