Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/22/17
Scan Time: 9:28 PM
Log File: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1996
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DrSergioO-PC\DrSergioO

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345925
Threats Detected: 49
Threats Quarantined: 49
Time Elapsed: 10 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 23
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO.1, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334845FA4}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23B8D468-7358-408C-B1AC-8BAE2A610C41}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKU\S-1-5-21-1666441202-2923180633-3087363653-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.RussAd, HKU\S-1-5-21-1666441202-2923180633-3087363653-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarantined, [12], [351113],1.0.1996
PUP.Optional.MailRu, HKU\S-1-5-21-1666441202-2923180633-3087363653-1000\SOFTWARE\Mail.Ru, Quarantined, [989], [387290],1.0.1996
PUP.Optional.MailRu, HKU\S-1-5-21-1666441202-2923180633-3087363653-1000\SOFTWARE\APPDATALOW\SOFTWARE\Mail.Ru, Quarantined, [989], [389765],1.0.1996
PUP.Optional.AdvancedPCFixer, HKLM\SOFTWARE\Advanced-PCFixer For DRSERGIOO-PC, Quarantined, [1525], [391417],1.0.1996
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\apcfx-pr, Quarantined, [73], [369369],1.0.1996
PUP.Optional.SysNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\sysnet, Quarantined, [12846], [182990],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\wupdate, Quarantined, [12], [378183],1.0.1996
PUP.Optional.SysNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A9A1F505-78D1-41D4-A249-B4D6589BB1C5}, Quarantined, [12846], [182989],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F154F80A-9DCD-4F41-929C-A4108CF74A23}, Quarantined, [12], [378181],1.0.1996

Registry Value: 8
Worm.PasswordStealer, HKU\S-1-5-21-1666441202-2923180633-3087363653-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|apo5, Quarantined, [6232], [59706],1.0.1996
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|WINDOWSFILEOPENER.DAT, Quarantined, [1300], [333218],1.0.1996
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND|WINDOWSFILEOPENER.DAT, Quarantined, [1093], [333220],1.0.1996
PUP.Optional.SysNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A9A1F505-78D1-41D4-A249-B4D6589BB1C5}|PATH, Quarantined, [12846], [182989],1.0.1996
PUP.Optional.RussAd, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F154F80A-9DCD-4F41-929C-A4108CF74A23}|PATH, Quarantined, [12], [378181],1.0.1996
Hijack.Regedit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DISABLEREGEDIT, Quarantined, [13684], [211464],1.0.1996
Hijack.Regedit, HKU\S-1-5-21-1666441202-2923180633-3087363653-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DISABLEREGEDIT, Quarantined, [13684], [209238],1.0.1996
Hijack.Regedit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DISABLEREGEDIT, Quarantined, [13684], [211464],1.0.1996

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.AdvancedPCCare, C:\Users\DrSergioO\AppData\Roaming\FileOpenerWindows for DRSERGIOO-PC\x64, Quarantined, [73], [379054],1.0.1996
PUP.Optional.AdvancedPCCare, C:\Users\DrSergioO\AppData\Roaming\FileOpenerWindows for DRSERGIOO-PC\x86, Quarantined, [73], [379054],1.0.1996
PUP.Optional.AdvancedPCCare, C:\USERS\DRSERGIOO\APPDATA\ROAMING\FILEOPENERWINDOWS FOR DRSERGIOO-PC, Quarantined, [73], [379054],1.0.1996
PUP.Optional.MailRu, C:\Users\DrSergioO\AppData\Local\Mail.Ru\Sputnik, Quarantined, [989], [382901],1.0.1996
PUP.Optional.MailRu, C:\USERS\DRSERGIOO\APPDATA\LOCAL\Mail.Ru, Quarantined, [989], [382901],1.0.1996

File: 13
Worm.PasswordStealer, C:\WIN\MSN.EXE, Quarantined, [6232], [59706],1.0.1996
PUP.Optional.AdvancedPCCare, C:\USERS\DRSERGIOO\APPDATA\ROAMING\FILEOPENERWINDOWS FOR DRSERGIOO-PC\WFO.EXE.CONFIG, Quarantined, [73], [379054],1.0.1996
PUP.Optional.AdvancedPCCare, C:\Users\DrSergioO\AppData\Roaming\FileOpenerWindows for DRSERGIOO-PC\x64\SQLite.Interop.dll, Quarantined, [73], [379054],1.0.1996
PUP.Optional.AdvancedPCCare, C:\Users\DrSergioO\AppData\Roaming\FileOpenerWindows for DRSERGIOO-PC\x86\SQLite.Interop.dll, Quarantined, [73], [379054],1.0.1996
PUP.Optional.AdvancedPCCare, C:\Users\DrSergioO\AppData\Roaming\FileOpenerWindows for DRSERGIOO-PC\langswfo.db, Quarantined, [73], [379054],1.0.1996
PUP.Optional.AdvancedPCCare, C:\Users\DrSergioO\AppData\Roaming\FileOpenerWindows for DRSERGIOO-PC\System.Data.SQLite.DLL, Quarantined, [73], [379054],1.0.1996
PUP.Optional.MailRu, C:\USERS\DRSERGIOO\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAIL.RU.LNK, Quarantined, [989], [384473],1.0.1996
PUP.Optional.MailRu, C:\USERS\DRSERGIOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WAUGWTGG.DEFAULT\PREFS.JS, Replaced, [989], [382918],1.0.1996
PUP.Optional.MailRu, C:\Users\DrSergioO\AppData\Local\Mail.Ru\Sputnik\MailRu.ico, Quarantined, [989], [382901],1.0.1996
PUP.Optional.MailRu, C:\Users\DrSergioO\AppData\Local\Mail.Ru\GoMailRu.ico, Quarantined, [989], [382901],1.0.1996
PUP.Optional.SysNet, C:\WINDOWS\SYSTEM32\TASKS\SYSNET, Quarantined, [12846], [182987],1.0.1996
PUP.Optional.RussAd, C:\WINDOWS\SYSTEM32\TASKS\WUPDATE, Quarantined, [12], [378184],1.0.1996
PUP.Optional.MailRu, C:\USERS\DRSERGIOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WAUGWTGG.DEFAULT\SEARCHPLUGINS\mailru.xml, Quarantined, [989], [384856],1.0.1996

Physical Sector: 0
(No malicious items detected)


(end)