Jump to content

sachin0107

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. unfortunately yes..YourTV .link infection is still coming up!!
  2. Hi all the steps completed and logs attached.Thank you.
  3. No threats found on sophos virus removal tool scan.
  4. # AdwCleaner v5.201 - Logfile created 05/08/2016 at 02:09:09 # Updated 30/06/2016 by ToolsLib # Database : 2016-08-04.3 [Server] # Operating system : Windows 10 Pro (X64) # Username : Sachin - SACHIN-THINK # Running from : C:\Users\Sachin\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [#] Folder Deleted : C:\ProgramData\Unknown [-] Folder Deleted : C:\ProgramData\{30267448-7b65-34b7-3026-674487b6d121} [-] Folder Deleted : C:\ProgramData\{3f5714b2-9a14-fe9b-3f57-714b29a152ca} [-] Folder Deleted : C:\ProgramData\{e0a73385-63e6-bf2e-e0a7-7338563ece15} [-] Folder Deleted : C:\ProgramData\{f03f0b13-fe30-de6b-f03f-f0b13fe32c4f} [#] Folder Deleted : C:\ProgramData\Application Data\Unknown [#] Folder Deleted : C:\ProgramData\Application Data\{30267448-7b65-34b7-3026-674487b6d121} [#] Folder Deleted : C:\ProgramData\Application Data\{3f5714b2-9a14-fe9b-3f57-714b29a152ca} [#] Folder Deleted : C:\ProgramData\Application Data\{e0a73385-63e6-bf2e-e0a7-7338563ece15} [#] Folder Deleted : C:\ProgramData\Application Data\{f03f0b13-fe30-de6b-f03f-f0b13fe32c4f} [-] Folder Deleted : C:\Program Files (x86)\IncludeMonitor [-] Folder Deleted : C:\Program Files (x86)\RoboSaver [#] Folder Deleted : C:\Program Files (x86)\ROBoSaver [-] Folder Deleted : C:\Users\Sachin\AppData\Roaming\IHlpr ***** [ Files ] ***** [-] File Deleted : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uhytajrtpo-a.akamaihd.net_0.localstorage [-] File Deleted : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uhytajrtpo-a.akamaihd.net_0.localstorage-journal [-] File Deleted : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_yourtv.link_0.localstorage [-] File Deleted : C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_yourtv.link_0.localstorage-journal ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : {2ADEB8CE-62C3-4A82-89DF-8497650BA946} ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll [-] Key Deleted : HKLM\SOFTWARE\d1264021-54d3-89f1-2374-d9030ad69a7d [-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic [-] Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard [-] Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1 [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] [-] Key Deleted : HKCU\Software\APN PIP [-] Key Deleted : HKCU\Software\GlobalUpdate [-] Key Deleted : HKCU\Software\Kromtech [-] Key Deleted : HKCU\Software\PRODUCTSETUP [-] Key Deleted : HKCU\Software\simplytech [-] Key Deleted : HKCU\Software\Softonic [-] Key Deleted : HKCU\Software\WEBAPP [-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKLM\SOFTWARE\AIM Toolbar [-] Key Deleted : HKLM\SOFTWARE\Email Notifier [-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate [-] Key Deleted : HKLM\SOFTWARE\hdcode [-] Key Deleted : HKLM\SOFTWARE\SpeedBit [-] Key Deleted : HKLM\SOFTWARE\Uniblue [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Super Radio [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{21CB4028-B934-4636-A35F-F28A76036A00}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4C87253D-E10C-4644-B2CE-5CBA8AA72640}] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch123.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService ***** [ Web browsers ] ***** [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.L2xfdWZAOdFgeSeV.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogmail.[...] [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.NwOszC4xFnXbsCMf.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.com\[...] [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.h4FF8UnHkLVm9fiu.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.com\[...] [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.sMARSGYN2jkoLjmf.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogmail.[...] [-] [C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js] Deleted : user_pref("extensions.yLHblDV66JGo0A0S.scode", "(function(){try{if(window.location.href.indexOf(\"qdU8pdY6qjsFqTk9rjr7rjgE\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.com\[...] [-] [C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo.com [-] [C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : daemon-tools-lite.en.softonic.com [-] [C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : google.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [6661 bytes] - [05/08/2016 02:09:09] C:\AdwCleaner\AdwCleaner[S1].txt - [7348 bytes] - [05/08/2016 02:02:42] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6807 bytes] ##########
  5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Pro x64 Ran by Sachin (Administrator) on Fri 08/05/2016 at 1:53:09.24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 10 Failed to delete: C:\ProgramData\unknown (Folder) Successfully deleted: C:\ProgramData\4af69aa400003053 (Folder) Successfully deleted: C:\ProgramData\ask (Folder) Successfully deleted: C:\ProgramData\cdaed2f4000068c4 (Folder) Successfully deleted: C:\ProgramData\emailnotifier (Folder) Successfully deleted: C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage (File) Successfully deleted: C:\Users\Sachin\AppData\Local\installer (Folder) Successfully deleted: C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\user.js (File) Successfully deleted: C:\Users\Sachin\AppData\Roaming\new version available (Folder) Successfully deleted: C:\Program Files (x86)\systempromote (Folder) Deleted the following from C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine); user_pref(browser.search.searchengine.ptid, xtab); user_pref(browser.search.searchengine.uid, F4CD451A563C4ae19F2B37B2BD37DED5); user_pref(extensions.L2xfdWZAOdFgeSeV.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\search.asist user_pref(extensions.NwOszC4xFnXbsCMf.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\cryptogmail. user_pref(extensions.h4FF8UnHkLVm9fiu.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\cryptogmail. user_pref(extensions.quick_start.enable_search1, false); user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false); user_pref(extensions.sMARSGYN2jkoLjmf.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\search.asist user_pref(extensions.yLHblDV66JGo0A0S.scode, (function(){try{if(window.location.href.indexOf(\qdU8pdY6qjsFqTk9rjr7rjgE\)>-1){return;}}catch(e){}try{var d=[[\cryptogmail. user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); user_pref(browser.startup.homepage, hxxp://yourtv.link); Registry: 4 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BDEFBCD-63D9-498A-BDE2-8FC46C7C24EB} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 08/05/2016 at 1:59:10.20 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/20/2015 Scan Time: 8:29 PM Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.03.09.05 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Sachin Scan Type: Threat Scan Result: Completed Objects Scanned: 383189 Time Elapsed: 7 min, 51 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, 2432, Delete-on-Reboot, [80f9a0a3b0da64d23b161df1de2417e9] Modules: 0 (No malicious items detected) Registry Keys: 43 PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [80f9a0a3b0da64d23b161df1de2417e9], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [6d0cd27198f23ef81c2c6ab5778ce11f], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [6d0cd27198f23ef81c2c6ab5778ce11f], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [6d0cd27198f23ef81c2c6ab5778ce11f], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Linkey.Linkey, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Linkey.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [a4d54ff494f6d6602927a57a0cf7bd43], PUP.Optional.Multiplug, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [9edb182b4f3b51e5537efb1f8c77d32d], PUP.Optional.Multiplug, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [9edb182b4f3b51e5537efb1f8c77d32d], PUP.Optional.DefaultSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}, Quarantined, [e89163e005857abccb93ff31b451926e], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [6b0e82c11f6b999d9449ffb1ff04d729], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [463355eeb6d4df57ad7a3cba55ae2bd5], PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [6910e55ebcce84b2d1df00b802010df3], PUP.Optional.MyStart.A, HKLM\SOFTWARE\WOW6432NODE\mystarttb, Quarantined, [7ffab98a1971280e94aed3f5ea19837d], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, Quarantined, [95e4bb88395141f5b99425a39b680df3], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, Quarantined, [a7d2cf74058561d5b016703ca45f659b], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fpmeembnagmagppkgghhfjfdfajdfcah, Quarantined, [ed8cba897416a492a1206b7da063619f], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY, Quarantined, [caafbd86fb8f81b516acae3a07fc55ab], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [0c6d4ef5e2a8211535558b1e35cecf31], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [ccad5ce7355510268603d4d534cfa759], PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [3940ab983852df5735f2ae0b9b68b64a], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [532688bb97f3072f186f63467291c13f], PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{163ac2d4}, Quarantined, [aecb97acd7b3d16592f4d00113f05ea2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [f782a59e52385bdb9322566eb64d1de3], PUP.Optional.LibraryProc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\163ac2d4, Quarantined, [a6d3281b751562d4f4cbf7b1b84b16ea], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [bebbe261078371c5b6216556c04302fe], PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv, Quarantined, [a9d01e25f298d95d4ff21b9225de7a86], PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv-ie, Quarantined, [1b5ecd76662486b0bc85911c3fc4b050], PUP.Optional.SensePlus.A, HKU\S-1-5-18\SOFTWARE\SensePlus-nv, Quarantined, [abcef64dbbcf3402781ef9aeff049a66], PUP.Optional.SensePlus.A, HKU\S-1-5-18\SOFTWARE\SensePlus-nv-ie, Quarantined, [0970f64d1278c175eda90f98649f38c8], PUP.Optional.HomeTab.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\HomeTab, Quarantined, [0475c57e64267fb7211f8f4a679c55ab], PUP.Optional.SensePlus.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\SensePlus-nv-ie, Quarantined, [fe7ba2a15a30b383b5e185223ac9857b], PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\SmdmF, Quarantined, [aecb4df6f793e1556fdd6464fd06639d], PUP.Optional.Wajam.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\WajIntEnhance, Quarantined, [0f6a2122ee9c58de6b5c3d6f6a996799], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [90e9271c7218c472c96f0d12b74e38c8], PUP.Optional.Linkey.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\LINKEY, Quarantined, [0e6b4003a7e37db9f434171531d48a76], PUP.Optional.DefaultSearch, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}, Quarantined, [3a3f67dce4a6082e72edbe72f312d52b], PUP.Optional.Wajam.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [ff7ab58e4f3b50e6583070392ed5857b], PUP.Optional.SoftonicAssistant.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SoftonicAssistant, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], Registry Values: 8 PUP.Optional.DefaultSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, Quarantined, [e89163e005857abccb93ff31b451926e] PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, Quarantined, [caafbd86fb8f81b516acae3a07fc55ab] PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\extensions\searchengine@gmail.com, Quarantined, [d1a8b291ee9c3afcee84fa3d5da853ad] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\extensions\faststartff@gmail.com, Quarantined, [1b5e56edec9e53e3f501b17844c120e0] PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\extensions\fftoolbar2014@etech.com, Quarantined, [88f15fe42f5b8caa8dec426e04ffb947] PUP.Optional.Linkey.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\LINKEY|browsers, chrome,ff,ie, Quarantined, [0e6b4003a7e37db9f434171531d48a76] PUP.Optional.DefaultSearch, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, Quarantined, [3a3f67dce4a6082e72edbe72f312d52b] PUP.Optional.SoftonicAssistant.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SoftonicAssistant, "C:\Users\Sachin\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe", Quarantined, [75040142c5c5f145a2fd7d1b52b17c84] Registry Data: 12 PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type=dspp&ts=1424969391&from=smt&uid=HGSTXHTS725050A7E630_TF755AWHJLPXNMJLPXNMX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=dspp&ts=1424969391&from=smt&uid=HGSTXHTS725050A7E630_TF755AWHJLPXNMJLPXNMX&q={searchTerms}),Replaced,[097062e1ff8b30063ed2cd08e4218080] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[83f6ad968bffc86e9680a1341aebac54] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[a0d92a19f298c4720d0904d160a508f8] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type=dspp&ts=1424969391&from=smt&uid=HGSTXHTS725050A7E630_TF755AWHJLPXNMJLPXNMX&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?type=dspp&ts=1424969391&from=smt&uid=HGSTXHTS725050A7E630_TF755AWHJLPXNMJLPXNMX&q={searchTerms}),Replaced,[d7a22a197f0b1a1ce030686d13f202fe] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[4930291a4f3bbb7ba3732aabf90cfe02] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[8feae95a216938fef81e864fa65fc040] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}),Replaced,[aecb68db8901fa3ca670ae277f8613ed] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}),Replaced,[eb8e57ec602a072f7c9a06cf14f16898] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}),Replaced,[3b3e1c277a10e84e7e96a92cea1be61a] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=dspp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5&q={searchTerms}),Replaced,[6b0efe45cbbf89ad0e0612c30203d42c] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[0a6f6ed55c2ed1651ef69144689d17e9] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2426917547-1667328261-2786853787-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5),Replaced,[6a0f5de64842b58134e0676e3acba957] Folders: 10 PUP.Optional.OpenCandy, C:\Users\Sachin\AppData\Roaming\OpenCandy, Quarantined, [9adf93b0256574c28bf42346bc47a25e], PUP.Optional.OpenCandy, C:\Users\Sachin\AppData\Roaming\OpenCandy\B588971B7008474091B1BE720E4F9A21, Quarantined, [9adf93b0256574c28bf42346bc47a25e], PUP.Optional.Datamngr.A, C:\Users\Sachin\AppData\LocalLow\DataMngr, Quarantined, [60196bd85e2c35010d9f115ec3403ec2], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf, Quarantined, [94e5e162c4c6a096043aed9c5aa9ac54], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\IncompleteDownloads, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\PerformingUpdates, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.IHlpr.A, C:\Users\Sachin\AppData\Roaming\IHlpr\B588971B7008474091B1BE720E4F9A21, Quarantined, [b3c6f54eacde9f977deadebc000342be], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [3841a49fabdfa69081b58617bc47a65a], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [3841a49fabdfa69081b58617bc47a65a], Files: 27 PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, Delete-on-Reboot, [80f9a0a3b0da64d23b161df1de2417e9], PUP.Optional.Sense.A, C:\Users\Sachin\AppData\Roaming\BUSIGVQY.exe, Quarantined, [4930d0733357013588ad61bd52b0ca36], PUP.Optional.Linkey.A, C:\Users\Sachin\AppData\Roaming\How Inc\4937E96578154D479297BC21DCCFA733\SettingsManagerSetup.exe, Quarantined, [7bfee0636723ca6c5ab108aaac5542be], PUP.Optional.CrossRider.A, C:\Users\Sachin\AppData\Roaming\RHEng\910B7B8A316D43CD8D1764E4786A44CD\setup1229.exe, Quarantined, [601945feafdbe452bee4fcefaf52ce32], PUP.Optional.CrossRider.A, C:\Windows\SysWOW64\d.exe, Quarantined, [bebb380bbdcd04322d25f04003ffd32d], PUP.Optional.Softonic, C:\Users\Sachin\Downloads\SoftonicDownloader_for_hideman.exe, Quarantined, [a9d071d27614b482ac1c401aa85831cf], PUP.Optional.Softonic, C:\Users\Sachin\Downloads\SoftonicDownloader_for_mpeg-streamclip.exe, Quarantined, [68112c17f1998caa78504c0efe02d729], PUP.Optional.MultiPlug.A, C:\Users\Sachin\Downloads\animals maroon.exe, Quarantined, [afca7dc684065cda00bfa26d649e9a66], PUP.Optional.OpenCandy, C:\Users\Sachin\Downloads\DTLite4491-0356.exe, Quarantined, [84f588bb3f4b87afdb4e8880818527d9], PUP.Optional.IStartSurf.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\searchplugins\istartsurf.xml, Quarantined, [7bfe390a0981270fbdbfaa1f8c7722de], PUP.Optional.Datamngr.A, C:\Users\Sachin\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, Quarantined, [60196bd85e2c35010d9f115ec3403ec2], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\coordinator.cfg, Quarantined, [94e5e162c4c6a096043aed9c5aa9ac54], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\general.cfg, Quarantined, [94e5e162c4c6a096043aed9c5aa9ac54], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\S-1-5-21-2426917547-1667328261-2786853787-1000.cfg, Quarantined, [94e5e162c4c6a096043aed9c5aa9ac54], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\App.ico, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\extensions.db, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\nsisout.txt, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\old.dat, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\Uninstall.exe, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.SoftonicAssistant.A, C:\Users\Sachin\AppData\Local\SoftonicAssistant\PerformingUpdates\SoftonicUpdate.exe, Quarantined, [75040142c5c5f145a2fd7d1b52b17c84], PUP.Optional.IHlpr.A, C:\Users\Sachin\AppData\Roaming\IHlpr\B588971B7008474091B1BE720E4F9A21\Opera_NI_stable.exe, Quarantined, [b3c6f54eacde9f977deadebc000342be], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [3841a49fabdfa69081b58617bc47a65a], PUP.Optional.QuickStart.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Replaced,[5c1dd76ce8a289ad5d6e998458aeaf51] PUP.Optional.IStartSurf.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.istartsurf.com/?type=hppp&ts=1434569223&from=xtab&uid=F4CD451A563C4ae19F2B37B2BD37DED5");), Replaced,[b2c770d3c6c41c1a18d00419699d03fd] PUP.Optional.CrossRider.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14aaf02ecb01060fb01bc89217e67429");), Replaced,[b4c59ba8315958de04eec15d8383bf41] PUP.Optional.IStartSurf.A, C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\1rbrnmid.default\search.json, Good: (), Bad: (istartsurf), Replaced,[4336043fb2d876c04a4506155fa7cc34] Physical Sectors: 0 (No malicious items detected) (end)
  7. Hi mate..I will try the fix and post the results. Thank you
  8. I cannot remove YourTV.link from my Google chrome and firefox. Tried spy hunter and other fixes.Also tried deleting and reinstalling. But still it comes back.Please help. Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.