Post by cnardone on Oct 15, 2016 11:12:35 GMT -8
Below is the JRT log...
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by ChrisNPC (Administrator) on Sat 10/15/2016 at 11:52:32.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/15/2016 at 11:54:47.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next is the AdW Cleaner log...
# AdwCleaner v6.021 - Logfile created 15/10/2016 at 12:08:39
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-15.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : ChrisNPC - DESKTOP-MG2GBH9
# Running from : C:\Users\ChrisNPC\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\5b4d3d95-f4ef-4efd-8c19-ffe6b2fd586c
[-] Folder deleted: C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
[-] Folder deleted: C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mallpejgeafdahhflmliiahjdpgbegpk
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\zwinky.com
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key deleted: HKU\S-1-5-21-610429884-3309474231-1676844322-1003\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\veoh.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\veoh.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
***** [ Web browsers ] *****
[-] [C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk
[-] [C:\Users\ChrisNPC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\ChrisNPC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3091 Bytes] - [15/10/2016 12:08:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [3196 Bytes] - [15/10/2016 12:05:29]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3237 Bytes] ##########
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by ChrisNPC (Administrator) on Sat 10/15/2016 at 11:52:32.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/15/2016 at 11:54:47.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next is the AdW Cleaner log...
# AdwCleaner v6.021 - Logfile created 15/10/2016 at 12:08:39
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-15.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : ChrisNPC - DESKTOP-MG2GBH9
# Running from : C:\Users\ChrisNPC\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\5b4d3d95-f4ef-4efd-8c19-ffe6b2fd586c
[-] Folder deleted: C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
[-] Folder deleted: C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mallpejgeafdahhflmliiahjdpgbegpk
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\zwinky.com
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key deleted: HKU\S-1-5-21-610429884-3309474231-1676844322-1003\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\veoh.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\veoh.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
***** [ Web browsers ] *****
[-] [C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\SandyPC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk
[-] [C:\Users\ChrisNPC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\ChrisNPC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3091 Bytes] - [15/10/2016 12:08:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [3196 Bytes] - [15/10/2016 12:05:29]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3237 Bytes] ##########