Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ads being displayed on click in many pages
Message
<blockquote data-quote="Kaamil Jasani" data-source="post: 484236" data-attributes="member: 50048"><p>Here are the contents of the generated Scan log.</p><p></p><p>Malwarebytes Anti-Malware</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Scan Date: 22/02/2016</p><p>Scan Time: 22:24</p><p>Logfile: MBAM log.txt</p><p>Administrator: Yes</p><p></p><p>Version: 2.2.0.1024</p><p>Malware Database: v2016.02.22.06</p><p>Rootkit Database: v2016.02.17.01</p><p>License: Trial</p><p>Malware Protection: Enabled</p><p>Malicious Website Protection: Enabled</p><p>Self-protection: Disabled</p><p></p><p>OS: Windows 10</p><p>CPU: x64</p><p>File System: NTFS</p><p>User: ExtraCrafTX</p><p></p><p>Scan Type: Threat Scan</p><p>Result: Completed</p><p>Objects Scanned: 478962</p><p>Time Elapsed: 11 min, 22 sec</p><p></p><p>Memory: Enabled</p><p>Startup: Enabled</p><p>Filesystem: Enabled</p><p>Archives: Enabled</p><p>Rootkits: Enabled</p><p>Heuristics: Enabled</p><p>PUP: Enabled</p><p>PUM: Enabled</p><p></p><p>Processes: 0</p><p>(No malicious items detected)</p><p></p><p>Modules: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys: 7</p><p>PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\Crossbrowse, Quarantined, [dae4d291a6f3b4822df14fd4c34131cf], </p><p>PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\CRSBRWSHTML, Quarantined, [f5c9184badecb581127441a2b94af30d], </p><p>PUP.Optional.SteamClient, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SteamClient, Delete-on-Reboot, [635be97aa0f971c50bb99668d13111ef], </p><p>PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\DiscoverTreasure, Quarantined, [fdc173f0099001352197c73b31d203fd], </p><p>PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Crossbrowse, Quarantined, [605e77ec4d4c9a9c6faf58cb6b99bb45], </p><p>PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CRSBRWSHTML, Quarantined, [0ab4c99ae2b7c96dc6c0b13209fa60a0], </p><p>PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Quarantined, [89352e35cdccbe7834baf806b44e5ca4], </p><p></p><p>Registry Values: 8</p><p>PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [09b521423861d363f8cf3e0c907410f0], </p><p>PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [46782e35b3e691a5f6d184c62dd7fb05], </p><p>PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [d0ee92d18e0bb680586fda7074908d73], </p><p>PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, <a href="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}" target="_blank">http://feed.sonic-search.com/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}</a>, Quarantined, [5a6443209cfd8babad2e06cc897acd33]</p><p>PUP.Optional.CrossBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{05BAAF50-A651-4CBE-A1F4-584D3E239379}, v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe|Name=Crossbrowse (mDNS-In)|Desc=Inbound rule for Crossbrowse to allow mDNS traffic.|EmbedCtxt=Crossbrowse|, Quarantined, [c4fa9ec5afeae353bb012243a75d02fe]</p><p>PUP.Optional.Linkury, HKU\S-1-5-21-2112364776-498287602-97896369-1001\ENVIRONMENT|SNF, C:\ProgramData\Spanpluss\snp.sc, Quarantined, [9628c89b8e0b58de3e26a2549a69926e]</p><p>PUP.Optional.Linkury, HKU\S-1-5-21-2112364776-498287602-97896369-1001\ENVIRONMENT|SNP, <a href="http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=GB&userid=a12b7285-df59-b3bf-c961-41d3ba9da009&searchtype=sc&installDate=17/10/2015&barcodeid=50027003&channelid=3" target="_blank">http://feed.snapdo.com?publisher=APSnapdoAMRev&co=GB&userid=a12b7285-df59-b3bf-c961-41d3ba9da009&searchtype=sc&installDate=17/10/2015&barcodeid=50027003&channelid=3</a>, Quarantined, [f1cd1e45a4f5cd69e382fbfb0bf82dd3]</p><p>PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2112364776-498287602-97896369-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, <a href="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}" target="_blank">http://feed.sonic-search.com/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}</a>, Quarantined, [833be182cecb38fedff9805221e2c33d]</p><p></p><p>Registry Data: 4</p><p>PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[8638550e415894a2af29ae42d82ce917]</p><p>PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2112364776-498287602-97896369-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, <a href="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}" target="_blank">http://feed.sonic-search.com/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}</a>, Good: (<a href="http://www.google.com" target="_blank">www.google.com</a>), Bad: (<a href="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced" target="_blank">http://feed.sonic-search.com/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced</a>,[b20c70f32a6fdd59f7dbfcf48d7731cf]</p><p>PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2112364776-498287602-97896369-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, <a href="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}" target="_blank">http://feed.sonic-search.com/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}</a>, Good: (<a href="http://www.google.com" target="_blank">www.google.com</a>), Bad: (<a href="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced" target="_blank">http://feed.sonic-search.com/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced</a>,[0cb2273cd8c1da5cb41e6987c63e25db]</p><p>PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2112364776-498287602-97896369-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, <a href="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}" target="_blank">http://feed.sonic-search.com/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}</a>, Good: (<a href="http://www.google.com" target="_blank">www.google.com</a>), Bad: (<a href="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced" target="_blank">http://feed.sonic-search.com/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced</a>,[4975a8bb5a3f7cbae8ecbd33ce36827e]</p><p></p><p>Folders: 0</p><p>(No malicious items detected)</p><p></p><p>Files: 7</p><p>PUP.Optional.SnapDo, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.snapdo.com_0.localstorage, Quarantined, [942aacb7abee4aec701218e4aa58768a], </p><p>PUP.Optional.SteamClient, C:\Windows\System32\Tasks\SteamClient, Quarantined, [2995164d24752b0b655db04e9171c63a], </p><p>PUP.Optional.Yontoo, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage, Quarantined, [4c722a39900953e3db98bb444db53ec2], </p><p>PUP.Optional.SafeFinder, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage, Quarantined, [b40a0c57e4b52412cae932ce6e95758b], </p><p>PUP.Optional.Yontoo, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_discovertreasure-a.akamaihd.net_0.localstorage, Quarantined, [d6e8c99a78212a0c5b5bf210946ffd03], </p><p>PUP.Optional.SideCubes, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.sidecubes.com_0.localstorage, Quarantined, [cbf36ff436630a2c0f77ad5dea1aa15f], </p><p>PUP.Optional.PriceMoon, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage, Quarantined, [dee090d341583ef8a5ccd28a9e667f81], </p><p></p><p>Physical Sectors: 0</p><p>(No malicious items detected)</p><p></p><p></p><p>(end)</p></blockquote><p></p>
[QUOTE="Kaamil Jasani, post: 484236, member: 50048"] Here are the contents of the generated Scan log. Malwarebytes Anti-Malware [URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL] Scan Date: 22/02/2016 Scan Time: 22:24 Logfile: MBAM log.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.22.06 Rootkit Database: v2016.02.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: ExtraCrafTX Scan Type: Threat Scan Result: Completed Objects Scanned: 478962 Time Elapsed: 11 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 7 PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\Crossbrowse, Quarantined, [dae4d291a6f3b4822df14fd4c34131cf], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\CRSBRWSHTML, Quarantined, [f5c9184badecb581127441a2b94af30d], PUP.Optional.SteamClient, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SteamClient, Delete-on-Reboot, [635be97aa0f971c50bb99668d13111ef], PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\DiscoverTreasure, Quarantined, [fdc173f0099001352197c73b31d203fd], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Crossbrowse, Quarantined, [605e77ec4d4c9a9c6faf58cb6b99bb45], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CRSBRWSHTML, Quarantined, [0ab4c99ae2b7c96dc6c0b13209fa60a0], PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Quarantined, [89352e35cdccbe7834baf806b44e5ca4], Registry Values: 8 PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [09b521423861d363f8cf3e0c907410f0], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [46782e35b3e691a5f6d184c62dd7fb05], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [d0ee92d18e0bb680586fda7074908d73], PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, [URL]http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}[/URL], Quarantined, [5a6443209cfd8babad2e06cc897acd33] PUP.Optional.CrossBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{05BAAF50-A651-4CBE-A1F4-584D3E239379}, v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe|Name=Crossbrowse (mDNS-In)|Desc=Inbound rule for Crossbrowse to allow mDNS traffic.|EmbedCtxt=Crossbrowse|, Quarantined, [c4fa9ec5afeae353bb012243a75d02fe] PUP.Optional.Linkury, HKU\S-1-5-21-2112364776-498287602-97896369-1001\ENVIRONMENT|SNF, C:\ProgramData\Spanpluss\snp.sc, Quarantined, [9628c89b8e0b58de3e26a2549a69926e] PUP.Optional.Linkury, HKU\S-1-5-21-2112364776-498287602-97896369-1001\ENVIRONMENT|SNP, [URL]http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=GB&userid=a12b7285-df59-b3bf-c961-41d3ba9da009&searchtype=sc&installDate=17/10/2015&barcodeid=50027003&channelid=3[/URL], Quarantined, [f1cd1e45a4f5cd69e382fbfb0bf82dd3] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2112364776-498287602-97896369-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, [URL]http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}[/URL], Quarantined, [833be182cecb38fedff9805221e2c33d] Registry Data: 4 PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[8638550e415894a2af29ae42d82ce917] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2112364776-498287602-97896369-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, [URL]http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}[/URL], Good: ([URL="http://www.google.com"]www.google.com[/URL]), Bad: ([URL]http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced[/URL],[b20c70f32a6fdd59f7dbfcf48d7731cf] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2112364776-498287602-97896369-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, [URL]http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}[/URL], Good: ([URL="http://www.google.com"]www.google.com[/URL]), Bad: ([URL]http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced[/URL],[0cb2273cd8c1da5cb41e6987c63e25db] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2112364776-498287602-97896369-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, [URL]http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}[/URL], Good: ([URL="http://www.google.com"]www.google.com[/URL]), Bad: ([URL]http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrPzQENNZPocWT1W9vok3Z2cXbPZwoQ3cMZKZFNjiPUuYMbs38dk0THgDsnYYx7H7QjeuIwAaMfsJ4Wg2iwqKjIwwlaVHCasm6h-mA_p-CEJ1ZQcKjMPKwx3TXIq3mLWurfFdVyAIlRxXCltC-SsVFqOFkQ,,&q={searchTerms}),Replaced[/URL],[4975a8bb5a3f7cbae8ecbd33ce36827e] Folders: 0 (No malicious items detected) Files: 7 PUP.Optional.SnapDo, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.snapdo.com_0.localstorage, Quarantined, [942aacb7abee4aec701218e4aa58768a], PUP.Optional.SteamClient, C:\Windows\System32\Tasks\SteamClient, Quarantined, [2995164d24752b0b655db04e9171c63a], PUP.Optional.Yontoo, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage, Quarantined, [4c722a39900953e3db98bb444db53ec2], PUP.Optional.SafeFinder, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage, Quarantined, [b40a0c57e4b52412cae932ce6e95758b], PUP.Optional.Yontoo, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_discovertreasure-a.akamaihd.net_0.localstorage, Quarantined, [d6e8c99a78212a0c5b5bf210946ffd03], PUP.Optional.SideCubes, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.sidecubes.com_0.localstorage, Quarantined, [cbf36ff436630a2c0f77ad5dea1aa15f], PUP.Optional.PriceMoon, C:\Users\ExtraCrafTX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage, Quarantined, [dee090d341583ef8a5ccd28a9e667f81], Physical Sectors: 0 (No malicious items detected) (end) [/QUOTE]
Insert quotes…
Verification
Post reply
Top