westomatic
Honorary Members-
Posts
26 -
Joined
-
Last visited
Reputation
0 Neutral-
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
yep, sorry thought i replied already. thanks for the resources! -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
here is the log. computer seems to be working well thank you thank you. checkup.txt -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
Great info, Thanks esetlog.txt -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
Well I may be hallucinating, I swear it popped up at work, but wasnt there when I got home. I've only done as you have directed and havnt gone ahead. It was in chrome, but I'm not seeing any problems right now. Do you guys get tips/ have a bitcoin address or anything ? And could you point me in the direction on where to start looking into learning to reading logs and using fancier tools like you- taking interns by change haha? frst attached... Addition.txt FRST.txt -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
ahhh vosteran is back! i just rebooted -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
new logs ..Its looking better could it be could it be? mbamlog.txt RKreport_DEL_11282014_141333.log -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
browsers reset fine , that extension looks like its still there but unchecked JRT.txt RKreport_SCN_11282014_133928.log Fixlog.txt -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
sorry for extra posting, but idk if it would help to know when i went back to this page to paste the logs, "vosteran extension was added" so i closed out and put the logs on via a secondary computer hoping to avoid baddies from growing -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
here are the logs from my scans Addition.txt combofixlog.txt FRST.txt TDSSKiller.3.0.0.41_28.11.2014_12.25.18_log.txt -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
ComboFix 14-11-25.01 - jojo 11/28/2014 12:12:37.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2774 [GMT -8:00] Running from: c:\users\jojo\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.pol . . ((((((((((((((((((((((((( Files Created from 2014-10-28 to 2014-11-28 ))))))))))))))))))))))))))))))) . . 2014-11-28 20:18 . 2014-11-28 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-28 20:07 . 2014-11-28 20:07 -------- d-----w- c:\users\jojo\AppData\Local\MFAData 2014-11-28 14:30 . 2014-11-28 14:31 -------- d-----w- C:\AdwCleaner 2014-11-28 09:16 . 2014-11-28 10:43 -------- d-----w- C:\FRST 2014-11-28 08:57 . 2014-11-28 08:37 24064 ----a-w- c:\windows\zoek-delete.exe 2014-11-28 08:57 . 2014-11-28 20:18 -------- d-----w- c:\users\jojo\AppData\Local\Temp 2014-11-26 23:04 . 2014-11-26 23:58 -------- d-----w- c:\users\jojo\AppData\Roaming\TeamViewer 2014-11-26 23:04 . 2014-11-26 23:04 -------- d-----w- c:\program files (x86)\TeamViewer 2014-11-26 22:52 . 2014-11-26 22:52 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-11-26 22:52 . 2014-11-26 22:52 -------- d-----w- c:\programdata\RogueKiller 2014-11-26 22:04 . 2014-11-28 14:38 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-26 22:04 . 2014-10-01 19:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-26 22:04 . 2014-10-01 19:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-26 22:04 . 2014-10-01 19:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-26 22:04 . 2014-11-26 22:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-11-26 20:45 . 2014-11-26 20:45 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2014-11-25 03:30 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll 2014-11-25 03:30 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-11-25 03:29 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-11-25 03:29 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll 2014-11-23 01:55 . 2014-11-23 01:58 -------- d-----w- c:\windows\system32\MRT 2014-11-21 22:32 . 2014-11-21 23:06 -------- d-----w- c:\programdata\HitmanPro 2014-11-21 20:50 . 2014-11-21 20:50 -------- d-----w- c:\programdata\Malwarebytes 2014-11-21 20:49 . 2014-11-17 10:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E35B312-F0FD-4C56-9A76-688D8BD4E80E}\mpengine.dll 2014-11-19 23:02 . 2014-11-19 23:02 -------- d-----w- c:\users\jojo\AppData\Local\Avg 2014-11-18 19:35 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-18 19:35 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-18 19:35 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-18 19:35 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-14 15:56 . 2014-11-14 15:56 -------- d-sh--w- c:\users\jojo\AppData\Local\EmieBrowserModeList 2014-11-11 19:06 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll 2014-11-11 19:06 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll 2014-11-11 19:06 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-11-11 19:06 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll 2014-11-11 19:06 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2014-11-11 19:06 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll 2014-11-11 19:06 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2014-11-07 01:16 . 2014-11-07 01:16 -------- d-----w- c:\program files (x86)\Samsung 2014-11-07 01:15 . 2014-11-07 01:15 57344 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{D31032BD-B70C-4E1E-8BE3-0B870A910983}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe 2014-11-07 01:15 . 2014-11-07 01:15 53248 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{D31032BD-B70C-4E1E-8BE3-0B870A910983}\ARPPRODUCTICON.exe 2014-11-07 01:14 . 2014-11-07 01:14 57344 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe 2014-11-07 01:14 . 2014-11-07 01:14 57344 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe 2014-11-07 01:14 . 2014-11-07 01:14 53248 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\ARPPRODUCTICON.exe 2014-11-07 01:14 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2014-11-07 01:14 . 2014-06-16 06:01 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2014-11-07 01:13 . 2014-11-10 03:13 -------- d-----w- c:\users\jojo\AppData\Roaming\VERIZON 2014-11-07 01:11 . 2014-11-07 01:11 -------- d-----w- c:\program files\SAMSUNG 2014-11-07 01:10 . 2014-11-07 01:17 -------- d-----w- c:\programdata\Samsung . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-04 22:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-09-25 02:08 . 2014-10-01 14:02 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 14:02 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-09 22:11 . 2014-09-23 18:03 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-23 18:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-04 05:23 . 2014-10-16 03:24 424448 ----a-w- c:\windows\system32\rastls.dll 2014-09-04 05:04 . 2014-10-16 03:24 372736 ----a-w- c:\windows\SysWow64\rastls.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE" [2013-09-12 298560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2011-03-25 3695984] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2013-06-26 503392] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2013-06-26 863840] . c:\users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-12 35419192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x] S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-11-28 09:11 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28 22:35] . 2014-11-21 c:\windows\Tasks\EPSON WF-3640 Series Invitation {4216FCB9-BDFE-49DC-B3B7-D854F1495B57}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2014-09-01 08:20] . 2014-11-21 c:\windows\Tasks\EPSON WF-3640 Series Invitation {B7F633C8-9158-4011-82F5-D21198B77D31}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2014-09-01 08:20] . 2014-11-21 c:\windows\Tasks\EPSON WF-3640 Series Update {4216FCB9-BDFE-49DC-B3B7-D854F1495B57}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2014-09-01 08:20] . 2014-11-21 c:\windows\Tasks\EPSON WF-3640 Series Update {B7F633C8-9158-4011-82F5-D21198B77D31}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2014-09-01 08:20] . 2014-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19 00:11] . 2014-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19 00:11] . 2014-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-90098149-4007750983-1607217222-1000Core.job - c:\users\jojo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-23 01:18] . 2014-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-90098149-4007750983-1607217222-1000UA.job - c:\users\jojo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-23 01:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped] @="{831cebdd-6baf-4432-be76-9e0989c14aef}" [HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped] @="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}" [HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3FDB2742-5CF3-4FF0-9608-BD93888C0691}: NameServer = 31.168.224.106,5.135.12.52 TCP: Interfaces\{7FA44018-2778-407C-A306-3D8D459689A6}: NameServer = 31.168.224.106,5.135.12.52 TCP: Interfaces\{DFED6F64-E7FB-454D-A0E9-F40EF8ED7CC6}\779666560296: NameServer = 31.168.224.106,5.135.12.52 FF - ProfilePath - c:\users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\w4kxwr43.default-1417043201641\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-11-28 12:20:15 ComboFix-quarantined-files.txt 2014-11-28 20:20 . Pre-Run: 399,003,578,368 bytes free Post-Run: 398,953,603,072 bytes free . - - End Of File - - 371E3ED765AE47275C0AFDB4912C814E 5C616939100B85E558DA92B899A0FC36 -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
mwb found quite a bit this time around. however redirects are still there and now i hear a crest toothpaste audio commercial in spanish in the background lol -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
# AdwCleaner v4.102 - Report created 28/11/2014 at 06:31:36 # Updated 23/11/2014 by Xplode # Database : 2014-11-27.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : jojo - DELLLAPTOP # Running from : E:\Anti\adwcleaner_4.102.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v33.1.1 (x86 en-US) -\\ Google Chrome v39.0.2171.71 [C:\Users\jojo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\jojo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R4].txt - [1069 octets] - [28/11/2014 06:30:11] AdwCleaner[s2].txt - [996 octets] - [28/11/2014 06:31:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1055 octets] ########## -
redirects / fake flash players keep coming back
westomatic replied to westomatic's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/28/2014 Scan Time: 2:50:24 AM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.28.03 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: jojo Scan Type: Threat Scan Result: Completed Objects Scanned: 339640 Time Elapsed: 19 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 12 PUP.Optional.BrowserProtector.A, HKU\S-1-5-21-90098149-4007750983-1607217222-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{804E1B08-EA5D-4546-8B63-9F574BAB5AA3}, Quarantined, [8c49d46ac6b679bd1463b70afe04c43c], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [478e84ba314b73c3e7c0d4e4c93b649c], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [0cc9f24cf8848ea8f4b244743fc532ce], PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\BetterBrain_1.10.0.2, Quarantined, [0dc8a49ad2aa54e2ce306ed15fa4c33d], PUP.Optional.BrowserProtector.A, HKLM\SOFTWARE\WOW6432NODE\BrowserProtector, Quarantined, [bd1879c5c5b752e4f54d84d0e023916f], PUP.Optional.MediaPlayersVideos.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayersvideos 1.1-nv, Quarantined, [f0e57ac4dd9f5fd7b041ba85c93abd43], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [19bca8964b31d066c74668e362a18d73], PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\PCFixSpeed, Quarantined, [26af45f928542016f233088fee167888], PUP.Optional.MediaPlayersVideos.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MediaPlayersvideos 1.1-nv, Quarantined, [d302a896582463d3638f5ee16d968d73], PUP.Optional.MediaPlayersVideos.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayersvideos 1.1, Quarantined, [85507ac4d8a42313b63db18e36cd03fd], PUP.Optional.MediaPlayersVideos.A, HKU\S-1-5-21-90098149-4007750983-1607217222-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MediaPlayersvideos 1.1-nv, Quarantined, [7e57e8562953bc7adf130936c340cf31], PUP.Optional.PCFixSpeed, HKU\S-1-5-21-90098149-4007750983-1607217222-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PCFixSpeed, Quarantined, [2aabb48ad4a8b680081a475045bf43bd], Registry Values: 0 (No malicious items detected) Registry Data: 2 Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[498caf8f95e7b0862129c78fcd380df3] Windows.Tool.Disabled, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[35a0013db8c40036d67483d33acbe31d] Folders: 4 PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469\ospd_us_469, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469\ospd_us_469\1.20, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], Files: 13 PUP.Optional.CloudScout.A, C:\Users\jojo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cloudscout.utop.it_0.localstorage, Quarantined, [f2e3bd81e7953df99a0845fad42fa55b], PUP.Optional.Proxy.A, C:\Users\jojo\AppData\Local\proxy.log, Quarantined, [91447cc2700c0b2b3dd84d05de25fa06], PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469\upospd_us_469.cyl, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469\ospd_us_469\1.20\cnf.cyl, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\predm.exe, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert10.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert4.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert5.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert6.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert9.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\unins000.dat, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\unins000.msg, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], Physical Sectors: 0 (No malicious items detected) (end)