Jump to content

mizzoufan123

Members
  • Content Count

    10
  • Joined

  • Last visited

About mizzoufan123

  • Rank
    New Member
  1. Farbar Recovery Scan Tool (x86) Version: 08.02.2018 Ran by GuyDar (08-02-2018 19:10:28) Running from C:\Users\guydar.RWN\Downloads Boot Mode: Normal ================== Search Registry: "bobrowser" =========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTML.COJOT3SOLKIKCO4QAKELD67Y6M] ""="BoBrowser HTML Document" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTML.COJOT3SOLKIKCO4QAKELD67Y6M\DefaultIcon] ""="C:\Users\guydar.RWN\AppData\Local\BoBrowser\Application\bobrowser.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTML.COJOT3SOLKIKCO4QAKELD67Y6M\shell\open\command] ""=""C:\Users\guydar.RWN\AppData\Local\BoBrowser\Application\bobrowser.exe" "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications] "BoBrowser.COJOT3SOLKIKCO4QAKELD67Y6M"="Software\Clients\StartMenuInternet\BoBrowser.COJOT3SOLKIKCO4QAKELD67Y6M\Capabilities" [HKEY_USERS\S-1-5-21-3428604727-3251262561-4062948501-42340\Software\Microsoft\IntelliType Pro\AppSpecific\bobrowser.exe] [HKEY_USERS\S-1-5-21-3428604727-3251262561-4062948501-42340\Software\Microsoft\IntelliType Pro\AppSpecific\bobrowser.exe] "Path"="C:\Users\guydar.RWN\AppData\Local\BoBrowser\Application\bobrowser.exe" ====== End of Search ======
  2. Wait what do I do? When I click on the link it sends me to one of the things that I copied and pasted
  3. Fix result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018 Ran by GuyDar (30-01-2018 19:56:54) Run:2 Running from C:\Users\guydar.RWN\Downloads Loaded Profiles: GuyDar (Available Profiles: borisg & Admistrator & GuyDar) Boot Mode: Normal ============================================== fixlist content: ***************** StartRegedit: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTML.COJOT3SOLKIKCO4QAKELD67Y6M] [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications] "BoBrowser.COJOT3SOLKIKCO4QAKELD67Y6M"=- [-HKEY_USERS\S-1-5-21-3428604727-3251262561-4062948501-42340\Software\Microsoft\IntelliType Pro\AppSpecific\bobrowser.exe] [-HKEY_USERS\S-1-5-21-3428604727-3251262561-4062948501-42340\Software\Microsoft\IntelliType Pro\AppSpecific\bobrowser.exe] EndRegedit: C:\Users\guydar.RWN\AppData\Local\BoBrowser ***************** ====> Registry "C:\Users\guydar.RWN\AppData\Local\BoBrowser" => not found ==== End of Fixlog 19:56:56 ====
  4. I didn't get the disclaimer, but I just entered "bobrowser" into the search registry bar and these are the results: Farbar Recovery Scan Tool (x86) Version: 27.01.2018 Ran by GuyDar (29-01-2018 20:10:03) Running from C:\Users\guydar.RWN\Downloads Boot Mode: Normal ================== Search Registry: "bobrowser" =========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTML.COJOT3SOLKIKCO4QAKELD67Y6M] ""="BoBrowser HTML Document" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTML.COJOT3SOLKIKCO4QAKELD67Y6M\DefaultIcon] ""="C:\Users\guydar.RWN\AppData\Local\BoBrowser\Application\bobrowser.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BoBrowsHTML.COJOT3SOLKIKCO4QAKELD67Y6M\shell\open\command] ""=""C:\Users\guydar.RWN\AppData\Local\BoBrowser\Application\bobrowser.exe" "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications] "BoBrowser.COJOT3SOLKIKCO4QAKELD67Y6M"="Software\Clients\StartMenuInternet\BoBrowser.COJOT3SOLKIKCO4QAKELD67Y6M\Capabilities" [HKEY_USERS\S-1-5-21-3428604727-3251262561-4062948501-42340\Software\Microsoft\IntelliType Pro\AppSpecific\bobrowser.exe] [HKEY_USERS\S-1-5-21-3428604727-3251262561-4062948501-42340\Software\Microsoft\IntelliType Pro\AppSpecific\bobrowser.exe] "Path"="C:\Users\guydar.RWN\AppData\Local\BoBrowser\Application\bobrowser.exe" ====== End of Search ======
  5. Fix result of Farbar Recovery Scan Tool (x86) Version: 21.01.2018 Ran by GuyDar (26-01-2018 18:31:50) Run:1 Running from C:\Users\guydar.RWN\Downloads Loaded Profiles: GuyDar (Available Profiles: borisg & Admistrator & GuyDar) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-3428604727-3251262561-4062948501-42340\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ric/Pages/Default.aspx Task: {0B8B799F-9BF6-42B8-ABA0-BBD7BDC825AD} - System32\Tasks\{68C4F5EC-12BA-43C5-ACA2-41ED5D65109E} => C:\Windows\system32\pcalua.exe -a C:\Users\guydar.RWN\AppData\Local\Temp\Temp1_PortalPass4_GD250099.zip\Install_PortalPass4_GD999099.exe <==== ATTENTION Task: {5590B3D9-AAE8-4937-B440-7804D0101333} - System32\Tasks\53mgc5ta => C:\Program Files\Common Files\mwejvhlz\abdee4heo5v3b.exe <==== ATTENTION Task: {B5BF5E53-F0D5-44FA-B160-D664F938D57C} - System32\Tasks\{E058CA0E-82CC-4E00-8FDE-83AAA537A05D} => C:\Windows\system32\pcalua.exe -a C:\Users\guydar.RWN\AppData\Local\Temp\Temp2_PortalPass4_GD999099.zip\Install_PortalPass4_GD999099.exe <==== ATTENTION Task: {BBD9307B-6A00-444A-9C16-B1E266B84712} - System32\Tasks\{CDF26798-1CE9-4422-BF03-A51ACB4BCEC8} => C:\Windows\system32\pcalua.exe -a "C:\Users\guydar.RWN\Downloads\forge-1.8-11.14.1.1334-installer-win (1).exe" -d C:\Users\guydar.RWN\Downloads Task: {D24D34B3-D9E5-4837-8059-471258A3D378} - System32\Tasks\Giklebnueli => C:\ProgramData\Giklebnueli\1.0.6.1\rnaulpor.exe FirewallRules: [{9935DFB8-7646-4E62-874D-F48AB48D25A3}] => (Allow) 㩃停潲牧浡䘠汩獥扜畯摬牥牢歯牥扜畯摬牥牢歯牥攮數 FirewallRules: [{A81083FD-3D66-4C52-9DFE-03C5B6D52511}] => (Allow) 㩃停潲牧浡䘠汩獥扜畯摬牥牢歯牥牜獥扴摬牢歯牥攮數 C:\Program Files\Common Files\mwejvhlz C:\ProgramData\Giklebnueli EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-3428604727-3251262561-4062948501-42340\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B8B799F-9BF6-42B8-ABA0-BBD7BDC825AD} => could not remove. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B8B799F-9BF6-42B8-ABA0-BBD7BDC825AD}" => removed successfully. C:\Windows\System32\Tasks\{68C4F5EC-12BA-43C5-ACA2-41ED5D65109E} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{68C4F5EC-12BA-43C5-ACA2-41ED5D65109E}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5590B3D9-AAE8-4937-B440-7804D0101333}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5590B3D9-AAE8-4937-B440-7804D0101333}" => removed successfully. C:\Windows\System32\Tasks\53mgc5ta => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\53mgc5ta" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5BF5E53-F0D5-44FA-B160-D664F938D57C}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5BF5E53-F0D5-44FA-B160-D664F938D57C}" => removed successfully. C:\Windows\System32\Tasks\{E058CA0E-82CC-4E00-8FDE-83AAA537A05D} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E058CA0E-82CC-4E00-8FDE-83AAA537A05D}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBD9307B-6A00-444A-9C16-B1E266B84712}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBD9307B-6A00-444A-9C16-B1E266B84712}" => removed successfully. C:\Windows\System32\Tasks\{CDF26798-1CE9-4422-BF03-A51ACB4BCEC8} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CDF26798-1CE9-4422-BF03-A51ACB4BCEC8}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D24D34B3-D9E5-4837-8059-471258A3D378}" => removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24D34B3-D9E5-4837-8059-471258A3D378}" => removed successfully. C:\Windows\System32\Tasks\Giklebnueli => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Giklebnueli" => removed successfully. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9935DFB8-7646-4E62-874D-F48AB48D25A3}" => removed successfully. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A81083FD-3D66-4C52-9DFE-03C5B6D52511}" => removed successfully. C:\Program Files\Common Files\mwejvhlz => moved successfully "C:\ProgramData\Giklebnueli" => not found =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58541331 B Java, Flash, Steam htmlcache => 31676702 B Windows/system/drivers => 552628769 B Edge => 0 B Chrome => 444986759 B Firefox => 168943985 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 33125 B Public => 0 B ProgramData => 0 B systemprofile => 6258821 B LocalService => 48958 B NetworkService => 0 B LTDALMARKTEST => 3386 B borisg => 0 B Administrator => 113422 B admin.borisg => 123630 B guydar => 2638 B guydar.RWN => 828743416 B RecycleBin => 9178041 B EmptyTemp: => 2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:38:51 ====
  6. Yes sorry, I was busy yesterday Addition.txt FRST.txt
  7. Every time I google a photo and would like to save it. I click save picture as, and then it goes into my Pictures folder but it saves as a BoBrowser HTML. I do not know how to fix this. I have completely removed BoBrowser by using both the Malwarebytes and by using ADWCleaner. I also have uninstalled and reinstalled Google Chrome and still found no success. I have tried Internet Explorer and this problem does not transfer over to Explorer, but I would prefer to use Google Chrome. If anyone knows how to fix this please help me.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.