Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.12.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.

16421 John :: JOHN-LAPTOP [administrator] 13/08/2013 09:55:31 mbam-log-2013-08-13 (09-55-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Ext ra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229982 Time elapsed: 5 minute(s), 43 second(s) Memory Processes Detected: 5 C:\Program Files (x86)\WBDesktop.Updater.exe (PUP.Optional.WebCake.A) -> 2516 -> Delete on reboot. C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe (Rogue.PCHealthKit) -> 376 8 -> Delete on reboot. C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (Rogue.PCHealthKit) -> 39 04 -> Delete on reboot. C:\Program Files (x86)\MyPC Backup\BackupStack.exe (PUP.Optional.MyPCBackup) -> 1568 -> Delete on reboot. C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (PUP.Optional.MyPCBackup) -> 3820 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 22 HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.Optional.Web Cake.A) -> Quarantined and deleted successfully. HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully. HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Quarantine d and deleted successfully. HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Quaranti ned and deleted successfully. HKCR\PricePeep.PricePeepBho.1 (Adware.Agent) -> Quarantined and deleted successf ully. HKCR\PricePeep.PricePeepBho (Adware.Agent) -> Quarantined and deleted successful ly. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F 7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully. HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (PUP.Optional.PricePeep.A) > Quarantined and deleted successfully. HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.

HKCR\PricePeep.PricePeepBho.1 (PUP.Optional.PricePeep.A) -> Quarantined and dele ted successfully. HKCR\PricePeep.PricePeepBho (PUP.Optional.PricePeep.A) -> Quarantined and delete d successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted success fully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F 7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successful ly. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Health Kit_is1 (Rogu e.PCHealthKit) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep (PUP.Optional .PricePeep.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\BackupStack (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. HKCU\Software\PC Health Kit (Rogue.PCHealthKit) -> Quarantined and deleted succe ssfully. HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.Web Cake) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Kit (Rogue.PCHealth Kit) -> Data: C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe -> Quarantin ed and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 21 C:\Program Files (x86)\PC Health Kit (Rogue.PCHealthKit) -> Delete on reboot. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit (Rogue.PCHeal thKit) -> Quarantined and deleted successfully. C:\Users\John\AppData\Roaming\WebCake (PUP.WebCake) -> Quarantined and deleted s uccessfully. C:\Users\John\AppData\Roaming\WebCake\dat (PUP.WebCake) -> Quarantined and delet ed successfully. C:\Users\John\AppData\Roaming\WebCake\dat\update (PUP.WebCake) -> Quarantined an d deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCa ke) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP .WebCake) -> Quarantined and deleted successfully. C:\Users\John\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined an d deleted successfully. C:\Program Files (x86)\PricePeep (PUP.Optional.PricePeep.A) -> Quarantined and d eleted successfully. C:\Program Files (x86)\MyPC Backup (PUP.Optional.MyPCBackup) -> Delete on reboot . C:\Program Files (x86)\MyPC Backup\Config (PUP.Optional.MyPCBackup) -> Quarantin ed and deleted successfully. C:\Program Files (x86)\MyPC Backup\Database (PUP.Optional.MyPCBackup) -> Delete on reboot. C:\Program Files (x86)\MyPC Backup\log (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Resources (PUP.Optional.MyPCBackup) -> Quaran tined and deleted successfully.

C:\Program Files (x86)\MyPC Backup\Resources\cache (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\x64 (PUP.Optional.MyPCBackup) -> Delete on re boot. C:\Program Files (x86)\MyPC Backup\x86 (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\~updates (PUP.Optional.MyPCBackup) -> Quarant ined and deleted successfully. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optio nal.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP .Optional.Tarma.A) -> Quarantined and deleted successfully. Files Detected: 103 C:\Program Files (x86)\WBDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Delete on reboot. C:\Program Files (x86)\PricePeep\pricepeep.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\PricePeep\pricepeep.dll (PUP.Optional.PricePeep.A) -> Qua rantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\Users\John\AppData\Roaming\Betcat\WebCakeDesktop.exe (PUP.WebCake.A) -> Quara ntined and deleted successfully. C:\Users\John\AppData\Local\Temp\air162F.exe (PUP.Optional.AirInstaller) -> Quar antined and deleted successfully. C:\Users\John\AppData\Local\Temp\air1FC0.exe (PUP.Optional.AirInstaller) -> Quar antined and deleted successfully. C:\Users\John\AppData\Local\Temp\airA1CC.exe (Trojan.PUP.WebCake.A) -> Quarantin ed and deleted successfully. C:\Users\John\AppData\Local\Temp\airEC16.exe (Adware.Agent) -> Quarantined and d eleted successfully. C:\Users\John\AppData\Local\Temp\setup.exe (PUP.Optional.AirInstaller) -> Quaran tined and deleted successfully. C:\Program Files (x86)\PC Health Kit\PCHealthKit.chm (Rogue.PCHealthKit) -> Quar antined and deleted successfully. C:\Program Files (x86)\PC Health Kit\English.ini (Rogue.PCHealthKit) -> Quaranti ned and deleted successfully. C:\Program Files (x86)\PC Health Kit\file_id.diz (Rogue.PCHealthKit) -> Quaranti ned and deleted successfully. C:\Program Files (x86)\PC Health Kit\HomePage.url (Rogue.PCHealthKit) -> Quarant ined and deleted successfully. C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe (Rogue.PCHealthKit) -> Quar antined and deleted successfully. C:\Program Files (x86)\PC Health Kit\PCHKGuard.exe (Rogue.PCHealthKit) -> Quaran tined and deleted successfully. C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe (Rogue.PCHealthKit) -> Qua rantined and deleted successfully. C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe (Rogue.PCHealthKit) -> Del ete on reboot. C:\Program Files (x86)\PC Health Kit\PCHKSchedule.exe (Rogue.PCHealthKit) -> Qua rantined and deleted successfully. C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (Rogue.PCHealthKit) -> De lete on reboot. C:\Program Files (x86)\PC Health Kit\PCHKUninstaller.exe (Rogue.PCHealthKit) -> Quarantined and deleted successfully.

C:\Program Files (x86)\PC Health Kit\scan.gif (Rogue.PCHealthKit) -> Quarantined and deleted successfully. C:\Program Files (x86)\PC Health Kit\sqlite3.dll (Rogue.PCHealthKit) -> Quaranti ned and deleted successfully. C:\Program Files (x86)\PC Health Kit\StartupList.txt (Rogue.PCHealthKit) -> Quar antined and deleted successfully. C:\Program Files (x86)\PC Health Kit\unins000.dat (Rogue.PCHealthKit) -> Quarant ined and deleted successfully. C:\Program Files (x86)\PC Health Kit\unins000.exe (Rogue.PCHealthKit) -> Quarant ined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit .lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Help.lnk (Rog ue.PCHealthKit) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit on the Web.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Uninstall PC Health Kit.lnk (Rogue.PCHealthKit) -> Quarantined and deleted successfully. C:\Users\John\AppData\Roaming\WebCake\PlugIns.cache (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\John\AppData\Roaming\WebCake\dat\Desktop.OS.dll (PUP.WebCake) -> Quaran tined and deleted successfully. C:\Users\John\AppData\Roaming\WebCake\dat\Dora.dat (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\John\AppData\Roaming\WebCake\dat\Maintain.dat (PUP.WebCake) -> Quaranti ned and deleted successfully. C:\Users\John\AppData\Roaming\WebCake\dat\Paladin.dat (PUP.WebCake) -> Quarantin ed and deleted successfully. C:\Users\John\AppData\Roaming\WebCake\dat\Phoenix.dat (PUP.WebCake) -> Quarantin ed and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dl l (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\John\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Q uarantined and deleted successfully. C:\Program Files (x86)\PricePeep\installer.ico (PUP.Optional.PricePeep.A) -> Qua rantined and deleted successfully. C:\Program Files (x86)\PricePeep\uninstall.exe (PUP.Optional.PricePeep.A) -> Qua rantined and deleted successfully. C:\Program Files (x86)\PricePeep\unutil.exe (PUP.Optional.PricePeep.A) -> Quaran tined and deleted successfully. C:\Program Files (x86)\MyPC Backup\pt_PT.mo (PUP.Optional.MyPCBackup) -> Quarant ined and deleted successfully. C:\Program Files (x86)\MyPC Backup\aff.conf (PUP.Optional.MyPCBackup) -> Quarant ined and deleted successfully. C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully.

C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\AWSSDK.dll (PUP.Optional.MyPCBackup) -> Delet e on reboot. C:\Program Files (x86)\MyPC Backup\BackupStack.exe (PUP.Optional.MyPCBackup) -> Delete on reboot. C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe (PUP.Optional.MyPCB ackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Crypto32.dll (PUP.Optional.MyPCBackup) -> Qua rantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Crypto64.dll (PUP.Optional.MyPCBackup) -> Qua rantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\de_DE.mo (PUP.Optional.MyPCBackup) -> Quarant ined and deleted successfully. C:\Program Files (x86)\MyPC Backup\diffstack.dll (PUP.Optional.MyPCBackup) -> Qu arantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\es_ES.mo (PUP.Optional.MyPCBackup) -> Quarant ined and deleted successfully. C:\Program Files (x86)\MyPC Backup\fr_FR.mo (PUP.Optional.MyPCBackup) -> Quarant ined and deleted successfully. C:\Program Files (x86)\MyPC Backup\GetText.dll (PUP.Optional.MyPCBackup) -> Dele te on reboot. C:\Program Files (x86)\MyPC Backup\it_IT.mo (PUP.Optional.MyPCBackup) -> Quarant ined and deleted successfully. C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll (PUP.Optional.M yPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\MPCBClient.dll (PUP.Optional.MyPCBackup) -> D elete on reboot. C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll (PUP.Optional.MyPCBackup ) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (PUP.Optional.MyPCBackup) -> Delete on reboot. C:\Program Files (x86)\MyPC Backup\mypcbackup.ico (PUP.Optional.MyPCBackup) -> Q uarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe (PUP.Option al.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe (PUP.Option al.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\RestartExplorer.exe (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Service Start.exe (PUP.Optional.MyPCBackup) > Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Shared Stack.dll (PUP.Optional.MyPCBackup) -> Delete on reboot. C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (PUP.Optional.MyPCBackup) > Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\syncicon.ico (PUP.Optional.MyPCBackup) -> Qua rantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\syncing.ico (PUP.Optional.MyPCBackup) -> Quar antined and deleted successfully. C:\Program Files (x86)\MyPC Backup\tick.ico (PUP.Optional.MyPCBackup) -> Quarant ined and deleted successfully. C:\Program Files (x86)\MyPC Backup\uninst.exe (PUP.Optional.MyPCBackup) -> Quara ntined and deleted successfully. C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe (PUP.Optional.MyPCBa ckup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Updater.exe (PUP.Optional.MyPCBackup) -> Quar antined and deleted successfully.

C:\Program Files (x86)\MyPC Backup\Config\api.ts2 (PUP.Optional.MyPCBackup) -> Q uarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Database\mpcb_backup_conf.db (PUP.Optional.My PCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Database\mpcb_file_cache.db (PUP.Optional.MyP CBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Database\mpcb_queues.db (PUP.Optional.MyPCBac kup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db (PUP.Optional.MyPCB ackup) -> Delete on reboot. C:\Program Files (x86)\MyPC Backup\Database\mpcb_sig_cache.db (PUP.Optional.MyPC Backup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\Database\mpcb_version_queue.db (PUP.Optional. MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\log\APPLICATION.log (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\log\AUTH.log (PUP.Optional.MyPCBackup) -> Qua rantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\log\CLIENT.log (PUP.Optional.MyPCBackup) -> Q uarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\log\LICENCE.log (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\log\REMOTING.log (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\log\REQUEST.log (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\log\SERVICE.log (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\log\UPDATER.log (PUP.Optional.MyPCBackup) -> Quarantined and deleted successfully. C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll (PUP.Optional.MyPC Backup) -> Delete on reboot. C:\Program Files (x86)\MyPC Backup\x86\System.Data.SQLite.dll (PUP.Optional.MyPC Backup) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dl l (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. (end)