Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/08/2016
Scan Time: 06:59 ã
Logfile: malware 4.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.04.10
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: mezoo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343946
Time Elapsed: 19 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ReoqucultsterkemppWrp.exe, Quarantined, [dd3d3c0b2971c3739980479fec15cd33], 
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Tekken 5 Pc Game 2015 Free Download.DynamicNS, Quarantined, [33e72c1b7d1dc76f276b20766f93d729], 
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Tekken 5 Pc Game 2015 Free Download.DynamicNS, Quarantined, [57c3a2a5b6e450e6f0a255417b8727d9], 
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Tekken 5 Pc Game 2015 Free Download.DynamicNS, Quarantined, [57c3a2a5b6e450e6f0a255417b8727d9], 
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D93D9B4-D1A4-49C5-9413-3EDD81E6A7AA}, Delete-on-Reboot, [2af0bf88eeacd1656b67b4159c66b24e], 
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C0881FC2-94B6-495C-9D61-B3DB75DB5818}, Delete-on-Reboot, [fc1e52f557431422fccbdbe44bb9718f], 
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Arikoiedrumition Configuration, Delete-on-Reboot, [a674aa9d41594fe715be79502ed438c8], 
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\b2929b72a96a471893ecaa9c51368bae, Delete-on-Reboot, [9486e95ef9a1c76fc0093788fc0845bb], 
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, Quarantined, [a07aba8debafec4a19d37e4bc73bf709], 
PUP.Optional.Trotux, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B0645DDF-6230-43C4-99D2-FC6E713BDE25}, Quarantined, [a8722720465463d3a34857727b87b14f], 
PUP.Optional.TornTV, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [9684f7508515e25432f202b7778c06fa], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2355463451-85381230-1253174285-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5FF5BE66-1FA5-407F-9C6A-1D9D68F3EB8A}, Quarantined, [041653f4b2e87abc66d1dac5a1628080], 

Registry Values: 11
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D93D9B4-D1A4-49C5-9413-3EDD81E6A7AA}|Path, \Arikoiedrumition Configuration, Delete-on-Reboot, [2af0bf88eeacd1656b67b4159c66b24e]
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C0881FC2-94B6-495C-9D61-B3DB75DB5818}|Path, \b2929b72a96a471893ecaa9c51368bae, Delete-on-Reboot, [fc1e52f557431422fccbdbe44bb9718f]
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.trotux.com/?z=d14de9fbb82844fae09bfbeg8zemfe1gaqfgfq1tfg&from=epf1&uid=ST31000524AS_5VPBTY3NXXXX5VPBTY3N&type=hp&mode=ffsengext, Quarantined, [a07aba8debafec4a19d37e4bc73bf709]
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.trotux.com/?z=d14de9fbb82844fae09bfbeg8zemfe1gaqfgfq1tfg&from=epf1&uid=ST31000524AS_5VPBTY3NXXXX5VPBTY3N&type=hp&mode=ffsengext, Quarantined, [021859eec2d8d85e717bc504ca38c43c]
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.trotux.com/search/?q={searchTerms}&z=d14de9fbb82844fae09bfbeg8zemfe1gaqfgfq1tfg&from=epf1&uid=ST31000524AS_5VPBTY3NXXXX5VPBTY3N&type=sp, Quarantined, [08124afd57434de9feee6a5f3cc6926e]
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.trotux.com/search/?&z=d14de9fbb82844fae09bfbeg8zemfe1gaqfgfq1tfg&from=epf1&uid=ST31000524AS_5VPBTY3NXXXX5VPBTY3N&type=sp&q=, Quarantined, [9b7f4304eab00d29e606caff857d2ad6]
PUP.Optional.Trotux, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B0645DDF-6230-43C4-99D2-FC6E713BDE25}|DisplayName, trotux - Uninstall, Quarantined, [a8722720465463d3a34857727b87b14f]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{A786AF92-E214-47D7-8FDC-1FDC91A4CE69}|AutoConfigUrl, http://stoppblock.net/wpad.dat?cac59082bea115cb5137e2ad1deaf9e713686158, Quarantined, [e73314332d6d3df96fcaa014e222f10f]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://stoppblock.net/wpad.dat?cac59082bea115cb5137e2ad1deaf9e713686158, Quarantined, [dc3e93b44c4e56e094a2734144c059a7]
PUP.Optional.CrossRider, HKU\S-1-5-21-2355463451-85381230-1253174285-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5FF5BE66-1FA5-407F-9C6A-1D9D68F3EB8A}|AppName, Torntv V6.0-enabler.exe-codedownloader.exe, Quarantined, [041653f4b2e87abc66d1dac5a1628080]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2355463451-85381230-1253174285-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://stoppblock.net/wpad.dat?cac59082bea115cb5137e2ad1deaf9e713686158, Quarantined, [fa2057f0ebafa690dd5ab400e32137c9]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arikoiedrumition, Quarantined, [7d9dbb8cb0eaa49283b7d0f9f70b2cd4], 
PUP.Optional.HohoSearch, C:\Program Files (x86)\Ckavesycwoy, Quarantined, [ec2eba8d41597fb7e457498057ab08f8], 
PUP.Optional.HohoSearch, C:\Program Files (x86)\Reoicult, Quarantined, [b664df68693173c343f922a71ae804fc], 

Files: 19
PUP.Optional.YesSearches, C:\Program Files (x86)\Nevusygerwersh\ReoqucultsterkemppWrp.exe, Quarantined, [dd3d3c0b2971c3739980479fec15cd33], 
PUP.Optional.SimpleFiles, C:\Users\mezoo\AppData\Roaming\ZHP\Quarantine\uninstall93877984.exe.VIR, Quarantined, [c654291e8a1002345ddf1f71917358a8], 
PUP.Optional.SimpleFiles, C:\Users\mezoo\AppData\Roaming\ZHP\Quarantine\uninstall93878031.exe.VIR, Quarantined, [9c7e380f0e8cc37381bb8c04cc38ca36], 
Adware.Agent, C:\Users\mezoo\AppData\Roaming\ZHP\Quarantine\InstallMate.DIR\{2CFF2A6F-3205-4441-A6AA-7A27F71C0899}\Custom.dll, Quarantined, [41d9083f6733ec4aff6eedc8f30d3dc3], 
PUP.Optional.YesSearches, C:\Program Files (x86)\Nevusygerwersh\ReoqucultsterkemppCdr.exe, Quarantined, [6dad7ec95b3f8ea8ad6c39ad8f723cc4], 
RiskWare.GameHack, C:\Program Files (x86)\Pro Evolution Soccer 2016\steam_api.dll, Quarantined, [de3c58ef6d2dc37354f23a6ef014916f], 
RiskWare.GameHack, C:\Program Files (x86)\Ultra Street Fighter IV\steam_api.dll, Quarantined, [bb5f53f422787fb74303ebbd9371e11f], 
PUP.Optional.Offerware, C:\Users\mezoo\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_109.exe, Quarantined, [e23872d5663469cd5d5a226653aebf41], 
CrackTool.Agent.Keygen, C:\Windows\AutoKMS.exe, Quarantined, [97831532cad0bc7aaa8874e95aa704fc], 
PUP.Optional.GsearchFinder, C:\Users\mezoo\AppData\Roaming\Profiles\0oln6mk6.default\extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi, Quarantined, [c951fa4de7b32610ccf1ad50e0238e72], 
PUP.Optional.GsearchFinder, C:\Users\mezoo\AppData\Roaming\Profiles\vupocultjajiledrnege\extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi, Quarantined, [8c8e56f1980253e313aa9766a75c1ee2], 
PUP.Optional.Elex, C:\Windows\System32\Tasks\b2929b72a96a471893ecaa9c51368bae, Quarantined, [48d23f08aaf03df9e1ec556a18ece818], 
PUP.Optional.Trotux, C:\Users\mezoo\AppData\Roaming\Mozilla\Firefox\Profiles\nj11tx8v.default\searchplugins\s8g1lgw3.xml, Quarantined, [8f8ba6a115857db9d410336a937137c9], 
PUP.Optional.Elex, C:\Users\mezoo\AppData\Roaming\Profiles\khb5el81.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBXIpCHEkCE..&v=20160620&uid=CD2614266816DA107F6AEBE320D1A132&ptid=isr&mode=loadm");), Replaced,[dc3ebd8a7822f83e8873dfc8b54f1ce4]
PUP.Optional.Elex, C:\Users\mezoo\AppData\Roaming\Profiles\khb5el81.default\prefs.js, Good: (), Bad: (stUpdateTime.blocklist-background-update-timer", 1457631659);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1460696793);
user_pref("app.update.la), Replaced,[d3476add8a10a492a6550d9a1de7619f]
PUP.Optional.HohoSearch, C:\Users\mezoo\AppData\Roaming\Profiles\0oln6mk6.default\searchplugins\8c8wki8t.xml, Quarantined, [7b9fa89fefab9b9b6e570a93f90b9c64], 
PUP.Optional.HohoSearch, C:\Users\mezoo\AppData\Roaming\Profiles\khb5el81.default\searchplugins\8c8wki8t.xml, Quarantined, [e2383e093c5e6acc794c1f7ed92bf40c], 
PUP.Optional.HohoSearch, C:\Users\mezoo\AppData\Roaming\Profiles\vupocultjajiledrnege\searchplugins\8c8wki8t.xml, Quarantined, [64b662e5debc9a9c299c801d0ff5718f], 
PUP.Optional.Trotux, C:\Users\mezoo\AppData\Roaming\Profiles\0oln6mk6.default\searchplugins\s8g1lgw3.xml, Quarantined, [5dbd9bacdac075c1cd4b41696e9631cf], 

Physical Sectors: 0
(No malicious items detected)


(end)