[CMD line pop problem]

Attachment of scan report

scan.txt

[CMD line pop problem]

Hello,

I recently had a problem where some kind of malware would bring up the command line randomly and bring me to the desktop for a second.  I downloaded Malware Bytes and ran a scan.  

This is the scan report.  I had Malware Bytes quarantine all of the things that it found but I was wondering if there are any other steps that I need to take to secure my computer.  Also, how serious were these threats?  

Thanks you

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/31/17
Scan Time: 3:23 PM
Log File: 
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2061
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-F07M541\BLTurntable

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371740
Threats Detected: 23
Threats Quarantined: 23
Time Elapsed: 1 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 8
PUP.Optional.Webbar, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.PastaLeads, HKU\S-1-5-21-3765320915-4275802966-2324895758-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\nps.pastaleads.com, Quarantined, [7394], [259184],1.0.2061
PUP.Optional.PastaLeads, HKU\S-1-5-21-3765320915-4275802966-2324895758-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\pastaleads.com, Quarantined, [7394], [259185],1.0.2061
Adware.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eoalfhodgifhbkgmbbdafcihjpdldpll, Quarantined, [5125], [387361],1.0.2061
PUP.Optional.Spoutly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{730E03E4-350E-48E5-9D3E-4329903D454D}, Quarantined, [8204], [386530],1.0.2061
PUP.Optional.PastaLeads, HKU\S-1-5-21-3765320915-4275802966-2324895758-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\nps.pastaleads.com, Quarantined, [7394], [259182],1.0.2061
PUP.Optional.PastaLeads, HKU\S-1-5-21-3765320915-4275802966-2324895758-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\pastaleads.com, Quarantined, [7394], [259183],1.0.2061

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\locales, Quarantined, [1005], [348279],1.0.2061

File: 14
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\locales\en-US.pak, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome.exe, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome_100_percent.pak, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome_child.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome_elf.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\ffmpegsumo.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\icudtl.dat, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\isa.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\libEGL.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\libGLESv2.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\pdf.dll, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\resources.pak, Quarantined, [1005], [348279],1.0.2061
PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER4.EXE, Quarantined, [927], [396112],1.0.2061

Physical Sector: 0
(No malicious items detected)

(end)

[Struggling with DNSUnlocker]

I havnt had any notifications from Malware bytes about it blocking something or anything like that.  So if those logs I linked in my last reply show that its clean then I think its back to normal.  Thank you for your help sir. You the real MVP.

[Struggling with DNSUnlocker]

I ran the fix restarted and then ran a new scan just to be sure.  Here are all of the logs.  Are we good haha?

Fixlog_02-03-2016_15-21-02.txt

FRST_02-03-2016_15-26-54.txt

Addition_02-03-2016_15-26-54.txt

[Struggling with DNSUnlocker]

So fix list should be saved to C:\FRST ?

[Struggling with DNSUnlocker]

Here are both thanks again.

Addition_02-03-2016_11-50-55.txt

FRST_02-03-2016_11-50-55.txt

[Struggling with DNSUnlocker]

Also when malware bytes ran a scan when I booted today it found 2 things so I'm pretty sure its still here.  As I browse more malware bytes notifies me that it blocks that same outbound with the domain mentioned above.   I saved the FixList to C:\FRST.  Is that the wrong place?  Should it be in C:\FRST\logs?

[Struggling with DNSUnlocker]

Chrome works fine.  I ran another FRST scan because now everytime I open chrome malware bytes notifies me that it blocked this outbound domain m77.dnsqa.me.  Do I still have it?

FRST_01-03-2016_18-34-15.txt

[Struggling with DNSUnlocker]

The chrome not opening isn't really a concern for me. I'll just reinstall it but I can take a picture of the properties when I get home. My main concern is still if that fix log shows DNS Unlocker completely gone from my system?

[Struggling with DNSUnlocker]

Maybe that is the wrong term. It won't open from the shortcut or the .exe in directory.

[Struggling with DNSUnlocker]

Maybe that is the wrong term. It won't open from the shortcut or the .exe in directory.

[Struggling with DNSUnlocker]

Again thank you for the help sir.  It seems that after running the fix my google chrome.exe is broken.  Here is the fixlog.

Fixlog_29-02-2016_12-10-52.txt

[Struggling with DNSUnlocker]

Hello there, TwinHeadedEagle.  When I booted up my computer today Ive noticed that nothing has come up as blocked MalwareBytes so maybe I was just paranoid. Basically my question is if DNS Unlocker is actually out of my system or not. Here are the logs you requested.  Thank you for your help.

FRST_28-02-2016_16-58-54.txt

FRST_28-02-2016_16-58-54.txt

Addition_28-02-2016_16-58-54.txt

[Struggling with DNSUnlocker]

Malware consistently blocks a malicious website from chrome - type: outbound - domain: m77dnsqa.me       The dns in that domain makes be think it is involved with DNS Unlocker.

[Struggling with DNSUnlocker]

I've been struggling with DNS Unlocker all day.  I didn't even download anything the last couple days so I was very confused when this thing showed up on my system because I'm really not sure how it even got there.  I just booted up today and there were adds all over my google chrome and I was being redirected every click.  Naturally I went through task manager and found it running.  I went through all of the classic steps: I ended the task in manager, I uninstalled it in control panel, I looked through the registry and program files/data and deleted some stuff that I found, deleted all extensions on my chrome browser, and I even learned that it can mess with actual DNS so I went in to the settings and everything was normal, but nothing worked.  I downloaded malware bytes and ran it.  It found a bunch more files and registries that I then deleted and I thought I was all good.  I restarted my system and upon start-up malware bytes blocked an outbound from svchost.eve which was sort of alarming.  So I ran malware bytes again and nothing showed up.  Now when I'm browsing it will frequently notify me that it blocked something and some of the addresses I recognize from when I first got this virus.  Do I still have DNS Unlocker? Is this just some lingering file from it?  Im just super paranoid because I just put this rig together like a month ago and I'm pretty worried about it.

 

Thanks