Jump to content

westomatic

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Getting the same 4 PUM that JamminR was getting. Quarantining them only has them come back the next day. They system has is very vanilla software wise - just windows defender and mwb, so I'm curious as to what started this. I'd prefer not to ignore these entries.
  2. computer was working fine and tried to update it. it was locking up installing the new version so instead rebooted and tried uninstall, still hanging. then tried the malwarebytes clean tool and received this log mb-clean-results.txt
  3. yep, sorry thought i replied already. thanks for the resources!
  4. here is the log. computer seems to be working well thank you thank you. checkup.txt
  5. Well I may be hallucinating, I swear it popped up at work, but wasnt there when I got home. I've only done as you have directed and havnt gone ahead. It was in chrome, but I'm not seeing any problems right now. Do you guys get tips/ have a bitcoin address or anything ? And could you point me in the direction on where to start looking into learning to reading logs and using fancier tools like you- taking interns by change haha? frst attached... Addition.txt FRST.txt
  6. new logs ..Its looking better could it be could it be? mbamlog.txt RKreport_DEL_11282014_141333.log
  7. browsers reset fine , that extension looks like its still there but unchecked JRT.txt RKreport_SCN_11282014_133928.log Fixlog.txt
  8. sorry for extra posting, but idk if it would help to know when i went back to this page to paste the logs, "vosteran extension was added" so i closed out and put the logs on via a secondary computer hoping to avoid baddies from growing
  9. here are the logs from my scans Addition.txt combofixlog.txt FRST.txt TDSSKiller.3.0.0.41_28.11.2014_12.25.18_log.txt
  10. ComboFix 14-11-25.01 - jojo 11/28/2014 12:12:37.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2774 [GMT -8:00] Running from: c:\users\jojo\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.pol . . ((((((((((((((((((((((((( Files Created from 2014-10-28 to 2014-11-28 ))))))))))))))))))))))))))))))) . . 2014-11-28 20:18 . 2014-11-28 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-28 20:07 . 2014-11-28 20:07 -------- d-----w- c:\users\jojo\AppData\Local\MFAData 2014-11-28 14:30 . 2014-11-28 14:31 -------- d-----w- C:\AdwCleaner 2014-11-28 09:16 . 2014-11-28 10:43 -------- d-----w- C:\FRST 2014-11-28 08:57 . 2014-11-28 08:37 24064 ----a-w- c:\windows\zoek-delete.exe 2014-11-28 08:57 . 2014-11-28 20:18 -------- d-----w- c:\users\jojo\AppData\Local\Temp 2014-11-26 23:04 . 2014-11-26 23:58 -------- d-----w- c:\users\jojo\AppData\Roaming\TeamViewer 2014-11-26 23:04 . 2014-11-26 23:04 -------- d-----w- c:\program files (x86)\TeamViewer 2014-11-26 22:52 . 2014-11-26 22:52 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-11-26 22:52 . 2014-11-26 22:52 -------- d-----w- c:\programdata\RogueKiller 2014-11-26 22:04 . 2014-11-28 14:38 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-26 22:04 . 2014-10-01 19:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-26 22:04 . 2014-10-01 19:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-26 22:04 . 2014-10-01 19:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-26 22:04 . 2014-11-26 22:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-11-26 20:45 . 2014-11-26 20:45 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2014-11-25 03:30 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll 2014-11-25 03:30 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-11-25 03:29 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-11-25 03:29 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll 2014-11-23 01:55 . 2014-11-23 01:58 -------- d-----w- c:\windows\system32\MRT 2014-11-21 22:32 . 2014-11-21 23:06 -------- d-----w- c:\programdata\HitmanPro 2014-11-21 20:50 . 2014-11-21 20:50 -------- d-----w- c:\programdata\Malwarebytes 2014-11-21 20:49 . 2014-11-17 10:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E35B312-F0FD-4C56-9A76-688D8BD4E80E}\mpengine.dll 2014-11-19 23:02 . 2014-11-19 23:02 -------- d-----w- c:\users\jojo\AppData\Local\Avg 2014-11-18 19:35 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-18 19:35 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-18 19:35 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-18 19:35 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-14 15:56 . 2014-11-14 15:56 -------- d-sh--w- c:\users\jojo\AppData\Local\EmieBrowserModeList 2014-11-11 19:06 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll 2014-11-11 19:06 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll 2014-11-11 19:06 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-11-11 19:06 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll 2014-11-11 19:06 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2014-11-11 19:06 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll 2014-11-11 19:06 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2014-11-07 01:16 . 2014-11-07 01:16 -------- d-----w- c:\program files (x86)\Samsung 2014-11-07 01:15 . 2014-11-07 01:15 57344 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{D31032BD-B70C-4E1E-8BE3-0B870A910983}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe 2014-11-07 01:15 . 2014-11-07 01:15 53248 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{D31032BD-B70C-4E1E-8BE3-0B870A910983}\ARPPRODUCTICON.exe 2014-11-07 01:14 . 2014-11-07 01:14 57344 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe 2014-11-07 01:14 . 2014-11-07 01:14 57344 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe 2014-11-07 01:14 . 2014-11-07 01:14 53248 ----a-r- c:\users\jojo\AppData\Roaming\Microsoft\Installer\{74870974-832F-42D3-8047-D87A5A722CC3}\ARPPRODUCTICON.exe 2014-11-07 01:14 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2014-11-07 01:14 . 2014-06-16 06:01 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2014-11-07 01:13 . 2014-11-10 03:13 -------- d-----w- c:\users\jojo\AppData\Roaming\VERIZON 2014-11-07 01:11 . 2014-11-07 01:11 -------- d-----w- c:\program files\SAMSUNG 2014-11-07 01:10 . 2014-11-07 01:17 -------- d-----w- c:\programdata\Samsung . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-04 22:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-09-25 02:08 . 2014-10-01 14:02 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 14:02 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-09 22:11 . 2014-09-23 18:03 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-23 18:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-04 05:23 . 2014-10-16 03:24 424448 ----a-w- c:\windows\system32\rastls.dll 2014-09-04 05:04 . 2014-10-16 03:24 372736 ----a-w- c:\windows\SysWow64\rastls.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE" [2013-09-12 298560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2011-03-25 3695984] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2013-06-26 503392] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2013-06-26 863840] . c:\users\jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\jojo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-12 35419192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x] S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-11-28 09:11 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28 22:35] . 2014-11-21 c:\windows\Tasks\EPSON WF-3640 Series Invitation {4216FCB9-BDFE-49DC-B3B7-D854F1495B57}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2014-09-01 08:20] . 2014-11-21 c:\windows\Tasks\EPSON WF-3640 Series Invitation {B7F633C8-9158-4011-82F5-D21198B77D31}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2014-09-01 08:20] . 2014-11-21 c:\windows\Tasks\EPSON WF-3640 Series Update {4216FCB9-BDFE-49DC-B3B7-D854F1495B57}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2014-09-01 08:20] . 2014-11-21 c:\windows\Tasks\EPSON WF-3640 Series Update {B7F633C8-9158-4011-82F5-D21198B77D31}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2014-09-01 08:20] . 2014-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19 00:11] . 2014-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19 00:11] . 2014-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-90098149-4007750983-1607217222-1000Core.job - c:\users\jojo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-23 01:18] . 2014-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-90098149-4007750983-1607217222-1000UA.job - c:\users\jojo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-23 01:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped] @="{831cebdd-6baf-4432-be76-9e0989c14aef}" [HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped] @="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}" [HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\jojo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3FDB2742-5CF3-4FF0-9608-BD93888C0691}: NameServer = 31.168.224.106,5.135.12.52 TCP: Interfaces\{7FA44018-2778-407C-A306-3D8D459689A6}: NameServer = 31.168.224.106,5.135.12.52 TCP: Interfaces\{DFED6F64-E7FB-454D-A0E9-F40EF8ED7CC6}\779666560296: NameServer = 31.168.224.106,5.135.12.52 FF - ProfilePath - c:\users\jojo\AppData\Roaming\Mozilla\Firefox\Profiles\w4kxwr43.default-1417043201641\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-11-28 12:20:15 ComboFix-quarantined-files.txt 2014-11-28 20:20 . Pre-Run: 399,003,578,368 bytes free Post-Run: 398,953,603,072 bytes free . - - End Of File - - 371E3ED765AE47275C0AFDB4912C814E 5C616939100B85E558DA92B899A0FC36
  11. mwb found quite a bit this time around. however redirects are still there and now i hear a crest toothpaste audio commercial in spanish in the background lol
  12. # AdwCleaner v4.102 - Report created 28/11/2014 at 06:31:36 # Updated 23/11/2014 by Xplode # Database : 2014-11-27.1 [Live] # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : jojo - DELLLAPTOP # Running from : E:\Anti\adwcleaner_4.102.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v33.1.1 (x86 en-US) -\\ Google Chrome v39.0.2171.71 [C:\Users\jojo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\jojo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R4].txt - [1069 octets] - [28/11/2014 06:30:11] AdwCleaner[s2].txt - [996 octets] - [28/11/2014 06:31:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1055 octets] ##########
  13. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/28/2014 Scan Time: 2:50:24 AM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.28.03 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: jojo Scan Type: Threat Scan Result: Completed Objects Scanned: 339640 Time Elapsed: 19 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 12 PUP.Optional.BrowserProtector.A, HKU\S-1-5-21-90098149-4007750983-1607217222-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{804E1B08-EA5D-4546-8B63-9F574BAB5AA3}, Quarantined, [8c49d46ac6b679bd1463b70afe04c43c], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [478e84ba314b73c3e7c0d4e4c93b649c], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [0cc9f24cf8848ea8f4b244743fc532ce], PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\BetterBrain_1.10.0.2, Quarantined, [0dc8a49ad2aa54e2ce306ed15fa4c33d], PUP.Optional.BrowserProtector.A, HKLM\SOFTWARE\WOW6432NODE\BrowserProtector, Quarantined, [bd1879c5c5b752e4f54d84d0e023916f], PUP.Optional.MediaPlayersVideos.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayersvideos 1.1-nv, Quarantined, [f0e57ac4dd9f5fd7b041ba85c93abd43], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [19bca8964b31d066c74668e362a18d73], PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\PCFixSpeed, Quarantined, [26af45f928542016f233088fee167888], PUP.Optional.MediaPlayersVideos.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MediaPlayersvideos 1.1-nv, Quarantined, [d302a896582463d3638f5ee16d968d73], PUP.Optional.MediaPlayersVideos.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayersvideos 1.1, Quarantined, [85507ac4d8a42313b63db18e36cd03fd], PUP.Optional.MediaPlayersVideos.A, HKU\S-1-5-21-90098149-4007750983-1607217222-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MediaPlayersvideos 1.1-nv, Quarantined, [7e57e8562953bc7adf130936c340cf31], PUP.Optional.PCFixSpeed, HKU\S-1-5-21-90098149-4007750983-1607217222-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PCFixSpeed, Quarantined, [2aabb48ad4a8b680081a475045bf43bd], Registry Values: 0 (No malicious items detected) Registry Data: 2 Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[498caf8f95e7b0862129c78fcd380df3] Windows.Tool.Disabled, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[35a0013db8c40036d67483d33acbe31d] Folders: 4 PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469\ospd_us_469, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469\ospd_us_469\1.20, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], Files: 13 PUP.Optional.CloudScout.A, C:\Users\jojo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cloudscout.utop.it_0.localstorage, Quarantined, [f2e3bd81e7953df99a0845fad42fa55b], PUP.Optional.Proxy.A, C:\Users\jojo\AppData\Local\proxy.log, Quarantined, [91447cc2700c0b2b3dd84d05de25fa06], PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469\upospd_us_469.cyl, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Users\jojo\AppData\Local\ospd_us_469\ospd_us_469\1.20\cnf.cyl, Quarantined, [32a393abaece73c38d624ce919eafe02], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\predm.exe, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert10.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert4.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert5.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert6.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\qwert9.txt, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\unins000.dat, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_469\unins000.msg, Quarantined, [4d88b886dba1db5bd61a6acb5ca77090], Physical Sectors: 0 (No malicious items detected) (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.