Downloaded virus, pop ups, redirect etc

**chelseafan** · 2014-08-08, 02:15

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/08/2014
Scan Time: 00:59:46
Logfile: mwblog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.07.10
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Samsung

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315095
Time Elapsed: 8 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.AdPeak.A, C:\Program Files\005\hzunyanhtn64.exe, 1816, Delete-on-Reboot, [43830bb81d5ec1753ee6526613f1cc34]
PUP.Optional.PayByAds.A, C:\Users\Samsung\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe, 2468, Delete-on-Reboot, [2c9a695a116a4de9deddfbf927ddc43c]

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hzunyanhtn64, Quarantined, [43830bb81d5ec1753ee6526613f1cc34],
PUP.Optional.InfoTrigger.A, HKLM\SOFTWARE\WOW6432NODE\InfoTrigger, Quarantined, [ad19457ee3984de90e41499781819f61],
PUP.Optional.Adpeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AllDaySavingsService64, Quarantined, [07bf1ca70d6e4fe7432640995ca6de22],
PUP.Optional.AdPeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\netfilter64, Quarantined, [ebdb863d1f5c39fdbb8902d68f73db25],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, Quarantined, [33939a29c5b62d090cce83b6af55ce32],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1893469449-2281273183-1111418718-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [80461ba8dba0ed490abab628d32f7c84],
PUP.Optional.Groovorio, HKU\S-1-5-21-1893469449-2281273183-1111418718-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC865B26-C31D-4D23-B17B-96548EEF03F6}, Quarantined, [4b7b8142f18acd6967190139da2ade22],
PUP.Optional.OnlySearch.A, HKU\S-1-5-21-1893469449-2281273183-1111418718-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\onlysearch, Quarantined, [3a8cf1d2fb8030067e910ad0b949d12f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [6d59b50e94e70b2b24c914b7857de719],

Registry Values: 1
PUP.Optional.PayByAds.A, HKU\S-1-5-21-1893469449-2281273183-1111418718-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|onlysearch, C:\Users\Samsung\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe, Quarantined, [2c9a695a116a4de9deddfbf927ddc43c]

Registry Data: 1
PUP.Optional.Groovorio.A, HKU\S-1-5-21-1893469449-2281273183-1111418718-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://groovorio.com/?f=1&a=grv_tuto...2034954236&ir=, Good: (www.google.com), Bad: (http://groovorio.com/?f=1&a=grv_tuto...&ir=),Replaced,[745252710b704bebe1b73289857fa25e]

Folders: 3
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings, Quarantined, [a12505be1c5fd2647113eae3f909a45c],
PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings\SSL, Quarantined, [a12505be1c5fd2647113eae3f909a45c],

Files: 39
PUP.Optional.AdPeak.A, C:\Program Files\005\hzunyanhtn64.exe, Delete-on-Reboot, [43830bb81d5ec1753ee6526613f1cc34],
PUP.Optional.PayByAds.A, C:\Users\Samsung\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe, Delete-on-Reboot, [2c9a695a116a4de9deddfbf927ddc43c],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\ICReinstall_nsc9E5C.tmp, Quarantined, [388efec54d2e59ddc1d0b90158ac36ca],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\ICReinstall_nse1189.tmp, Quarantined, [c204af144f2c73c3a2efc2f8e91bb44c],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\ICReinstall_nsgAD12.tmp, Quarantined, [dbebcff484f781b5fb96f9c15ca805fb],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\ICReinstall_nsm7F5A.tmp, Quarantined, [f6d011b2c4b73bfbcac7b00ac63eea16],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\nsc9E5C.tmp, Quarantined, [60664b7814672a0cbad7249615ef11ef],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\nse1189.tmp, Quarantined, [dee8784b91ea58deeca543774db72bd5],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\nsgAD12.tmp, Quarantined, [23a36f54b6c50333cdc41e9cb94bd52b],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\nsm7F5A.tmp, Quarantined, [e1e56f548af1a98d5041536713f1fc04],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\nsuFC67.tmp, Quarantined, [f8cedce7f18a85b1296804b660a43ec2],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\nsvEABD.tmp, Quarantined, [b214903359228babbbd6279322e2946c],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\ICReinstall_nsuFC67.tmp, Quarantined, [b0167b48bbc090a6276aecce51b3de22],
PUP.Optional.Downloader, C:\Users\Samsung\AppData\Local\Temp\ICReinstall_nsvEABD.tmp, Quarantined, [74520ab99edd51e5b9d8ecceb4504bb5],
PUP.Optional.BubbleDock.A, C:\Users\Samsung\AppData\Local\Temp\682014184631\Uninstall Bubble Dock.exe, Quarantined, [80468a39a2d9c96dbb25d1733dc4dd23],
PUP.Optional.Installcore, C:\Users\Samsung\AppData\Local\Temp\is-PSLC7.tmp\InstallManagerR.exe, Quarantined, [33937e45b8c3f93ddfa4476268997789],
PUP.Optional.Softonic.A, C:\Users\Samsung\Downloads\SoftonicDownloader_for_mkv-player.exe, Quarantined, [e9dd18abea9103338ddace5c8180a759],
PUP.Optional.OneClickDownloader.A, C:\Users\Samsung\Downloads\The.Wind.Rises.2013.1080p.JPN.BluRay.Remux.AVC.MULTi-WARHD (1).exe, Quarantined, [b80e18ab047749edc399b86426db6f91],
Trojan.Downloader, C:\Users\Samsung\AppData\Local\Microsoft\WinU\~eodpahy.exe, Quarantined, [5a6ce6ddb1ca67cf7f172e1dc04036ca],
PUP.Optional.OnlySearch.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.only-search.com_0.localstorage, Delete-on-Reboot, [16b0a61d66152b0b0d48e2f227db04fc],
PUP.Optional.OnlySearch.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.only-search.com_0.localstorage-journal, Delete-on-Reboot, [43832f94413a66d093c2fed6ad559f61],
PUP.Optional.OnlySearch.A, C:\Users\Samsung\Desktop\Only-search.lnk, Quarantined, [b016853e46351125907ea83212f0956b],
PUP.Optional.BetterDeals.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, Delete-on-Reboot, [24a2893aaccf280e84bb8f560cf6cc34],
PUP.Optional.BetterDeals.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, Delete-on-Reboot, [a81e2d96bdbe6bcb39068362fc068b75],
PUP.Optional.Superfish.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [20a63e856a11e551db9edb0f08faf907],
PUP.Optional.Superfish.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [b01617ac433877bf84f5e505768cde22],
PUP.Optional.Adpeak.A, C:\Program Files (x86)\9B0D3D35-C69A-4D44-BBF5-B75ED01D6712\etmajyzoqm64.exe, Quarantined, [07bf1ca70d6e4fe7432640995ca6de22],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\GoogleCrashHandler.exe, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\GoogleUpdate.exe, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\GoogleUpdateBroker.exe, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\GoogleUpdateHelper.msi, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\GoogleUpdateOnDemand.exe, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\goopdate.dll, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\goopdateres_en.dll, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\npGoogleUpdate4.dll, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\psmachine.dll, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.GlobalUpdate.A, C:\Users\Samsung\AppData\Local\Temp\comh.380385\psuser.dll, Quarantined, [6d59b50e94e70b2b24c914b7857de719],
PUP.Optional.Groovorio.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://groovorio.com/?f=7&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AtB0E0FyD0A0FtB0DtDzytN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyDyDyD0EtA0AtD0AtG0DtBtAzztGtB0ByEtCtGtAtA0EyEtGtCyEtB0D0DtCtBzz0A0CtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0D0CtB0BtB0EzztGzyzz0BtAtG0FzztAyCtG0EtB0AtAtGyEtCzz0CtAtDyD0EtC0FyDyE2Q&cr=2034954236&ir=", "http://www.only-search.com/?babsrc=HP_kms&affID=129300&tt=&mntrid=5667B8030526A2C3&tsp=5331" ],), Replaced,[f5d14b78a3d848ee6d89df160301e020]
PUP.Optional.Groovorio.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://groovorio.com/?f=1&a=grv_tuto1_14_30&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AtB0E0FyD0A0FtB0DtDzytN0D0Tzu0SzyyDtDtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtC1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyDyDyD0EtA0AtD0AtG0DtBtAzztGtB0ByEtCtGtAtA0EyEtGtCyEtB0D0DtCtBzz0A0CtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0D0CtB0BtB0EzztGzyzz0BtAtG0FzztAyCtG0EtB0AtAtGyEtCzz0CtAtDyD0EtC0FyDyE2Q&cr=2034954236&ir=",), Replaced,[3f87b211fa8133036493b540fc0810f0]

Physical Sectors: 0
(No malicious items detected)

(end)

Thread: Downloaded virus, pop ups, redirect etc

Thread Tools

Display

Threaded View

Posting Permissions