Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 17/02/2016 Scan Time: 15:53 Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.17.07 Rootkit Database: v2016.02.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Ahmed Scan Type: Threat Scan Result: Completed Objects Scanned: 473515 Time Elapsed: 1 hr, 9 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 21 Trojan.Bedep.Generic, HKLM\SOFTWARE\CLASSES\CLSID\{279A6B6B-CC7C-490B-8FA4-BFD80F1CF2AA}, Delete-on-Reboot, [b8132f324653a09692e1fcf7827ffc04], Trojan.Bedep.Generic, HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{279A6B6B-CC7C-490B-8FA4-BFD80F1CF2AA}, Delete-on-Reboot, [b8132f324653a09692e1fcf7827ffc04], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [7259c29f5b3e12243e73034519e9d12f], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 7 Trojan.Bedep.Generic, C:\ProgramData\{2F752DAC-F812-4497-9E91-D8701A4745CB}\qwave.dll, Delete-on-Reboot, [b8132f324653a09692e1fcf7827ffc04], PUP.Optional.OpenCandy, C:\Users\Ahmed\AppData\Local\Temp\HYDB53F.tmp.1455750466\HTA\install.1455750466.zip, Quarantined, [bc0fd0912d6ce452436eaf99ab57718f], PUP.Optional.OpenCandy, C:\Users\Ahmed\AppData\Local\Temp\HYDB53F.tmp.1455750466\HTA\3rdparty\OCComSDK.dll, Quarantined, [3e8db1b0a4f5c1755c550b3d738f8779], PUP.Optional.OpenCandy, C:\Users\Ahmed\AppData\Local\Temp\HYDB53F.tmp.1455750466\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [814aa1c0e7b29f97bc3e976814f01ce4], PUP.Optional.OpenCandy, C:\Users\Ahmed\AppData\Local\Temp\HYDCC38.tmp.1455750538\HTA\install.1455750538.zip, Quarantined, [c803f26f07928aacbdf4b3953bc77789], PUP.Optional.OpenCandy, C:\Users\Ahmed\AppData\Local\Temp\HYDCC38.tmp.1455750538\HTA\3rdparty\OCComSDK.dll, Quarantined, [7259c29f5b3e12243e73034519e9d12f], PUP.Optional.OpenCandy, C:\Users\Ahmed\AppData\Local\Temp\HYDCC38.tmp.1455750538\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [c308bda4148561d5c535c83727ddac54], Physical Sectors: 0 (No malicious items detected) (end)