Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tfc.hunterghui.com virus


  • Please log in to reply
10 replies to this topic

#1 revclyburn

revclyburn

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 06 January 2016 - 06:28 PM

Hello, I had the above virus, but followed some instruction that was previously posted. concerning it. I ran Adwcleaner, junkware removal tool and emsisoft emergency kit, here's the results. I see some things need to be remove, can you check mines and tell me what? I also uninstalled Chrome and Firefox browsers as they were infected. Is there something else I need to do? Here's the results

 

thanks

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by kimmyrick (Administrator) on Tue 01/05/2016 at 22:00:47.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

File System: 11
 
Successfully deleted: C:\ProgramData\Start Menu\Programs\knctr (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\pluto tv (Folder)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage (File)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage (File)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\nico mak computing (Folder)
Successfully deleted: C:\Users\kimmyrick\AppData\Roaming\itibiti (Folder)
Successfully deleted: C:\Users\Public\Desktop\plutotv.lnk (Shortcut)
Successfully deleted: C:\Program Files (x86)\Common Files\475a9272-9606-46f5-b309-fdfc084777bf (Folder)
Successfully deleted: C:\Program Files (x86)\Common Files\95395ee5-1fb2-4248-a868-00d01e16d050 (Folder)
 
Deleted the following from C:\Users\kimmyrick\AppData\Roaming\Mozilla\Firefox\Profiles\z01k2nrd.default\prefs.js
user_pref(extensions.SearchQuickKnow.cg, ccab8b88-3fb4-4761-b51a-f1c68c6cafea);
 
 
 
Registry: 1
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E136DE0EAF8C7F0B6FAF56AA05C00D97 (Registry Value)
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/05/2016 at 22:32:03.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by kimmyrick (Administrator) on Tue 01/05/2016 at 22:00:47.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

File System: 11
 
Successfully deleted: C:\ProgramData\Start Menu\Programs\knctr (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\pluto tv (Folder)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage (File)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage (File)
Successfully deleted: C:\Users\kimmyrick\AppData\Local\nico mak computing (Folder)
Successfully deleted: C:\Users\kimmyrick\AppData\Roaming\itibiti (Folder)
Successfully deleted: C:\Users\Public\Desktop\plutotv.lnk (Shortcut)
Successfully deleted: C:\Program Files (x86)\Common Files\475a9272-9606-46f5-b309-fdfc084777bf (Folder)
Successfully deleted: C:\Program Files (x86)\Common Files\95395ee5-1fb2-4248-a868-00d01e16d050 (Folder)
 
Deleted the following from C:\Users\kimmyrick\AppData\Roaming\Mozilla\Firefox\Profiles\z01k2nrd.default\prefs.js
user_pref(extensions.SearchQuickKnow.cg, ccab8b88-3fb4-4761-b51a-f1c68c6cafea);
 
 
 
Registry: 1
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E136DE0EAF8C7F0B6FAF56AA05C00D97 (Registry Value)
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/05/2016 at 22:32:03.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v5.028 - Logfile created 05/01/2016 at 21:43:42
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : kimmyrick - LAPTOP-SGPUI14T
# Running from : C:\Users\kimmyrick\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 
[-] Service Deleted : Service Mgr RoyalRaid
[-] Service Deleted : Service Mgr SearchQuickKnow
[-] Service Deleted : Update Mgr SearchQuickKnow
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Lightspark 0.5.3-git
[-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder Deleted : C:\Program Files (x86)\OneSystemCare
[-] Folder Deleted : C:\Program Files (x86)\Royal Raid
[-] Folder Deleted : C:\Program Files (x86)\Search Quick Know
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder Deleted : C:\Users\kimmyrick\AppData\Roaming\One System Care
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
[-] File Deleted : C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
[-] File Deleted : C:\Users\kimmyrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
[-] File Deleted : C:\Users\kimmyrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook.lnk
[-] File Deleted : C:\Users\kimmyrick\AppData\Roaming\Mozilla\Firefox\Profiles\z01k2nrd.default\user.js
[-] File Deleted : C:\Users\kimmyrick\AppData\Roaming\Mozilla\Firefox\Profiles\z01k2nrd.default\searchplugins\search-provided-by-yahoo.xml
[-] File Deleted : C:\Users\kimmyrick\AppData\Roaming\Mozilla\Firefox\Profiles\z01k2nrd.default\searchplugins\default.xml
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Public\Desktop\Knctr.lnk
[-] File Deleted : C:\Users\Public\Desktop\Launch One System Care.lnk
 
***** [ DLLs ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 
[-] Task Deleted : One System Care Monitor
[-] Task Deleted : One System Care Task
 
***** [ Registry ] *****
 
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{730BC77F-4B48-4F48-9236-5CF092043D53}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{730bc77f-4b48-4f48-9236-5cf092043d53}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{73e63875-3642-489c-b934-1c996afd502f}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{083DA3DE-A0D0-4793-A5A9-1940700C785D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5EA72D1-E5A4-4611-8665-5DC10A287A5F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{730BC77F-4B48-4F48-9236-5CF092043D53}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{730bc77f-4b48-4f48-9236-5cf092043d53}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{730BC77F-4B48-4F48-9236-5CF092043D53}
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{730bc77f-4b48-4f48-9236-5cf092043d53}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{730BC77F-4B48-4F48-9236-5CF092043D53}
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{730bc77f-4b48-4f48-9236-5cf092043d53}
[-] Key Deleted : HKCU\Software\One System Care
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SoftSuma
[-] Key Deleted : HKCU\Software\Wincy
[-] Key Deleted : HKLM\SOFTWARE\Lightspark Team
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Royal Raid
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{275E5ED5-91E6-411F-8C41-7C8F643F90E8}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\kimmyrick\AppData\Roaming\Mozilla\Firefox\Profiles\z01k2nrd.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFZAIVsAAwFJDAZFIg0VVQ5HEBhBdQhZTF9AQgMbIw9bAF8UQBNBNARaB0tXUUEeGGlxR1dMclBCMlpQMEwYQl5oLlZP");
[-] [C:\Users\kimmyrick\AppData\Roaming\Mozilla\Firefox\Profiles\z01k2nrd.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAI1haWVtJGRgQJlsMTA1GFwQOIgwJABQXEFYVeFoOAlgXRFQFIk0FA18DB0VXfWFoKB8fHGZGIUtbCWgESFZIC1dXFg==");
[-] [C:\Users\kimmyrick\AppData\Roaming\Mozilla\Firefox\Profiles\z01k2nrd.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVpbAFtJQw0bbQpeAw1cFQIVcRRaVAgQDFMSIw8AAg8SQFNGIR9aFQQTR0cFME0FB18EURNNfWpdAEsSSWRWKVpTKlceVg==&q={searchTerms}");
[-] [C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumalq_15_53&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyDtB0C0BzyyCyD0DyByDtCzz0AzytN0D0Tzu0StCyEyCtDtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDtD0EtDzzzztA0AtGyE0Dzy0BtG0AtDtA0AtGyEtAtBtBtG0A0C0CtDtC0E0Czz0EtA0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FtAyCtC0CyBtGyCzzyBtAtGyEzz0CtAtGzy0CtCyCtGtBtByEyC0DtA0D0B0E0ByEtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D1882007871%26a%3Dwbf_sumalq_15_53%26os%3DWindows%2B10%2BHome
[-] [C:\Users\kimmyrick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAI1haWVtJGRgQJlsMTA1GFwQOIgwJABQXEFYVeFoOAlgXRFQFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEgVFxAK3JWDk4=
[-] [C:\Users\kimmyrick\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumalq_15_53&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAtDyDtB0C0BzyyCyD0DyByDtCzz0AzytN0D0Tzu0StCyEyCtDtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDtD0EtDzzzztA0AtGyE0Dzy0BtG0AtDtA0AtGyEtAtBtBtG0A0C0CtDtC0E0Czz0EtA0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FtAyCtC0CyBtGyCzzyBtAtGyEzz0CtAtGzy0CtCyCtGtBtByEyC0DtA0D0B0E0ByEtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D1882007871%26a%3Dwbf_sumalq_15_53%26os%3DWindows%2B10%2BHome&uref=chmm
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10354 bytes] ##########
I think that's all, let me know if I need to post more
 
Revclyburn - edwin
 
 



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:46 PM

Posted 06 January 2016 - 06:35 PM

Hello,

 

do you still have problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 06 January 2016 - 06:55 PM

not sure, checking it out now. Malwarebytes says there are still some issues, like tcf.huntergui.com on the system

 



#4 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 06 January 2016 - 07:06 PM

tried to use chrome again, saw that royal raid extension was disable, isn't that adware, a virus? There was another one, search quick now that was also disabled



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:46 PM

Posted 06 January 2016 - 07:35 PM

Run MBAM 2.0 again:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

-----


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 06 January 2016 - 08:39 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/6/2016
Scan Time: 7:51 PM
Logfile: scan0106.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.06.06
Rootkit Database: v2016.01.05.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: kimmyrick
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332305
Time Elapsed: 29 min, 37 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 13
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{20577ecb-a5c6-46fb-9c1c-53474798f5ee}, , [125c95a115845cda16bd281f41c19769], 
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, , [125c95a115845cda16bd281f41c19769], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{20577ECB-A5C6-46FB-9C1C-53474798F5EE}, , [125c95a115845cda16bd281f41c19769], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{20577ECB-A5C6-46FB-9C1C-53474798F5EE}, , [125c95a115845cda16bd281f41c19769], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{2869831e-57d4-41fe-8330-aad9ad2c6554}, , [c9a5be78c4d5fd397c251c5fcf3312ee], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{2869831E-57D4-41FE-8330-AAD9AD2C6554}, , [c9a5be78c4d5fd397c251c5fcf3312ee], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{2869831E-57D4-41FE-8330-AAD9AD2C6554}, , [c9a5be78c4d5fd397c251c5fcf3312ee], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{9317b373-f854-47a9-b384-bf199504f5e9}, , [303e1b1b0b8e2f079a064c2fb949a957], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9317B373-F854-47A9-B384-BF199504F5E9}, , [303e1b1b0b8e2f079a064c2fb949a957], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{9317B373-F854-47A9-B384-BF199504F5E9}, , [303e1b1b0b8e2f079a064c2fb949a957], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{ea00416e-38d2-43dd-8736-5ddb856858f7}, , [e589d6603267979f0aca90b720e27e82], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EA00416E-38D2-43DD-8736-5DDB856858F7}, , [e589d6603267979f0aca90b720e27e82], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EA00416E-38D2-43DD-8736-5DDB856858F7}, , [e589d6603267979f0aca90b720e27e82], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Yontoo, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, , [125c95a115845cda16bd281f41c19769], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 06 January 2016 - 08:50 PM

sorry, was this what you wanted:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/6/2016
Scan Time: 7:51 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.06.06
Rootkit Database: v2016.01.05.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: kimmyrick
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332305
Time Elapsed: 29 min, 37 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 13
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{20577ecb-a5c6-46fb-9c1c-53474798f5ee}, Quarantined, [125c95a115845cda16bd281f41c19769], 
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [125c95a115845cda16bd281f41c19769], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{20577ECB-A5C6-46FB-9C1C-53474798F5EE}, Quarantined, [125c95a115845cda16bd281f41c19769], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{20577ECB-A5C6-46FB-9C1C-53474798F5EE}, Quarantined, [125c95a115845cda16bd281f41c19769], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{2869831e-57d4-41fe-8330-aad9ad2c6554}, Quarantined, [c9a5be78c4d5fd397c251c5fcf3312ee], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{2869831E-57D4-41FE-8330-AAD9AD2C6554}, Quarantined, [c9a5be78c4d5fd397c251c5fcf3312ee], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{2869831E-57D4-41FE-8330-AAD9AD2C6554}, Quarantined, [c9a5be78c4d5fd397c251c5fcf3312ee], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{9317b373-f854-47a9-b384-bf199504f5e9}, Quarantined, [303e1b1b0b8e2f079a064c2fb949a957], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9317B373-F854-47A9-B384-BF199504F5E9}, Quarantined, [303e1b1b0b8e2f079a064c2fb949a957], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{9317B373-F854-47A9-B384-BF199504F5E9}, Quarantined, [303e1b1b0b8e2f079a064c2fb949a957], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{ea00416e-38d2-43dd-8736-5ddb856858f7}, Quarantined, [e589d6603267979f0aca90b720e27e82], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EA00416E-38D2-43DD-8736-5DDB856858F7}, Quarantined, [e589d6603267979f0aca90b720e27e82], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EA00416E-38D2-43DD-8736-5DDB856858F7}, Quarantined, [e589d6603267979f0aca90b720e27e82], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Yontoo, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Quarantined, [125c95a115845cda16bd281f41c19769], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:46 PM

Posted 07 January 2016 - 04:54 AM

Ok, do you still have problems? 

 

Yes, these extensions are undesirable.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 07 January 2016 - 05:41 PM

they're on a different computer so let me see, and thank you so much for your help and other than speed, I don't think there's anything else



#10 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 07 January 2016 - 05:55 PM

I don't see anything, do you? Is there anything else that might present a problem?



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:46 PM

Posted 07 January 2016 - 06:03 PM

I don't think so.

You should be clean. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users