sachin0107
Members-
Posts
10 -
Joined
-
Last visited
Reputation
0 Neutral-
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
unfortunately yes..YourTV .link infection is still coming up!! -
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
Fix log attached. Thank you Fixlog.txt -
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
Hi all the steps completed and logs attached.Thank you. -
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
FRST.txt Addition.txt -
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
No threats found on sophos virus removal tool scan. -
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
# AdwCleaner v5.201 - Logfile created 05/08/2016 at 02:09:09 # Updated 30/06/2016 by ToolsLib # Database : 2016-08-04.3 [Server] # Operating system : Windows 10 Pro (X64) # Username : Sachin - SACHIN-THINK # Running from : C:\Users\Sachin\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [#] Folder Deleted : C:\ProgramData\Unknown [-] Folder Deleted : C:\ProgramData\{30267448-7b65-34b7-3026-674487b6d121} [-] Folder Deleted : C:\ProgramData\{3f5714b2-9a14-fe9b-3f57-714b29a152ca} [-] Folder Deleted : C:\ProgramData\{e0a73385-63e6-bf2e-e0a7-7338563ece15} [-] Folder Deleted : C:\ProgramData\{f03f0b13-fe30-de6b-f03f-f0b13fe32c4f} [#] Folder Deleted : C:\ProgramData\Application Data\Unknown [#] Folder Deleted : C:\ProgramData\Application Data\{30267448-7b65-34b7-3026-674487b6d121} [#] Folder Deleted : C:\ProgramData\Application Data\{3f5714b2-9a14-fe9b-3f57-714b29a152ca} [#] Folder Deleted : C:\ProgramData\Application Data\{e0a73385-63e6-bf2e-e0a7-7338563ece15} [#] Folder Deleted : C:\ProgramData\Application Data\{f03f0b13-fe30-de6b-f03f-f0b13fe32c4f} [-] Folder Deleted : C:\Program Files (x86)\IncludeMonitor [-] Folder Deleted : C:\Program Files (x86)\RoboSaver [#] Folder Deleted : C:\Program Files (x86)\ROBoSaver [-] Folder Deleted : C:\Users\Sachin\AppData\Roaming\IHlpr ***** [ Files ] ***** [-] File Deleted : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uhytajrtpo-a.akamaihd.net_0.localstorage [-] File Deleted : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uhytajrtpo-a.akamaihd.net_0.localstorage-journal [-] File Deleted : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_yourtv.link_0.localstorage [-] File Deleted : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_yourtv.link_0.localstorage-journal ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : {2ADEB8CE-62C3-4A82-89DF-8497650BA946} ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll [-] Key Deleted : HKLM\SOFTWARE\d1264021-54d3-89f1-2374-d9030ad69a7d [-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic [-] Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard [-] Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1 [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] [-] Key Deleted : HKCU\Software\APN PIP [-] Key Deleted : HKCU\Software\GlobalUpdate [-] Key Deleted : HKCU\Software\Kromtech [-] Key Deleted : HKCU\Software\PRODUCTSETUP [-] Key Deleted : HKCU\Software\simplytech [-] Key Deleted : HKCU\Software\Softonic [-] Key Deleted : HKCU\Software\WEBAPP [-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKLM\SOFTWARE\AIM Toolbar [-] Key Deleted : HKLM\SOFTWARE\Email Notifier [-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate [-] Key Deleted : HKLM\SOFTWARE\hdcode [-] Key Deleted : HKLM\SOFTWARE\SpeedBit [-] Key Deleted : HKLM\SOFTWARE\Uniblue [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Super Radio [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{21CB4028-B934-4636-A35F-F28A76036A00}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4C87253D-E10C-4644-B2CE-5CBA8AA72640}] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch123.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService ***** [ Web browsers ] ***** [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.L2xfdWZAOdFgeSeV.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogmail.[...] [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.NwOszC4xFnXbsCMf.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.com\[...] [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.h4FF8UnHkLVm9fiu.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.com\[...] [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.sMARSGYN2jkoLjmf.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogmail.[...] [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.yLHblDV66JGo0A0S.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.com\[...] [-] [C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com [-] [C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : daemon-tools-lite.en.softonic.com [-] [C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : google.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [6661 bytes] - [05/08/2016 02:09:09] C:\AdwCleaner\AdwCleaner[S1].txt - [7348 bytes] - [05/08/2016 02:02:42] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6807 bytes] ########## -
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Pro x64 Ran by Sachin (Administrator) on Fri 08/05/2016 at 1:53:09.24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 10 Failed to delete: C:\ProgramData\unknown (Folder) Successfully deleted: C:\ProgramData\4af69aa400003053 (Folder) Successfully deleted: C:\ProgramData\ask (Folder) Successfully deleted: C:\ProgramData\cdaed2f4000068c4 (Folder) Successfully deleted: C:\ProgramData\emailnotifier (Folder) Successfully deleted: C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage (File) Successfully deleted: C:\Users\Sachin\AppData\Local\installer (Folder) Successfully deleted: C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\user.js (File) Successfully deleted: C:\Users\Sachin\AppData\Roaming\new version available (Folder) Successfully deleted: C:\Program Files (x86)\systempromote (Folder) Deleted the following from C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine); user_pref(browser.search.searchengine.ptid, xtab); user_pref(browser.search.searchengine.uid, F4CD451A563C4ae19F2B37B2BD37DED5); user_pref(extensions.L2xfdWZAOdFgeSeV.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\search.asist user_pref(extensions.NwOszC4xFnXbsCMf.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\cryptogmail. user_pref(extensions.h4FF8UnHkLVm9fiu.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\cryptogmail. user_pref(extensions.quick_start.enable_search1, false); user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false); user_pref(extensions.sMARSGYN2jkoLjmf.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\search.asist user_pref(extensions.yLHblDV66JGo0A0S.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\cryptogmail. user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); Registry: 4 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BDEFBCD-63D9-498A-BDE2-8FC46C7C24EB} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 08/05/2016 at 1:59:10.20 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/20/2015 Scan Time: 8:29 PM Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.03.09.05 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Sachin Scan Type: Threat Scan Result: Completed Objects Scanned: 383189 Time Elapsed: 7 min, 51 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, 2432, Delete-on-Reboot, [80f9a0a3b0da64d23b161df1de2417e9] Modules: 0 (No malicious items detected) Registry Keys: 43 PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [80f9a0a3b0da64d23b161df1de2417e9], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [6d0cd27198f23ef81c2c6ab5778ce11f], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [6d0cd27198f23ef81c2c6ab5778ce11f], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [6d0cd27198f23ef81c2c6ab5778ce11f], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Linkey.Linkey, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Multiplug, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [9edb182b4f3b51e5537efb1f8c77d32d], PUP.Optional.Multiplug, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [9edb182b4f3b51e5537efb1f8c77d32d], PUP.Optional.DefaultSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}, Quarantined, [e89163e005857abccb93ff31b451926e], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [6b0e82c11f6b999d9449ffb1ff04d729], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [463355eeb6d4df57ad7a3cba55ae2bd5], PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [6910e55ebcce84b2d1df00b802010df3], PUP.Optional.MyStart.A, HKLM\SOFTWARE\WOW6432NODE\mystarttb, Quarantined, [7ffab98a1971280e94aed3f5ea19837d], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, Quarantined, [95e4bb88395141f5b99425a39b680df3], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, Quarantined, [a7d2cf74058561d5b016703ca45f659b], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fpmeembnagmagppkgghhfjfdfajdfcah, Quarantined, [ed8cba897416a492a1206b7da063619f], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY, Quarantined, [caafbd86fb8f81b516acae3a07fc55ab], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [0c6d4ef5e2a8211535558b1e35cecf31], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [ccad5ce7355510268603d4d534cfa759], PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [3940ab983852df5735f2ae0b9b68b64a], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [532688bb97f3072f186f63467291c13f], PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{163ac2d4}, Quarantined, [aecb97acd7b3d16592f4d00113f05ea2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [f782a59e52385bdb9322566eb64d1de3], PUP.Optional.LibraryProc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\163ac2d4, Quarantined, [a6d3281b751562d4f4cbf7b1b84b16ea], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [bebbe261078371c5b6216556c04302fe], PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv, Quarantined, [a9d01e25f298d95d4ff21b9225de7a86], PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv-ie, Quarantined, [1b5ecd76662486b0bc85911c3fc4b050], PUP.Optional.SensePlus.A, HKU\S-1-5-18\SOFTWARE\SensePlus-nv, Quarantined, [abcef64dbbcf3402781ef9aeff049a66], PUP.Optional.SensePlus.A, HKU\S-1-5-18\SOFTWARE\SensePlus-nv-ie, Quarantined, [0970f64d1278c175eda90f98649f38c8], PUP.Optional.HomeTab.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\HomeTab, Quarantined, [0475c57e64267fb7211f8f4a679c55ab], PUP.Optional.SensePlus.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\SensePlus-nv-ie, Quarantined, [fe7ba2a15a30b383b5e185223ac9857b], PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\SmdmF, Quarantined, [aecb4df6f793e1556fdd6464fd06639d], PUP.Optional.Wajam.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\WajIntEnhance, Quarantined, [0f6a2122ee9c58de6b5c3d6f6a996799], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [90e9271c7218c472c96f0d12b74e38c8], PUP.Optional.Linkey.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\LINKEY, Quarantined, [0e6b4003a7e37db9f434171531d48a76], PUP.Optional.DefaultSearch, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}, Quarantined, [3a3f67dce4a6082e72edbe72f312d52b], PUP.Optional.Wajam.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [ff7ab58e4f3b50e6583070392ed5857b], PUP.Optional.SoftonicAssistant.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SoftonicAssistant, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], Registry Values: 8 PUP.Optional.DefaultSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, Quarantined, [e89163e005857abccb93ff31b451926e] PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, Quarantined, [caafbd86fb8f81b516acae3a07fc55ab] PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\extensions\searchengine@gmail.com, Quarantined, [d1a8b291ee9c3afcee84fa3d5da853ad] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\extensions\faststartff@gmail.com, Quarantined, [1b5e56edec9e53e3f501b17844c120e0] PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\extensions\fftoolbar2014@etech.com, Quarantined, [88f15fe42f5b8caa8dec426e04ffb947] PUP.Optional.Linkey.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\LINKEY|browsers, chrome,ff,ie, Quarantined, [0e6b4003a7e37db9f434171531d48a76] PUP.Optional.DefaultSearch, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, Quarantined, [3a3f67dce4a6082e72edbe72f312d52b] PUP.Optional.SoftonicAssistant.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SoftonicAssistant, "C:\Users\Sachin\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe", Quarantined, [75040142c5c5f145a2fd7d1b52b17c84] Registry Data: 12 PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type=dspp&ts=1424969391&from=smt&uid=HGSTXHTS725050A7E630_TF755AWHJLPXNMJLPXNMX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=dspp&ts=1424969391&from=smt&uid=HGSTXHTS725050A7E630_TF755AWHJLPXNMJLPXNMX&q={searchTerms}),Replaced,[097062e1ff8b30063ed2cd08e4218080] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[83f6ad968bffc86e9680a1341aebac54] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[a0d92a19f298c4720d0904d160a508f8] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type=dspp&ts=1424969391&from=smt&uid=HGSTXHTS725050A7E630_TF755AWHJLPXNMJLPXNMX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=dspp&ts=1424969391&from=smt&uid=HGSTXHTS725050A7E630_TF755AWHJLPXNMJLPXNMX&q={searchTerms}),Replaced,[d7a22a197f0b1a1ce030686d13f202fe] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[4930291a4f3bbb7ba3732aabf90cfe02] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[8feae95a216938fef81e864fa65fc040] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}),Replaced,[aecb68db8901fa3ca670ae277f8613ed] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}),Replaced,[eb8e57ec602a072f7c9a06cf14f16898] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}),Replaced,[3b3e1c277a10e84e7e96a92cea1be61a] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}),Replaced,[6b0efe45cbbf89ad0e0612c30203d42c] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[0a6f6ed55c2ed1651ef69144689d17e9] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[6a0f5de64842b58134e0676e3acba957] Folders: 10 PUP.Optional.OpenCandy, C:\Users\Sachin\AppData\Roaming\OpenCandy, Quarantined, [9adf93b0256574c28bf42346bc47a25e], PUP.Optional.OpenCandy, C:\Users\Sachin\AppData\Roaming\OpenCandy\B588971B7008474091B1BE720E4F9A21, Quarantined, [9adf93b0256574c28bf42346bc47a25e], PUP.Optional.Datamngr.A, C:\Users\Sachin\AppData\LocalLow\DataMngr, Quarantined, [60196bd85e2c35010d9f115ec3403ec2], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf, Quarantined, [94e5e162c4c6a096043aed9c5aa9ac54], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\IncompleteDownloads, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\PerformingUpdates, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.IHlpr.A, C:\Users\Sachin\AppData\Roaming\IHlpr\B588971B7008474091B1BE720E4F9A21, Quarantined, [b3c6f54eacde9f977deadebc000342be], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [3841a49fabdfa69081b58617bc47a65a], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [3841a49fabdfa69081b58617bc47a65a], Files: 27 PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, Delete-on-Reboot, [80f9a0a3b0da64d23b161df1de2417e9], PUP.Optional.Sense.A, C:\Users\Sachin\AppData\Roaming\BUSIGVQY.exe, Quarantined, [4930d0733357013588ad61bd52b0ca36], PUP.Optional.Linkey.A, C:\Users\Sachin\AppData\Roaming\How Inc\4937E96578154D479297BC21DCCFA733\SettingsManagerSetup.exe, Quarantined, [7bfee0636723ca6c5ab108aaac5542be], PUP.Optional.CrossRider.A, C:\Users\Sachin\AppData\Roaming\RHEng\910B7B8A316D43CD8D1764E4786A44CD\setup1229.exe, Quarantined, [601945feafdbe452bee4fcefaf52ce32], PUP.Optional.CrossRider.A, C:\Windows\SysWOW64\d.exe, Quarantined, [bebb380bbdcd04322d25f04003ffd32d], PUP.Optional.Softonic, C:\Users\Sachin\Downloads\SoftonicDownloader_for_hideman.exe, Quarantined, [a9d071d27614b482ac1c401aa85831cf], PUP.Optional.Softonic, C:\Users\Sachin\Downloads\SoftonicDownloader_for_mpeg-streamclip.exe, Quarantined, [68112c17f1998caa78504c0efe02d729], PUP.Optional.MultiPlug.A, C:\Users\Sachin\Downloads\animals maroon.exe, Quarantined, [afca7dc684065cda00bfa26d649e9a66], PUP.Optional.OpenCandy, C:\Users\Sachin\Downloads\DTLite4491-0356.exe, Quarantined, [84f588bb3f4b87afdb4e8880818527d9], PUP.Optional.IStartSurf.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\searchplugins\istartsurf.xml, Quarantined, [7bfe390a0981270fbdbfaa1f8c7722de], PUP.Optional.Datamngr.A, C:\Users\Sachin\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, Quarantined, [60196bd85e2c35010d9f115ec3403ec2], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\coordinator.cfg, Quarantined, [94e5e162c4c6a096043aed9c5aa9ac54], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\general.cfg, Quarantined, [94e5e162c4c6a096043aed9c5aa9ac54], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\S-1-5-21-2426917547-1667328261-2786853787-1000.cfg, Quarantined, [94e5e162c4c6a096043aed9c5aa9ac54], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\App.ico, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\extensions.db, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\nsisout.txt, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\old.dat, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\Uninstall.exe, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\PerformingUpdates\SoftonicUpdate.exe, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.IHlpr.A, C:\Users\Sachin\AppData\Roaming\IHlpr\B588971B7008474091B1BE720E4F9A21\Opera_NI_stable.exe, Quarantined, [b3c6f54eacde9f977deadebc000342be], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [3841a49fabdfa69081b58617bc47a65a], PUP.Optional.QuickStart.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Replaced,[5c1dd76ce8a289ad5d6e998458aeaf51] PUP.Optional.IStartSurf.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5");), Replaced,[b2c770d3c6c41c1a18d00419699d03fd] PUP.Optional.CrossRider.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14aaf02ecb01060fb01bc89217e67429");), Replaced,[b4c59ba8315958de04eec15d8383bf41] PUP.Optional.IStartSurf.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\search.json, Good: (), Bad: (istartsurf), Replaced,[4336043fb2d876c04a4506155fa7cc34] Physical Sectors: 0 (No malicious items detected) (end) -
I cannot remove YourTV.link
sachin0107 replied to sachin0107's topic in Resolved Malware Removal Logs
Hi mate..I will try the fix and post the results. Thank you -
I cannot remove YourTV.link from my Google chrome and firefox. Tried spy hunter and other fixes.Also tried deleting and reinstalling. But still it comes back.Please help. Thank you