mr_usa666

Here are the last logs (I hope) And after 3 attempt at downloading my anime... Drum roll please... success no trace of deloton.com But I'm still keeping my fingers crossed. BTW do you know it's really hard to type with your fingers crossed. Anyway Kevin, you've been a tremendous help guiding me through this ordeal, and encouraging me to persevere to rid myself of this annoyance. Malware_Threat_Scan.txt HitmanPro_20180801_2019.log 2018.08.01-19.33.20-i0-t92-d1.txt

I'll try again since this time there's a scan using HitmanPro not previously tried. I'll get back to you with logs if applicable.

Nope! Nothing is screaming "UNINSTALL ME" ? In my younger days of computing, I've dealt with Trojan, worms, and the like without any problem but this one got me good. It's not that this PUP does anything damaging but it's just annoying having to close 2 tabs every time I need to download an anime. FYI before asking for help I did a search in the windows registry without any success.

Here you go with deloton.com this time SearchReg.txt

I'm sorry but I searched again making sure that the Asterisk was there and yet still the same. Could it be because I'm using a newer version of FRST (v. 21.7.2018), also when I load the .exe I get a msg error stating 'Failed to update', is it because I've deleted the "Addition.txt" file. If so I'll have to do a threat scan again. Here's the re-tried log of FRST Search Reg SearchReg.txt

Hi Kevin. Here's the FRST Search Log as requested SearchReg.txt

I'll give it a go one more time, but first where do you want me to do the search after running the scan: in FRST after scan or in the windows registry?

Hi kevin, Here's the logs from RogueKiller & Zemana After the Zemana scan it display "Clean" then reboot the PC, went and fetch the last log. I've tried once again to see if the 'deloton.com' was gone but no. So I'm grateful that you tried to help me but at 60 years old my patience is running thin... I'll go get my reserve of patience and reformat and start anew. Again thanks for your patience in trying to help me. Regards RogueKiller_Log.txt 2018.07.31-22.09.41-i0-t92-d0.txt

Here is the log from RogueKiller RogueKiller V12.12.29.0 (x64) [Jul 30 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.17134) 64 bits version Started in : Normal mode User : Yves Beauregard [Administrator] Started from : C:\Users\Yves Beauregard\Desktop\RogueKiller_portable64.exe Mode : Scan -- Date : 07/31/2018 14:51:57 (Duration : 00:55:20) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 12 ¤¤¤ [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-87212062-4217360125-4181678025-1001\Software\IM -> Found [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-87212062-4217360125-4181678025-1001\Software\OCS -> Found [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-87212062-4217360125-4181678025-1001\Software\IM -> Found [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-87212062-4217360125-4181678025-1001\Software\OCS -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 198.251.50.199 198.251.50.200 ([Canada][Canada]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{35d7d71d-7e12-4018-a90f-ce3ab81b7388} | DhcpNameServer : 198.251.50.199 198.251.50.200 ([Canada][Canada]) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{D50627F1-3AD4-4C3E-8617-F4B7B3071549}C:\users\yves beauregard\appdata\local\programs\lnv\stremio\stremio.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\yves beauregard\appdata\local\programs\lnv\stremio\stremio.exe|Name=stremio.exe|Desc=stremio.exe|Defer=User| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{4202B24E-4A29-4D60-9D82-6B7FD32A9B05}C:\users\yves beauregard\appdata\local\programs\lnv\stremio\stremio.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\yves beauregard\appdata\local\programs\lnv\stremio\stremio.exe|Name=stremio.exe|Desc=stremio.exe|Defer=User| [x] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5E898F3F-C1DB-48EB-A54F-95934BDFB1A6}C:\users\yves beauregard\appdata\local\jdownloader v2.0\jdownloader2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\yves beauregard\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User| [7] -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9507C17F-B90D-4554-A71F-1F927EFE1640}C:\users\yves beauregard\appdata\local\jdownloader v2.0\jdownloader2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\yves beauregard\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User| [7] -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-87212062-4217360125-4181678025-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-87212062-4217360125-4181678025-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 6 ¤¤¤ [PUP.HackTool][Folder] C:\Windows\AutoKMS -> Found [PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Found [PUP.uTorrentAds][File] C:\Users\Yves Beauregard\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found [PUP.uTorrentAds][File] C:\Users\Yves Beauregard\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found [PUP.uTorrentAds][File] C:\Users\Yves Beauregard\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found [PUP.HackTool][Folder] C:\Program Files\KMSpico -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][Firefox:Config] 3qh0ctl2.default-1508363702733 : user_pref("browser.startup.homepage", "https://mail.google.com/mail/u/0/h/16nw2t5d0xn8p/?tab=wm&zy=g&f=1"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AVDS-63U7B1 ATA Device +++++ --- User --- [MBR] 5aa5f938b0d391d40ccb9c3886cec77e [BSP] 746341fceaff571cd17b2add6958f000 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 101900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209717248 | Size: 374538 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: HP ENVY 5530 series USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) and just in case it's written in Chinese I haven't use the "Remove Selected", waiting for further instruction. thanks RogueKiller_Scanlog.txt

So result of Firefox in safe mode the "deloton.com" still load in the background. And as for MS Edge I got attacked with a ransomware, which I had to kill the MS Edge process to close it.

Ok I'm back! With the help of the Microsoft Community, my "System Restore" is enable and working. Didn't know that "System Protection" was the new name for the "System Restore" So 1st step is done. Next as requested ... The FRST log, Malwarebytes log, Zemana log, and then the Sophos log. I've done the steps according to your first reply, and after all the scans & reboots. I went back to my favorite site where I noticed for the first time my "deloton.com" problem; (http://kissanime.ru/), and try downloading an anime again (Rapid Video) and the problem is still present, tried downloading something else from another site and still the same. The way I see it, I might have to reformat in order to get rid of this. Thanks kevin for your help and get back to me if you have question and/or you find something that may help. Fixlog.txt ThreatScan.txt 2018.07.31-01.07.57-i0-t92-d2.txt SophosVirusRemovalTool.log

Thanks for the reply kevin but I'll to get back to you on the whole process 'cause I'm stuck with not being able to enable/re-enable system restore. I'm waiting for someone in the Microsoft Community to help me. P.S.: I've tried the different method suggested on the linked site but to no avail. All 3 items mentionned for the services.msc are now running & automatic. Thanks for your patience.

I would like to get help with removing this threat (deloton.com). I've follow the step to get the report files. In the hope I'll be able to get rid of it. Thanks for the chance to get help AdwCleaner[C00].txt FRST.txt Threat Scan.txt Addition.txt