Jump to content

HKLM\software\WOW6432...


Recommended Posts

This pertains to 25 PUPs that I cannot quarantine or delete.  One of them came up in a search of your forum but that topic dated 12/14/2013 is locked.  I followed the instructions given to another member with one of the same PUPs; downloaded OTL and attached the 2 files it produced.  MB says they were removed but they all come back after a quarantine > restart> full scan. Some new and some gone.  Pls let me know if you need scan results.  Any help you can offer is appreciated.  Thanks.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/15/2014
Scan Time: 4:17:17 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.15.10
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: CLAW
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351421
Time Elapsed: 11 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 20
PUP.Optional.SearchSnacks.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, , [ede91e81f3888da99fa7c4909d6517e9], 
PUP.Optional.SearchSnacks.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292}, , [ede91e81f3888da99fa7c4909d6517e9], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [f9dd435c3a411a1cc2527715bb478779], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [f9dd435c3a411a1cc2527715bb478779], 
PUP.Optional.Consumer.Input.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, , [657117881f5c7abc14c857011be7f30d], 
PUP.Optional.Consumer.Input.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, , [657117881f5c7abc14c857011be7f30d], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [6373c4dbbac11a1ce30acdbf43bf45bb], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [e2f427784932f24409e54943936fcb35], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [9343b7e8601bc373f290d9b344be04fc], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, , [06d0118eaad16acc03349428f111a45c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [8650c4dbdc9f4ee81adbd4106b97bb45], 
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, , [be182a759fdccb6b83d603c65fa359a7], 
PUP.Optional.KeyDownload.A, HKLM\SOFTWARE\WOW6432NODE\KDINSTALLER\KDUpdater, , [8d49a1febbc086b0209eaa1a788af20e], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, , [6e681689f784280e03349a228b7720e0], 
PUP.Optional.KeyDownload.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KDUPDATER, , [ab2b3c633e3dc670e0dd18acfe0452ae], 
PUP.Optional.KeyDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\KDINSTALLER\KDUpdater, , [b91d603f0f6c4cea2f905a6ac73bd52b], 
PUP.Optional.ViewPassword.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1034-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ViewPassword, , [f0e6eab549322d09018f3b865aa8f60a], 
PUP.Optional.ViewPassword.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ViewPassword, , [f8dec6d9bbc03600335d8d34d42e5ba5], 
PUP.Optional.KeyDownload.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\KDINSTALLER\KDUpdater, , [2da99807502bb5818a355e66b94920e0], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, , [0dc97e21e398152110108838c43e55ab], 
 
Registry Values: 5
PUP.Optional.Iminent.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [9343b7e8601bc373f290d9b344be04fc], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3415223268-2205928990-3080966606-1035-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [eee87b245e1d9c9ac0c2800cd42efa06], 
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|search-snacks@search-snacks.com, C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com, , [bb1b5d423249b383f068a12861a1936d]
PUP.Optional.KeyDownload.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KDUPDATER|ImagePath, "\\?\C:\Users\CLAW\AppData\Local\Temp\KDUpdSrv.exe", , [ab2b3c633e3dc670e0dd18acfe0452ae]
PUP.Optional.SystemGuard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSTEM GUARD|ImagePath, "C:\Program Files (x86)\KeyDownload\KeyPlayr\guardnot.exe", , [4096207fbbc02c0ab3e16cab25df0cf4]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

OTL.Txt

Extras.Txt

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.