Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/10/2016 Scan Time: 5:56 PM Logfile: malware 1.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.07.10.03 Rootkit Database: v2016.05.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: omar Scan Type: Threat Scan Result: Completed Objects Scanned: 328685 Time Elapsed: 16 min, 10 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 32 PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WAJAMINTERNETENHANCER.EXE, Quarantined, [8dce24fe0793979fa9cf7432649f42be], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WAJAMINTERNETENHANCERAPP.EXE, Quarantined, [9cbfa2803a60191d04742a7cab587888], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WAJAMINTERNETENHANCERAPPSERVICE.EXE, Quarantined, [7cdf3be7d4c603339ddb0e9803005aa6], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WAJAMINTERNETENHANCERSERVICE.EXE, Quarantined, [afac59c9d0ca43f38aee6244b74c867a], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQLEADS.EXE, Quarantined, [590251d1c5d5a39340fd586c2ed512ee], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQLEADSAPPLICATION.EXE, Quarantined, [411a79a95446b680da63b80cdb288c74], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQLEADSSERVICE.EXE, Quarantined, [d18a26fc5a4022147cc109bbdc2722de], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQQUOTES.EXE, Quarantined, [5605b36f881290a6bdbd2a7cda29da26], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CONTENTEXPLORER.EXE, Quarantined, [1e3d958d48525dd9bec8baec15ee728e], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DONUTLEADS.EXE, Quarantined, [05560022297143f3840ad6d040c338c8], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DONUTQUOTES.EXE, Quarantined, [75e6fe24a2f8f6409cf3f7af887bb24e], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INTERNETENHANCER.EXE, Quarantined, [4417081aeeac9d9950eee4e058ab26da], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INTERNETENHANCERSERVICE.EXE, Quarantined, [5407f032eeac280e81bd70548b78c838], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PASTALEADS.EXE, Quarantined, [f566ce54fe9cb383f4b9a9fd758ed22e], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PASTAQUOTES.EXE, Quarantined, [28337ea41783270f723ca8fe08fb21df], PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\THEANSWERFINDER.EXE, Quarantined, [c992e63cc7d3d85e10b34363689b1ee2], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WAJAMINTERNETENHANCER.EXE, Quarantined, [dd7e46dc2872e74f0d6b5551976c05fb], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WAJAMINTERNETENHANCERAPP.EXE, Quarantined, [aeadb76bdac00e286d0b8125a85bbc44], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WAJAMINTERNETENHANCERAPPSERVICE.EXE, Quarantined, [1744cd554a5065d153252d79a261649c], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WAJAMINTERNETENHANCERSERVICE.EXE, Quarantined, [9fbcac76554593a35127d0d6ab58ab55], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQLEADS.EXE, Quarantined, [2c2fb1710f8b58de3607cafa48bb55ab], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQLEADSAPPLICATION.EXE, Quarantined, [8dce0a182377be7887b67d47e22127d9], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQLEADSSERVICE.EXE, Quarantined, [3b20f32f3e5c2214f8451aaaf013b34d], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQQUOTES.EXE, Quarantined, [590243df8b0f54e2e4962a7c659e59a7], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CONTENTEXPLORER.EXE, Quarantined, [97c4c35fa6f49d99087ebde9da29e51b], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DONUTLEADS.EXE, Quarantined, [d18a37ebc4d663d35a34208644bf38c8], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DONUTQUOTES.EXE, Quarantined, [70eb140ef8a21e18eba4fda97390ee12], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INTERNETENHANCER.EXE, Quarantined, [6dee3ce60d8d0234a896be0691727f81], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INTERNETENHANCERSERVICE.EXE, Quarantined, [95c6af734d4d81b5a39b804420e3fe02], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PASTALEADS.EXE, Quarantined, [7cdf051d4258989e802d3c6aef14ae52], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PASTAQUOTES.EXE, Quarantined, [74e7f82a7c1e7cba5757426454af9967], PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\THEANSWERFINDER.EXE, Quarantined, [84d72df56e2c84b2eed536704db602fe], Registry Values: 32 PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wajaminternetenhancer.exe|debugger, TaskList.exe, Quarantined, [8dce24fe0793979fa9cf7432649f42be] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WajamInternetEnhancerApp.exe|debugger, TaskList.exe, Quarantined, [9cbfa2803a60191d04742a7cab587888] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WajamInternetEnhancerAppservice.exe|debugger, TaskList.exe, Quarantined, [7cdf3be7d4c603339ddb0e9803005aa6] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wajaminternetenhancerservice.exe|debugger, TaskList.exe, Quarantined, [afac59c9d0ca43f38aee6244b74c867a] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bbqleads.exe|debugger, TaskList.exe, Quarantined, [590251d1c5d5a39340fd586c2ed512ee] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bbqleadsapplication.exe|debugger, TaskList.exe, Quarantined, [411a79a95446b680da63b80cdb288c74] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bbqleadsservice.exe|debugger, TaskList.exe, Quarantined, [d18a26fc5a4022147cc109bbdc2722de] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQQUOTES.EXE|debugger, TaskList.exe, Quarantined, [5605b36f881290a6bdbd2a7cda29da26] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CONTENTEXPLORER.EXE|debugger, TaskList.exe, Quarantined, [1e3d958d48525dd9bec8baec15ee728e] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DONUTLEADS.EXE|debugger, TaskList.exe, Quarantined, [05560022297143f3840ad6d040c338c8] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DONUTQUOTES.EXE|debugger, TaskList.exe, Quarantined, [75e6fe24a2f8f6409cf3f7af887bb24e] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\internetenhancer.exe|debugger, TaskList.exe, Quarantined, [4417081aeeac9d9950eee4e058ab26da] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\internetenhancerservice.exe|debugger, TaskList.exe, Quarantined, [5407f032eeac280e81bd70548b78c838] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PASTALEADS.EXE|debugger, TaskList.exe, Quarantined, [f566ce54fe9cb383f4b9a9fd758ed22e] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PASTAQUOTES.EXE|debugger, TaskList.exe, Quarantined, [28337ea41783270f723ca8fe08fb21df] PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\THEANSWERFINDER.EXE|debugger, TaskList.exe, Quarantined, [c992e63cc7d3d85e10b34363689b1ee2] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wajaminternetenhancer.exe|debugger, TaskList.exe, Quarantined, [dd7e46dc2872e74f0d6b5551976c05fb] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WajamInternetEnhancerApp.exe|debugger, TaskList.exe, Quarantined, [aeadb76bdac00e286d0b8125a85bbc44] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WajamInternetEnhancerAppservice.exe|debugger, TaskList.exe, Quarantined, [1744cd554a5065d153252d79a261649c] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wajaminternetenhancerservice.exe|debugger, TaskList.exe, Quarantined, [9fbcac76554593a35127d0d6ab58ab55] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bbqleads.exe|debugger, TaskList.exe, Quarantined, [2c2fb1710f8b58de3607cafa48bb55ab] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bbqleadsapplication.exe|debugger, TaskList.exe, Quarantined, [8dce0a182377be7887b67d47e22127d9] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bbqleadsservice.exe|debugger, TaskList.exe, Quarantined, [3b20f32f3e5c2214f8451aaaf013b34d] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BBQQUOTES.EXE|debugger, TaskList.exe, Quarantined, [590243df8b0f54e2e4962a7c659e59a7] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CONTENTEXPLORER.EXE|debugger, TaskList.exe, Quarantined, [97c4c35fa6f49d99087ebde9da29e51b] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DONUTLEADS.EXE|debugger, TaskList.exe, Quarantined, [d18a37ebc4d663d35a34208644bf38c8] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DONUTQUOTES.EXE|debugger, TaskList.exe, Quarantined, [70eb140ef8a21e18eba4fda97390ee12] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\internetenhancer.exe|debugger, TaskList.exe, Quarantined, [6dee3ce60d8d0234a896be0691727f81] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\internetenhancerservice.exe|debugger, TaskList.exe, Quarantined, [95c6af734d4d81b5a39b804420e3fe02] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PASTALEADS.EXE|debugger, TaskList.exe, Quarantined, [7cdf051d4258989e802d3c6aef14ae52] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PASTAQUOTES.EXE|debugger, TaskList.exe, Quarantined, [74e7f82a7c1e7cba5757426454af9967] PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\THEANSWERFINDER.EXE|debugger, TaskList.exe, Quarantined, [84d72df56e2c84b2eed536704db602fe] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.APNToolBar, C:\Users\omar\Downloads\YTDSetup.exe, Quarantined, [382354cee0ba39fdca0b60c9e021e11f], PUP.Optional.IBryte, C:\Users\omar\AppData\Local\43f1d735-792f-4457-a07e-bb91dcd6cc08\sysad.exe, Quarantined, [c992d44e6b2f5dd9389cd94f58a9a15f], Physical Sectors: 0 (No malicious items detected) (end)