|
-
November 15th, 2014, 11:43 PM
#1
 [RESOLVED] Family Computer Cleanup
Hi,
A friend brought his Dell Optiplex 620 back in because of it "getting really slow", especially when trying to surf the web. MB found two malware threats and over 350 PUPs and other files. I've followed the steps in the Rules thread ... but the machine still seems like it's dragging on something else.
Here's what I've done so far:
1. Windows Firewall IS on, it was when user had the machine.
2. Using Avast!, up to date. Avast! did not find anything.
3. Downloaded Malwarebytes and ran scan. Two definite threats found, both from Trojan Chrome INJ. Also over 350 other PUPs and files quarantined. The log appears below.
4. Ran DDS ... the logs will appear below. Might have to use more than one post because of length.
Thanks for your help!
-Peter
(The MBAM file is very large ... posting it over the next 3 posts)
---- MBAM P1 ---
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/15/2014
Scan Time: 2:02:13 PM
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.15.07
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Doug
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342026
Time Elapsed: 9 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 48
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898.3, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898.3, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [b162d963fe7eec4a877882bbb0536997],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [f51eca727705ad8910efc17cf70c50b0],
Registry Values: 3
Trojan.Chrome.INJ, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kcacnlcowkzy, regsvr32.exe /s "C:\Users\Doug\AppData\Local\Apple Computer\kcacnlcowkzy.dll", Quarantined, [44cfd369790366d019b821c242bfc53b]
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [4ac929134834112567cab1091de5c838],
Registry Data: 0
(No malicious items detected)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/15/2014
Scan Time: 2:02:13 PM
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.15.07
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Doug
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342026
Time Elapsed: 9 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 48
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898.3, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898.3, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, Quarantined, [1cf7d06c3e3ef3430274bcfb55ad8e72],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [fd16d567c9b36fc75933e8d029d916ea],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [b162d963fe7eec4a877882bbb0536997],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, Quarantined, [f51eca727705ad8910efc17cf70c50b0],
Registry Values: 3
Trojan.Chrome.INJ, HKU\S-1-5-21-2143344270-1574984809-1801501437-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kcacnlcowkzy, regsvr32.exe /s "C:\Users\Doug\AppData\Local\Apple Computer\kcacnlcowkzy.dll", Quarantined, [44cfd369790366d019b821c242bfc53b]
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f122eb51423a191df33ef5c5ba488e72],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [4ac929134834112567cab1091de5c838],
Registry Data: 0
(No malicious items detected)
-------
Last edited by Peter Macintosh; November 15th, 2014 at 11:58 PM.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
