Results 1 to 10 of 14

Thread: kaboob or kaboom or something like that

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2016-02-20, 18:55 #1
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Your running FRST64 from your Downloads folder, our tools and scanners work more efficiently when run from the Desktop in lieu of being buried in some folder, so go to your Downloads folder and look for FRST64, right click on it and select CUT, then come back to your Desktop and right click on a blank space and select PASTE, then we will have FRST64 exactly where we want it to be.




    Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
    Please copy the entire contents Inside of the code box below beginning with START and ending with END
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Name the file Fixlist.txt , Save it to your desktop where you have FRST/FRST64 or the fix wont work. Right Click on FRST/FRST64 and select RUN AS ADMINISTRATOR Then click on >FIX< (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please


    Code:
    Start
CloseProcesses:
CreateRestorePoint: 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
StartMenuInternet: FIREFOX.EXE - firefox.exe
Task: {945078EB-2B7D-4EEE-82C9-743D7100C65A} - System32\Tasks\Sixth => C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe [2015-12-05] () <==== ATTENTION
C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe
C:\Users\Steve\Downloads\Setup.exe
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End







    -AdwCleaner-by Xplode


    Click on this link to download : ADWCleaner TO YOUR DESKTOP


    Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers








    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.






    ===============================================================================






    Please download Junkware Removal Tool TO YOUR DESKTOP

    • Download the one from Bleeping Computer
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.








    ===============================================================================


    Download Malwarebytes' Anti-Malware TO YOUR DESKTOP



    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"









    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  2. 2016-02-21, 02:07 #2
    stevemcorley
    stevemcorley is offline
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
    Ran by Steve (2016-02-20 19:53:30) Run:1
    Running from C:\Users\Steve\Desktop
    Loaded Profiles: Steve & (Available Profiles: Steve)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    StartMenuInternet: FIREFOX.EXE - firefox.exe
    Task: {945078EB-2B7D-4EEE-82C9-743D7100C65A} - System32\Tasks\Sixth => C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe [2015-12-05] () <==== ATTENTION
    C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe
    C:\Users\Steve\Downloads\Setup.exe
    Hosts:
    CMD: ipconfig /flushdns
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8}" => key removed successfully
    HKCR\CLSID\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} => key not found.
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8}" => key removed successfully
    HKCR\CLSID\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} => key not found.
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8}" => key removed successfully
    HKCR\CLSID\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} => key not found.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{945078EB-2B7D-4EEE-82C9-743D7100C65A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{945078EB-2B7D-4EEE-82C9-743D7100C65A}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Sixth => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sixth" => key removed successfully
    "C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe" => not found.
    C:\Users\Steve\Downloads\Setup.exe => moved successfully
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => 1.4 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 19:57:26 ====
  3. 2016-02-21, 02:21 #3
    stevemcorley
    stevemcorley is offline
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    # AdwCleaner v5.035 - Logfile created 20/02/2016 at 20:14:51
    # Updated 18/02/2016 by Xplode
    # Database : 2016-02-20.3 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Steve - STEVESLAPTOP
    # Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Users\Steve\AppData\Local\ext_funfeedr
    [-] Folder Deleted : C:\Users\Steve\AppData\Local\SoftonicAssistant
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Common\LuaRT
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\FunFeedr
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Genius
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Seventh
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Sixth
    [#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\Genius
    [#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\Seventh

    ***** [ Files ] *****

    [-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
    [-] File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\q2dwdvly.default-1454369762514\searchplugins\Search Provided by Yahoo.xml
    [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
    [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
    [-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
    [-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : updateTask
    [-] Task Deleted : Genius
    [-] Task Deleted : Genius_Interval
    [-] Task Deleted : Seventh

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11B16A3D-F03E-4565-A532-E66B219C9B0E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11B16A3D-F03E-4565-A532-E66B219C9B03}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11B16A3D-F03E-4565-A532-E66B219C9B03}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11B16A3D-F03E-4565-A532-E66B219C9B03}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11B16A3D-F03E-4565-A532-E66B219C9B03}
    [-] Key Deleted : HKCU\Software\darwendlm
    [-] Key Deleted : HKCU\Software\FFUPD
    [-] Key Deleted : HKCU\Software\FunFeedr
    [-] Key Deleted : HKCU\Software\PRODUCTSETUP
    [-] Key Deleted : HKCU\Software\Softonic
    [-] Key Deleted : HKCU\Software\AppDataLow\Sams.Browser
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftonicAssistant
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SoftonicAssistant]

    ***** [ Web browsers ] *****

    [-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3833 bytes] ##########
  4. 2016-02-21, 02:29 #4
    stevemcorley
    stevemcorley is offline
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 10 Home x64
    Ran by Steve (Administrator) on Sat 02/20/2016 at 20:23:12.05
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 5

    Failed to delete: C:\Program Files (x86)\lavasoft\web companion (Folder)
    Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder)
    Successfully deleted: C:\Users\Steve\AppData\Roaming\lavasoft\web companion (Folder)
    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 02/20/2016 at 20:26:19.98
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. 2016-02-21, 03:04 #5
    stevemcorley
    stevemcorley is offline
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/20/2016
    Scan Time: 8:34 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.20.04
    Rootkit Database: v2016.02.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Steve

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 368031
    Time Elapsed: 19 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 10
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsPluginFunFeedr.BHO.1, , [9f55c59dd4c5e650de61e5c3c93908f8],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsPluginFunFeedr.BHO.1, , [00f452105445270fe45b8b1daa588779],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SamsPluginFunFeedr.BHO.1, , [00f452105445270fe45b8b1daa588779],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsFunFeedr.Browser, , [1ed6313182175dd95dbcec34f212827e],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsFunFeedr.Browser.1, , [757f1c46b5e4a096b564eb35a2626e92],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsPluginFunFeedr.BHO, , [b83c21415e3b171f0d0d79a75da7d52b],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsFunFeedr.Browser, , [41b3ca98a6f3f83e4ecbc35d5da72dd3],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsFunFeedr.Browser.1, , [c232a8ba2871171fd74245dbc63ecf31],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsPluginFunFeedr.BHO, , [17ddadb59702989ecd4d1f017f85c040],
    PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\playthruplayer.com, , [649019491782ef474fc348116d979769],

    Registry Values: 1
    PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PlaythruPlayer.exe, 11000, , [48acb1b1cbce6ec86f087fd4e51fc937]

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.PlayThru, C:\Windows\Installer\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}, , [619372f004950135d9a066ef689c42be],

    Files: 11
    PUP.Optional.SofTonic, C:\Users\Steve\Downloads\SoftonicDownloader_for_microsoft-flight-simulator.exe, , [a84c6ef477222d09d93e74b76a967d83],
    PUP.Optional.InstallCore, C:\Users\Steve\Downloads\Spybot Search & Destroy Setup.exe, , [6b894022a0f9f4423d3a00135fa6f30d],
    HackTool.BruteForce, C:\Users\Steve\Downloads\CForce V1.01b.exe, , [866eb6ac3564a69043a6d0a41fe14bb5],
    HackTool.BruteForce, C:\Users\Steve\Downloads\CForce_1.01b.rar, , [906476ec6930fe38e702db9929d740c0],
    PUP.Optional.ClientConnect, C:\Users\Steve\Downloads\Charon_v0.6_TSV3GA0DT(1).exe, , [817377ebbbde171f8339f9d51fe1df21],
    PUP.Optional.ClientConnect, C:\Users\Steve\Downloads\Charon_v0.6_TSV3GA0DT.exe, , [24d03d255742e55109b30fbf867a8c74],
    PUP.Optional.PlayThru, C:\Windows\Installer\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}\ProductIcon, , [619372f004950135d9a066ef689c42be],
    PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\mrt.js, , [13e1580a6f2a6accafa3eb7916ee57a9],
    PUP.Optional.Conduit, C:\Prefs.js, , [bb3993cf3d5c0e283e624ecdec1909f7],
    PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\components.manifest, Good: (), Bad: (component aab33809-6f9f-45f7-9065-2241f0998415 mrt.js), ,[f20263ff772239fdbee00c1033d2ac54]
    PUP.Optional.WinYahoo, C:\Users\Steve\AppData\Local\Chromium\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows,[f400540ed4c5ec4a99e9c35ad431be42]B10,[f400540ed4c5ec4a99e9c35ad431be42]BHome&uref=chmm"]}}), %5

    Physical Sectors: 0
    (No malicious items detected)


    (end)
  6. 2016-02-21, 03:22 #6
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looking good. When you ran Malwarebytes, did you have it Quarantine all those entries ?? They need to be gone. If not run Malwarebytes again and do this




    • You can highlight one of the detections by left clicking on it.
    • Then, right click on the highlighted detection, and select 'Check All Items'.
    • Next, click 'Remove Selected'. That should remove them all





    Then Right Click on FRST64 and select RUN AS ADMINISTRATOR, when it opens make sure there is a checkmark in Additions, leave everything else as is, click on Scan and post both the new FRST64 and Additions logs
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2016-02-21, 04:10 #7
    stevemcorley
    stevemcorley is offline
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/20/2016
    Scan Time: 9:44 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.20.04
    Rootkit Database: v2016.02.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Steve

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 368859
    Time Elapsed: 21 min, 5 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules