Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15-4-2014 Scan Time: 20:35:37 Logfile: MBAM Scanlog.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.15.09 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Eddy Schiphorst Scan Type: Threat Scan Result: Completed Objects Scanned: 340546 Time Elapsed: 1 hr, 7 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 79 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [168f6cbe5f1cbe78f1bc2b1ef80ab848], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [168f6cbe5f1cbe78f1bc2b1ef80ab848], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [7332ce5c73081521382bc683d62cfb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [7332ce5c73081521382bc683d62cfb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [7332ce5c73081521382bc683d62cfb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [7332ce5c73081521382bc683d62cfb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [7332ce5c73081521382bc683d62cfb05], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [7332ce5c73081521382bc683d62cfb05], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [7332ce5c73081521382bc683d62cfb05], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}, Quarantined, [ced7ec3e98e34aec18444fc4e51d41bf], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.facemoodsHlpr.1, Quarantined, [ced7ec3e98e34aec18444fc4e51d41bf], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.facemoodsHlpr, Quarantined, [ced7ec3e98e34aec18444fc4e51d41bf], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\facemoods.facemoodsHlpr, Quarantined, [ced7ec3e98e34aec18444fc4e51d41bf], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\facemoods.facemoodsHlpr.1, Quarantined, [ced7ec3e98e34aec18444fc4e51d41bf], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [2c7984a6cbb084b215996bde27dbb34d], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [2c7984a6cbb084b215996bde27dbb34d], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [2c7984a6cbb084b215996bde27dbb34d], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [2c7984a6cbb084b215996bde27dbb34d], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [2c7984a6cbb084b215996bde27dbb34d], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [2c7984a6cbb084b215996bde27dbb34d], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [2c7984a6cbb084b215996bde27dbb34d], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [bbeabf6b6d0e102643d0ea60a260bf41], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0D7562AE-8EF6-416d-A838-AB665251703A}, Quarantined, [357078b21a615bdbf767b3602dd5e917], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, Quarantined, [3e674dddea911125e38138113ec45da3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, Quarantined, [8e175ccedba045f1018ff39d18eb05fb], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, Quarantined, [b0f5d05a0279e94d80bfe4aee02349b7], Malware.Trace, HKU\S-1-5-21-2976567902-532905084-1553938647-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID, Quarantined, [63420c1e83f8fe3843b08f655fa3cf31], Malware.Trace, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, Quarantined, [9f06e6440675e1555418908daf54c13f], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, Quarantined, [3a6b75b5e992ca6cab93504259aae917], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, Quarantined, [a005c4663d3e62d470cfa9e9c1421ee2], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [d2d339f1e7942610e51a3743659d9a66], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, Quarantined, [5e47c664611a3600c1384c49a75c1be5], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [94111911b3c8da5cff3b95fc9172b848], Backdoor.Trace, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LARRYSTREEET@YAHOO.COM, Quarantined, [fea75ad06f0c122479c20c59bd465ea2], PUP.Optional.Softonic.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [ecb9eb3f5f1c9e9823f2f871a75b23dd], Malware.Trace, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID, Quarantined, [a10430fab4c747ef2ac93fb517ebee12], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore.1, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore.1, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\m, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\m, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], Registry Values: 4 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{3004627E-F8E9-4E8B-909D-316753CBA923}, mysearchdial Toolbar, Quarantined, [7332ce5c73081521382bc683d62cfb05] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [4d5856d4d0ab9a9c1251e26730d214ec], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0B1G1O1S0V1G1F, Quarantined, [94111911b3c8da5cff3b95fc9172b848] Backdoor.Trace, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LARRYSTREEET@YAHOO.COM|FirstExecution, 29/09/2012 -- 21:43, Quarantined, [fea75ad06f0c122479c20c59bd465ea2] Registry Data: 5 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=),Replaced,[772ea18964173afcc8cb2003d92bec14] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=, Good: (www.google.com), Bad: (http://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=),Replaced,[9b0a6ac073086fc79ca712081ee69a66] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=),Replaced,[5055d852146790a61c77eb384cb803fd] PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://start.facemoods.com/?a=iron&s={searchTerms}&f=4, Good: (www.google.com), Bad: (http://start.facemoods.com/?a=iron&s={searchTerms}&f=4),Replaced,[8c19c8629fdc20165ea30d18788cfb05] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2976567902-532905084-1553938647-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=),Replaced,[23825ad00c6fd75fe9a956cddc28dc24] Folders: 7 Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], PUP.Optional.MySearchDial.A, C:\Users\Eddy Schiphorst\AppData\Roaming\mysearchdial, Quarantined, [8124a98194e746f0d796d68649b9926e], PUP.Optional.MySearchDial.A, C:\Users\Eddy Schiphorst\AppData\Roaming\mysearchdial\icons_2.17.0.1, Quarantined, [8124a98194e746f0d796d68649b9926e], PUP.Optional.MySearchDial.A, C:\Users\Eddy Schiphorst\AppData\Roaming\mysearchdial\UpdateProc, Quarantined, [8124a98194e746f0d796d68649b9926e], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], Files: 47 PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll, Quarantined, [7332ce5c73081521382bc683d62cfb05], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe, Quarantined, [2c7984a6cbb084b215996bde27dbb34d], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll, Quarantined, [8b1ab9714a31b482f36f1435a959fb05], PUP.BitMiner, C:\Users\Eddy Schiphorst\AppData\Roaming\R2hSJYgkwAAgZCO\xminer.exe, Quarantined, [a104dc4e4536989e0becb3543ac6e31d], PUP.HiddenStart.H, C:\Users\Mieke\AppData\Local\Temp\acc\hsbca.exe, Quarantined, [aff6fa306318a88e3650914027da0df3], PUP.Optional.ExpressFiles.A, C:\Users\Eddy Schiphorst\Downloads\caminos_nieuw_1_cd_downloader_nl_99260.exe, Quarantined, [772e14161863c6705ceef23699677c84], PUP.Optional.BundleInstaller.A, C:\Users\Eddy Schiphorst\Downloads\camtasia-windows-downloader.exe, Quarantined, [9c09b97190eb270ff3fe2641fe03fc04], PUP.Optional.Bandoo, C:\Users\Eddy Schiphorst\Downloads\iLividSetup.exe, Quarantined, [04a1cd5db5c678bed157c73d1ae70ef2], PUP.Optional.InstallCore.A, C:\Users\Eddy Schiphorst\Downloads\FileOpenerSetup.exe, Quarantined, [92132efca6d56ec8e30147ba26de817f], Backdoor.Messa.E, C:\Users\Eddy Schiphorst\AppData\Roaming\hosttask.exe, Quarantined, [3e6732f87efdde58ce992b463bc742be], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Quarantined, [c8dd70baafcc300611a89ed6738f36ca], Trojan.Agent, C:\Users\Eddy Schiphorst\AppData\Roaming\119392831923853.exe, Quarantined, [980de4461467a393ff59bdded230f907], Trojan.Agent, C:\Users\Eddy Schiphorst\AppData\Roaming\17083094715162.exe, Quarantined, [e8bdf03a5c1f0c2a71e7e5b68e74e51b], Trojan.Agent, C:\Users\Eddy Schiphorst\AppData\Roaming\30819226813189.exe, Quarantined, [22839f8b8fecc47281d7aaf1c14151af], Trojan.Agent, C:\Users\Eddy Schiphorst\AppData\Roaming\8472239834006.exe, Quarantined, [25801713e695b2847eda8f0c38cad729], Malware.Trace, C:\Users\Eddy Schiphorst\AppData\Roaming\lovely.ini, Quarantined, [475e68c2dba07eb8199bf329d92a09f7], Trojan.Agent, C:\Users\Mieke\AppData\Local\Temp\S3G1S4DDNS.exe, Quarantined, [079e3febd2a95fd7033f85b4778c36ca], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-09-16-1.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-09-25-3.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-09-26-4.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-09-27-5.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-09-28-6.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-09-29-7.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-09-30-1.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-10-01-2.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-10-02-3.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-10-03-4.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-10-05-6.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-10-06-7.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-10-07-1.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-10-08-2.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2012-10-17-4.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Stolen.Data, C:\Users\Eddy Schiphorst\AppData\Roaming\dclogs\2013-02-05-3.dc, Quarantined, [a6ffd1593a41a98dfc346ae2b44fbd43], Trojan.Agent.Gen, C:\Users\Mieke\AppData\Roaming\2677.exe, Quarantined, [c7de76b4403b82b4908b4630fc07b050], PUP.Optional.MySearchDial.A, C:\Users\Eddy Schiphorst\AppData\Roaming\mysearchdial\UpdateProc\info.dat, Quarantined, [8124a98194e746f0d796d68649b9926e], PUP.Optional.MySearchDial.A, C:\Users\Eddy Schiphorst\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT, Quarantined, [8124a98194e746f0d796d68649b9926e], PUP.Optional.MySearchDial.A, C:\Users\Eddy Schiphorst\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT, Quarantined, [8124a98194e746f0d796d68649b9926e], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\FavIcon.ico, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\Sqlite3.dll, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\uninst.dat, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\uninstall.exe, Quarantined, [1095f832f586ea4cf6e25d00e81a25db], PUP.Optional.MySearchDial.A, C:\Users\Eddy Schiphorst\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=",), Replaced,[d6cf55d5601b6dc9eba92e2158acbd43] PUP.Optional.MySearchDial.A, C:\Users\Eddy Schiphorst\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=", "http://www.google.com/" ],), Replaced,[04a18c9ea6d56bcb7f4795ba6a9a4fb1] PUP.Optional.MySearchDial.A, C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=",), Replaced,[eabb38f2621960d6c2d2afa051b3e818] PUP.Optional.MySearchDial.A, C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0CtByD0BzyyBtC0CyDtA0DtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StC0DyDyEyEyByDyCtG0FyEyE0BtGyB0ByC0FtGtAtCyD0CtGtCtA0F0EtDyB0ByEzz0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyByBtDyE0A0A0FtGyCtByCzztGtBtBtB0DtGyBtA0BtBtGtA0AyBtAzztA0F0DzzzzzztD2Q&cr=491555557&ir=" ],), Replaced,[adf8b87299e2eb4bdde9ef6081836d93] Physical Sectors: 0 (No malicious items detected) (end)