Unknown_Gamer

I don't have BetternetVPN so I don't think that is the problem.

Hi, For some reason, I've all of a sudden gotten infected with I think a virus/malware. It seems to put banner ads on pages like youtube and google. For sites that aren't supported with banner ads, whenever I click a link, it'll open up a new tab every so often with a link to a sketchy website with ads. Preview of banner ads: I've also look into the Inspec Element and this is the code I found for the about 960px banner ad found on the video above: <script src="https://unpkg.com/ed4c0023d0428464c1b38e17b3862097/0.js"></sc ript></script> <div style="position: absolute; background: rgb(255, 255, 255); top: 410px; z-index: 2147483647; left: 89px; width: 728px; height: 90px; text-align: center;" class="video_pl_p"> <span style="z-index:999999999999999;color:red;font-size:25px;font-weight:bold;cursor:pointer;width: 15px;position: absolute;right: 2px;top:-4px;padding: 2px;font-family: &quot;YouTube Noto&quot;,Roboto,arial,sans-serif;">x</span> <div id="3750698553" style="display: inline-block;height:90px !important;width:728px !important;margin:0 auto;z-index:99999999;border:0;"><iframe src="//b.buywork.men/code/adv/b/?pid=792193&amp;adu=0&amp;s=728x90" scrolling="no" style="width:728px; height:90px;border:0;padding:0;overflow:hidden;position: relative;" allowtransparency="true" data-mytype="name_baner"></iframe></div> </div> <script type="text/javascript" src="https://like.xelppi.com/ysublod.php" gapi_processed="true"></script> <script type="text/javascript" src="https://youtube.xelppi.com/yout_pro.php"></script> <script type="text/javascript" src="https://like.xelppi.com/ysublod_2.php" gapi_processed="true"></script> FRST.txt Addition.txt

It worked (From what I can see), yet I still get PUPs for yahoo in Malwarebytes.

IDK If that'll work because the PUP is still existant.

Here you go Fixlog.txt

JRT.txt Addition.txt AdwCleaner.txt FRST.txt

Correction, I am back now. Here is the file. mbm.txt

Standby. With family members. Will be back no later than 3 days. Do not lock please

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/13/2016 Scan Time: 2:59 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.13.04 Rootkit Database: v2016.08.15.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: build Scan Type: Threat Scan Result: Completed Objects Scanned: 457689 Time Elapsed: 8 min, 14 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550755565577}, , [b3f5fd740298cc6a9e39707b55af946c], PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{55555555-5555-5555-5555-550755565577}, , [3078fa774e4c4de900d7816ab05432ce], PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550755565577}, , [e8c0a5cc4654d95d37a0935815efc33d], PUP.Optional.WinYahoo, HKU\S-1-5-21-2680031848-668813617-552983548-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, , [5058f879534747efdd8e06c371910ff1], Registry Values: 6 PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550755565577}, ICrossriderBHO, , [b3f5fd740298cc6a9e39707b55af946c] PUP.Optional.CrossRider, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{55555555-5555-5555-5555-550755565577}, ICrossriderBHO, , [3078fa774e4c4de900d7816ab05432ce] PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550755565577}, ICrossriderBHO, , [e8c0a5cc4654d95d37a0935815efc33d] PUP.Optional.WinYahoo, HKU\S-1-5-21-2680031848-668813617-552983548-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f[297f323f5248de589f1a5d5fd62ed927]D1%26b[297f323f5248de589f1a5d5fd62ed927]DIE%26cc[297f323f5248de589f1a5d5fd62ed927]Dus%26pa[297f323f5248de589f1a5d5fd62ed927]DWincy%26cd[297f323f5248de589f1a5d5fd62ed927]D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr[297f323f5248de589f1a5d5fd62ed927]D1716391913%26a[297f323f5248de589f1a5d5fd62ed927]Dwbf_pwrisofs_16_18%26os_ver[297f323f5248de589f1a5d5fd62ed927]D10.0%26os[297f323f5248de589f1a5d5fd62ed927]DWindowsB10BPro, %4, %5 PUP.Optional.WinYahoo, HKU\S-1-5-21-2680031848-668813617-552983548-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f[5058f879534747efdd8e06c371910ff1]D4%26b[5058f879534747efdd8e06c371910ff1]DIE%26cc[5058f879534747efdd8e06c371910ff1]Dus%26pa[5058f879534747efdd8e06c371910ff1]DWincy%26cd[5058f879534747efdd8e06c371910ff1]D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr[5058f879534747efdd8e06c371910ff1]D1716391913%26a[5058f879534747efdd8e06c371910ff1]Dwbf_pwrisofs_16_18%26os_ver[5058f879534747efdd8e06c371910ff1]D10.0%26os[5058f879534747efdd8e06c371910ff1]DWindowsB10BPro&p={searchTerms}, %4, %5 PUP.Optional.WinYahoo, HKU\S-1-5-21-2680031848-668813617-552983548-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|TopResultURLFallback, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f[4e5a422fb0eab185fb7084453cc6ce32]D4%26b[4e5a422fb0eab185fb7084453cc6ce32]DIE%26cc[4e5a422fb0eab185fb7084453cc6ce32]Dus%26pa[4e5a422fb0eab185fb7084453cc6ce32]DWincy%26cd[4e5a422fb0eab185fb7084453cc6ce32]D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr[4e5a422fb0eab185fb7084453cc6ce32]D1716391913%26a[4e5a422fb0eab185fb7084453cc6ce32]Dwbf_pwrisofs_16_18%26os_ver[4e5a422fb0eab185fb7084453cc6ce32]D10.0%26os[4e5a422fb0eab185fb7084453cc6ce32]DWindowsB10BPro&p={searchTerms}, %4, %5 Registry Data: 1 PUP.Optional.WinYahoo, HKU\S-1-5-21-2680031848-668813617-552983548-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=fBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]D1%26bBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]DIE%26ccBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]Dus%26paBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]DWincy%26cdBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26crBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]D1716391913%26aBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]Dwbf_pwrisofs_16_18%26os_verBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]D10.0%26osBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_18&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CzzyBtB0CyEtAtD0DzztCtByBzytBtN0D0Tzu0StCyDzztAtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtA0D0F0AtDyD0BtGyCyEyD0DtGtDyDtAtBtGyD0C0EyBtG0FtB0B0EyByB0A0AtAzy0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEyE0BtAyC0DzztGtA0CtC0AtGyEtD0B0CtGzyyB0C0DtG0D0Azz0AyC0BtDyDtB0ByE0C2QtN0A0LzuyE%26cr%3D1716391913%26a%3Dwbf_pwrisofs_16_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro),,[198f0b661783023491bb8eeb768ef808]DWindowsGood: (www.google.com)B10Good: (www.google.com)BPro, %4, %5 Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

I've also been seeing this for the past 4 months but decided to consult the forums now. IDK if that poses anymore risks since I've had it for longer.

Hi, I'm very good at computers but I am bamboozled about how I got PUP.Optional.WinYahoo. Only thing I can think of is that my brother did something while I was away. I've included some FRST64.exe logs for you FRST.txt Addition.txt