Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Infection in my daughter's computer

This is a discussion on Infection in my daughter's computer within the Resolved HJT Threads forums, part of the Tech Support Forum category. Happy Friday everyone! My daughter has been having unprotected surf. Her father gave her this computer without adequate protection because


 
 
Thread Tools Search this Thread
Old 06-30-2017, 05:46 PM   #1
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Happy Friday everyone!

My daughter has been having unprotected surf. Her father gave her this computer without adequate protection because he doesn't believe in computer security! I installed and ran malwarebytes and ran the eset online scanner multiple times. They each found content the first time and quarantined. Windows Updates are failing to complete and the machine is glitchy to the point of aggravation. I posted earlier this evening but it has not shown up so I apologize if this is a double posting.

Please let me know what more I need to supply and thank you in advance for your assistance.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.131.2
Run by eliza at 17:40:38 on 2017-06-30
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.4000.1048 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Users\eliza\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowersoftAndroidDaemon.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SysWOW64\RunDll32.exe
C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\wbem\WmiApSrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\SysWOW64\netstat.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=7051_33220005005_4.30.418452.227_u_hp
uLocal Page = %11%\blank.htm
mStart Page = Google
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\eliza\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [ApowerMirror] C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe /autoStart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{27a08386-2875-4f31-9db4-a2309f7b6b48} : DHCPNameServer = 172.51.1.171
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde} : DHCPNameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\14454554D45376842614 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\2375942554333363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\3457C667562737 : DHCPNameServer = 216.185.192.38 216.185.192.43
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\7416C6168797F535F5949494F513739323 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}\75F4751273736303 : DHCPNameServer = 64.233.207.8 64.233.207.9
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = Google
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [WavesSvc] "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
Hosts: 0.0.0.0 media.opencandy.com
Hosts: 0.0.0.0 cdn.opencandy.com
Hosts: 0.0.0.0 tracking.opencandy.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\eliza\AppData\Roaming\Mozilla\Firefox\Profiles\td454u8p.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: keyword.URL - true
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\eliza\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\NPRobloxProxy.dll
FF - plugin: C:\Users\eliza\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\NPRobloxProxy64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-9-9 1455552]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-12-23 48992]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-10-8 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-12-23 227328]
R1 CFRMD;CFRMD;C:\WINDOWS\System32\drivers\CFRMD.sys [2014-12-25 40224]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2015-9-9 91912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 MpKsl2ad48e8a;MpKsl2ad48e8a;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF81EFCD-5A0E-47FD-8ED0-734BE50003E9}\MpKsl2ad48e8a.sys [2017-6-30 44928]
R1 MpKsl87773a32;MpKsl87773a32;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53DCD2C3-C45A-442D-89E8-78CD0D076671}\MpKsl87773a32.sys [2017-6-29 44928]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-9-9 2286872]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_7c648;CDPUserSvc_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2016-12-21 130936]
R2 Dell Foundation Services;Dell Foundation Services;C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2017-1-11 97616]
R2 Dell Help & Support;Dell Help & Support;C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [2016-12-22 77648]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-9-11 2574168]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-9-11 201560]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2015-6-23 238320]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-6-7 382456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 OneSyncSvc_7c648;Sync Host_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 Product Registration;Product Registration;C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [2017-4-6 47144]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-9-19 298200]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-9-30 21160]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-2-16 263264]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-8 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-9-9 199472]
R3 BCMWL63A;Broadcom 802.11 Network Adapter Driver;C:\WINDOWS\System32\drivers\bcmwl63a.sys [2015-9-9 11767552]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-5-12 249856]
R3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-9-9 223040]
R3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\System32\drivers\btwl2cap.sys [2015-9-9 48984]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2015-9-11 32464]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2015-9-11 24240]
R3 DellRbtn;Airplane Mode Switch;C:\WINDOWS\System32\drivers\DellRbtn.sys [2015-9-9 19440]
R3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
R3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_7c648;Contact Data_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-3-20 896744]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 SynRMIHID;Synaptics HID Service;C:\WINDOWS\System32\drivers\SynRMIHID.sys [2015-9-9 66136]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_7c648;User Data Storage_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_7c648;User Data Access_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-17 719872]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-12 347320]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-5-31 4470736]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-12-23 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-2-14 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-12-23 64352]
S3 MessagingService_7c648;MessagingService_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-9-9 402136]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-5-12 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-17 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-2-14 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-8 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_7c648;Windows Push Notifications User Service_7c648;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-17 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-10-8 43520]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-06-30 22:13:03 -------- d-----w- C:\628b0750988f5b8a999fae
2017-06-30 21:57:32 44928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF81EFCD-5A0E-47FD-8ED0-734BE50003E9}\MpKsl2ad48e8a.sys
2017-06-30 21:48:35 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF81EFCD-5A0E-47FD-8ED0-734BE50003E9}\mpengine.dll
2017-06-30 04:05:11 44928 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53DCD2C3-C45A-442D-89E8-78CD0D076671}\MpKsl87773a32.sys
2017-06-30 03:53:45 13120896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-06-30 00:36:37 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23502A09-A03C-4347-81D5-3DF9C59EE1B4}\gapaengine.dll
2017-06-04 22:00:13 -------- d-----w- C:\Users\eliza\AppData\Local\ESET
2017-06-04 15:11:14 -------- d-----w- C:\ProgramData\ece49eea-ff7b-48e1-808a-1dd641e64837
2017-06-01 04:40:09 188312 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-06-01 04:39:54 93600 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-06-01 04:39:54 113592 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-06-01 04:39:48 44960 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-06-01 04:39:44 252832 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-06-01 04:39:36 77376 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-06-01 04:39:24 -------- d-----w- C:\ProgramData\Malwarebytes
2017-06-01 04:39:24 -------- d-----w- C:\Program Files\Malwarebytes
2017-06-01 04:15:16 -------- d-----w- C:\WINDOWS\Microsoft Antimalware
2017-06-01 00:09:34 -------- d-s---w- C:\WINDOWS\SysWow64\Microsoft
2017-05-31 22:45:31 -------- d--h--w- C:\BOXRoot
.
==================== Find3M ====================
.
2017-06-30 21:46:15 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-01 00:55:20 565416 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-05-31 22:24:56 9133056 ----a-w- C:\WINDOWS\SysWow64\ccav_installer.exe
2017-05-27 05:04:31 110144 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-64.dll
2017-05-27 05:04:31 110144 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2017-05-27 05:03:40 97856 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2017-05-09 22:19:56 73728 ----a-w- C:\WINDOWS\System32\WSManMigrationPlugin.dll
2017-04-29 00:59:38 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-04-29 00:59:37 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-28 01:28:15 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2017-04-28 01:01:16 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-04-28 00:59:55 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-04-28 00:58:48 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-04-28 00:57:25 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-04-28 00:57:07 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2017-04-28 00:56:56 2048488 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-04-28 00:56:07 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2017-04-28 00:55:36 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys
2017-04-28 00:53:45 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-04-28 00:53:16 7784288 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-04-28 00:53:03 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-04-28 00:52:51 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-04-28 00:49:56 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-04-28 00:49:33 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-04-28 00:48:25 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-04-28 00:47:56 699744 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2017-04-28 00:47:53 501088 ----a-w- C:\WINDOWS\System32\spwizeng.dll
2017-04-28 00:46:14 410464 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2017-04-28 00:46:09 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-04-28 00:46:06 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-04-28 00:46:03 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-04-28 00:45:54 781144 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-04-28 00:45:44 493920 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2017-04-28 00:45:44 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-04-28 00:45:33 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-04-28 00:45:29 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-04-28 00:44:26 62816 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2017-04-28 00:43:59 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-04-28 00:43:48 1557224 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2017-04-28 00:43:10 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-04-28 00:43:09 2168288 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2017-04-28 00:42:58 601952 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2017-04-28 00:42:53 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-04-28 00:42:44 526176 ----a-w- C:\WINDOWS\System32\wimserv.exe
2017-04-28 00:41:08 361104 ----a-w- C:\WINDOWS\SysWow64\tsmf.dll
2017-04-28 00:39:48 962760 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-04-28 00:39:37 715104 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2017-04-28 00:39:22 4312248 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2017-04-28 00:39:15 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-04-28 00:38:51 557408 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2017-04-28 00:38:51 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-04-28 00:38:44 1852200 ----a-w- C:\WINDOWS\System32\crypt32.dll
2017-04-28 00:38:28 431968 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2017-04-28 00:38:20 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-04-28 00:38:12 2915704 ----a-w- C:\WINDOWS\System32\combase.dll
2017-04-28 00:38:08 847200 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2017-04-28 00:36:34 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-04-28 00:36:29 408600 ----a-w- C:\WINDOWS\System32\tsmf.dll
2017-04-28 00:35:22 1414208 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-04-28 00:35:20 276832 ----a-w- C:\WINDOWS\SysWow64\input.dll
2017-04-28 00:35:14 8170600 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-04-28 00:35:06 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-04-28 00:35:06 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-04-28 00:35:05 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-04-28 00:35:03 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-04-28 00:35:01 596040 ----a-w- C:\WINDOWS\System32\mf.dll
2017-04-28 00:34:58 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-04-28 00:34:57 443232 ----a-w- C:\WINDOWS\System32\MMDevAPI.dll
2017-04-28 00:34:56 244824 ----a-w- C:\WINDOWS\System32\mfps.dll
2017-04-28 00:34:45 1277824 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-04-28 00:34:25 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-04-28 00:34:21 4674360 ----a-w- C:\WINDOWS\explorer.exe
2017-04-28 00:34:09 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-04-28 00:30:17 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-04-28 00:30:11 322912 ----a-w- C:\WINDOWS\System32\input.dll
2017-04-28 00:29:28 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-04-28 00:28:48 387864 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-04-28 00:28:41 453536 ----a-w- C:\WINDOWS\System32\services.exe
2017-04-28 00:28:39 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2017-04-28 00:23:19 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-04-28 00:23:10 1631232 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-04-28 00:22:46 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-04-28 00:22:16 165376 ----a-w- C:\WINDOWS\SysWow64\ReInfo.dll
2017-04-28 00:21:41 27648 ----a-w- C:\WINDOWS\SysWow64\BthTelemetry.dll
2017-04-28 00:21:26 73728 ----a-w- C:\WINDOWS\SysWow64\tdc.ocx
2017-04-28 00:21:14 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-04-28 00:20:50 44032 ----a-w- C:\WINDOWS\SysWow64\virtdisk.dll
2017-04-28 00:20:47 141824 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
2017-04-28 00:19:26 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2017-04-28 00:19:15 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2017-04-28 00:19:05 138240 ----a-w- C:\WINDOWS\SysWow64\DisplayManager.dll
2017-04-28 00:18:43 450560 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
2017-04-28 00:18:37 255488 ----a-w- C:\WINDOWS\SysWow64\unimdm.tsp
2017-04-28 00:18:35 285184 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
2017-04-28 00:17:57 136192 ----a-w- C:\WINDOWS\SysWow64\WinRtTracing.dll
2017-04-28 00:17:50 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2017-04-28 00:17:36 95232 ----a-w- C:\WINDOWS\SysWow64\BluetoothApis.dll
2017-04-28 00:17:30 328192 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2017-04-28 00:17:01 142336 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
2017-04-28 00:16:36 184320 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
.
============= FINISH: 17:42:27.62 ===============
Attached Files
File Type: txt attach.txt (7.2 KB, 10 views)
1true3 is offline  
Sponsored Links
Advertisement
 
Old 07-02-2017, 02:17 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-02-2017, 09:38 PM   #3
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Hello Chemist!

Thank you for responding. I have followed your directions - please let me know if I left anything out. Have a great weekend!


# AdwCleaner v6.047 - Logfile created 02/07/2017 at 22:58:26
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : eliza - DESKTOP-22FSQA5
# Running from : C:\Users\eliza\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\5bfc0698-9fdd-4bfb-b1c1-01f06f167eca
[-] Folder deleted: C:\ProgramData\85c1db5e-10f8-4f16-baca-a0ff1024749e
[-] Folder deleted: C:\ProgramData\ece49eea-ff7b-48e1-808a-1dd641e64837


***** [ Files ] *****

[-] File deleted: C:\appverifier.txt
[-] File deleted: C:\Users\eliza\AppData\Roaming\Mozilla\Firefox\Profiles\td454u8p.default\invalidprefs.js
[-] File deleted: C:\Users\eliza\AppData\Roaming\Mozilla\Firefox\Profiles\td454u8p.default\searchplugins\yahoo! powered search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GPCWValidator
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GPCWValidator
[-] Key deleted: HKU\S-1-5-21-145279209-3776269785-760187474-1001\Software\WebBar
[#] Key deleted on reboot: HKCU\Software\WebBar
[-] Key deleted: HKLM\SOFTWARE\ByteFence
[#] Key deleted on reboot: [x64] HKCU\Software\WebBar
[-] Key deleted: [x64] HKLM\SOFTWARE\GPCWValidatorService
[-] Key deleted: [x64] HKLM\SOFTWARE\ussc-pr
[-] Key deleted: HKU\S-1-5-21-145279209-3776269785-760187474-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516}
[-] Data restored: HKU\S-1-5-21-145279209-3776269785-760187474-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-21-145279209-3776269785-760187474-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}
[-] Value deleted: HKU\S-1-5-21-145279209-3776269785-760187474-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WebBar Toolbar]
[-] Value deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [winwb.exe]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [ByteFence.exe]


***** [ Web browsers ] *****

[-] Firefox preferences cleaned: "browser.search.defaultenginename" - "Yahoo! Powered"
[-] Firefox preferences cleaned: "browser.search.defaultenginename.US" - "Yahoo! Powered"
[-] Firefox preferences cleaned: "browser.search.selectedEngine" - "Yahoo! Powered"
[-] [C:\Users\eliza\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yahoo! powered
[-] [C:\Users\eliza\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_17_22&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0FtD0DzzyB0B0EyCyD0AtN0D0Tzu0StCzyyByDtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEtD0BzyyCtCtBtAtGtByC0E0DtG0EtDtC0CtGtByB0DyBtG0CtCyEtBtBzz0FyDyDtByE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtD0CtCzytCtD0FtG0AyEyC0EtGyEtCtCzytG0AzytDyDtGtAtA0FtD0Czz0ByCtDtBtByB2QtN0A0LzuyE%26cr%3D1038083927%26a%3Dwbf_instlmtrx_17_22%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
[-] [C:\Users\eliza\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_17_22&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEtB0Bzzzy0A0FtD0DzzyB0B0EyCyD0AtN0D0Tzu0StCzyyByDtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEtD0BzyyCtCtBtAtGtByC0E0DtG0EtDtC0CtGtByB0DyBtG0CtCyEtBtBzz0FyDyDtByE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtD0CtCzytCtD0FtG0AyEyC0EtGyEtCtCzytG0AzytDyDtGtAtA0FtD0Czz0ByCtDtBtByB2QtN0A0LzuyE%26cr%3D1038083927%26a%3Dwbf_instlmtrx_17_22%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
[-] [C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: minecraft-server.en.softonic.com
[-] [C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: undertale.en.softonic.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5573 Bytes] - [02/07/2017 22:58:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [5057 Bytes] - [02/07/2017 22:56:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5719 Bytes] ##########















Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by eliza (administrator) on DESKTOP-22FSQA5 (02-07-2017 23:16:14)
Running from C:\Users\eliza\Desktop
Loaded Profiles: eliza (Available Profiles: eliza)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apowersoft) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowersoftAndroidDaemon.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f50bd0\TiWorker.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-23] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [600496 2015-07-07] (Waves Audio Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-145279209-3776269785-760187474-1001\...\Run: [ApowerMirror] => C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe [2712728 2017-01-17] (Apowersoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-09-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.233.207.8 64.233.207.9
Tcpip\..\Interfaces\{27a08386-2875-4f31-9db4-a2309f7b6b48}: [DhcpNameServer] 172.51.1.171
Tcpip\..\Interfaces\{71a9e07a-f109-4d37-9d17-800d19148fde}: [DhcpNameServer] 64.233.207.8 64.233.207.9

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-145279209-3776269785-760187474-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=7051_33220005005_4.30.418452.227_u_hp
HKU\S-1-5-21-145279209-3776269785-760187474-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {E22DF3EE-566B-4FD2-9826-7B0EE21868DC} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E22DF3EE-566B-4FD2-9826-7B0EE21868DC} URL =
SearchScopes: HKU\S-1-5-21-145279209-3776269785-760187474-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-27] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: td454u8p.default
FF ProfilePath: C:\Users\eliza\AppData\Roaming\Mozilla\Firefox\Profiles\td454u8p.default [2017-07-02]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-27] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-145279209-3776269785-760187474-1001: @nsroblox.roblox.com/launcher -> C:\Users\eliza\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-145279209-3776269785-760187474-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\eliza\AppData\Local\Roblox\Versions\version-832e7c1e64f340cc\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/yhs/search?p={searchTerms}&hspart=comodo&hsimp=yhs-ccs&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default [2017-07-02]
CHR Extension: (Google Slides) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google Search) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Sheets) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-09]
CHR Extension: (Yahoo Partner) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2017-05-31]
CHR Extension: (Search Manager) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-29]
CHR Extension: (Gmail) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-29]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-145279209-3776269785-760187474-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-145279209-3776269785-760187474-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286872 2015-09-09] (Broadcom Corporation.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-23] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-09-09] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11767552 2015-12-08] (Broadcom Corp)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-02] (Malwarebytes)
R1 MpKsl2ad48e8a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF81EFCD-5A0E-47FD-8ED0-734BE50003E9}\MpKsl2ad48e8a.sys [44928 2017-06-30] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2016-03-20] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 23:16 - 2017-07-02 23:17 - 00018701 _____ C:\Users\eliza\Desktop\FRST.txt
2017-07-02 23:15 - 2017-07-02 23:16 - 00000000 ____D C:\FRST
2017-07-02 23:13 - 2017-07-02 23:14 - 02435584 _____ (Farbar) C:\Users\eliza\Desktop\FRST64.exe
2017-07-02 22:52 - 2017-07-02 22:58 - 00000000 ____D C:\AdwCleaner
2017-07-02 22:52 - 2017-07-02 22:52 - 04110280 _____ C:\Users\eliza\Desktop\AdwCleaner.exe
2017-06-30 17:42 - 2017-06-30 17:42 - 00038133 _____ C:\Users\eliza\Desktop\dds.txt
2017-06-30 17:42 - 2017-06-30 17:42 - 00007338 _____ C:\Users\eliza\Desktop\attach.txt
2017-06-30 17:40 - 2017-06-30 17:40 - 00688992 ____R (Swearware) C:\Users\eliza\Desktop\dds.scr
2017-06-30 17:13 - 2017-06-30 17:13 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2017-06-30 17:11 - 2017-06-30 17:13 - 15065792 _____ (Microsoft Corporation) C:\Users\eliza\Desktop\MSEInstall (1).exe
2017-06-30 17:11 - 2017-06-30 17:13 - 12231000 _____ (Microsoft Corporation) C:\Users\eliza\Desktop\MSEInstall (2).exe
2017-06-30 17:09 - 2017-06-30 17:10 - 03328910 _____ C:\Users\eliza\Desktop\Windows6.1-KB3102810-x64 (1).msu
2017-06-30 17:07 - 2017-06-30 17:09 - 03328910 _____ C:\Users\eliza\Desktop\Windows6.1-KB3102810-x64.msu
2017-06-29 23:01 - 2017-06-29 23:03 - 15065792 _____ (Microsoft Corporation) C:\Users\eliza\Desktop\MSEInstall.exe
2017-06-29 22:57 - 2017-06-29 22:59 - 44060880 _____ (Microsoft Corporation) C:\Users\eliza\Desktop\Windows-KB890830-x64-V5.49.exe
2017-06-29 22:57 - 2017-06-29 22:57 - 02549112 _____ (Microsoft Corporation) C:\Users\eliza\Desktop\DefaultPack.EXE
2017-06-04 19:59 - 2017-06-04 19:59 - 06754944 _____ (ESET spol. s r.o.) C:\Users\eliza\Downloads\esetonlinescanner_enu (1).exe
2017-06-04 17:00 - 2017-06-04 17:00 - 06754944 _____ (ESET spol. s r.o.) C:\Users\eliza\Downloads\esetonlinescanner_enu.exe
2017-06-04 17:00 - 2017-06-04 17:00 - 00000000 ____D C:\Users\eliza\AppData\Local\ESET

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 23:13 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-02 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-02 23:07 - 2016-10-08 04:03 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-02 23:07 - 2015-12-22 22:06 - 00000000 __SHD C:\Users\eliza\IntelGraphicsProfiles
2017-07-02 23:06 - 2017-05-31 23:39 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-02 23:06 - 2016-10-08 04:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-02 23:05 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-02 23:05 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-01 13:48 - 2016-10-08 03:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-30 18:10 - 2015-12-22 22:31 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-30 07:00 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-29 23:00 - 2016-02-14 18:55 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-29 20:54 - 2017-05-31 23:39 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-29 19:42 - 2017-05-31 23:39 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-29 19:42 - 2017-05-31 23:39 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-29 19:42 - 2017-05-31 23:39 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-29 19:37 - 2016-12-22 08:36 - 00002365 _____ C:\Users\eliza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-29 19:37 - 2015-12-22 22:10 - 00000000 ___RD C:\Users\eliza\OneDrive
2017-06-04 17:13 - 2017-05-29 00:51 - 00000000 ____D C:\Program Files\System~Care
2017-06-04 16:38 - 2015-09-09 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-04 16:37 - 2015-09-09 16:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-04 16:24 - 2015-09-09 16:22 - 00000000 ____D C:\Program Files\Dell
2017-06-04 10:20 - 2016-03-05 07:42 - 00000335 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt
2017-06-03 01:36 - 2017-03-18 17:42 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 01:36 - 2017-03-18 17:42 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-10-08 04:02 - 2016-10-08 04:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-09 16:19 - 2015-09-09 16:19 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-09-09 16:14 - 2015-09-09 16:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-09-09 16:17 - 2015-09-09 16:19 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-09-09 16:15 - 2015-09-09 16:17 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

Some files in TEMP:
====================
2017-01-27 00:53 - 2017-01-27 00:53 - 0739904 _____ (Oracle Corporation) C:\Users\eliza\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-27 00:01 - 2017-05-27 00:01 - 0739904 _____ (Oracle Corporation) C:\Users\eliza\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-02-23 05:43 - 2016-02-23 05:43 - 0120336 _____ (McAfee, Inc.) C:\Users\eliza\AppData\Local\Temp\McCSPInstall.dll
2017-05-31 19:51 - 2016-02-23 05:43 - 0123360 _____ (McAfee Inc.) C:\Users\eliza\AppData\Local\Temp\mccspuninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-31 20:36

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (32.3 KB, 5 views)
1true3 is offline  
Sponsored Links
Advertisement
 
Old 07-04-2017, 01:59 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello 1true3. You're very welcome. Actually, Windows Defender is adequate protection, in my opinion. It's all I use on my Win10 machines.

As far as Windows Updates, I'm not seeing any problems in your Event Viewer section.

What is showing under Update Status when you go Settings > Update & Security?

Also, I'm not seeing anything malicious in your logs, just some minor stuff.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    Task: {955C1983-5CB6-49C0-A6C7-F57305C77872} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
    GroupPolicy: Restriction <==== ATTENTION
    SearchScopes: HKLM -> DefaultScope {E22DF3EE-566B-4FD2-9826-7B0EE21868DC} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {E22DF3EE-566B-4FD2-9826-7B0EE21868DC} URL =
    SearchScopes: HKU\S-1-5-21-145279209-3776269785-760187474-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-07-2017, 05:52 AM   #5
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home


Thumbs Up

Thank you Chemist - after running FRST with your script this morning, the updates are finally installing successfully! Windows Defender does work well as long as the updates are occurring on a regular basis. I am awaiting further instruction - if necessary.

Happy Friday!
1true3 is offline  
Old 07-07-2017, 06:12 AM   #6
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Oops! Forgot to add this!

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by eliza (07-07-2017 06:54:57) Run:1
Running from C:\Users\eliza\Desktop
Loaded Profiles: eliza (Available Profiles: eliza)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {955C1983-5CB6-49C0-A6C7-F57305C77872} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {E22DF3EE-566B-4FD2-9826-7B0EE21868DC} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E22DF3EE-566B-4FD2-9826-7B0EE21868DC} URL =
SearchScopes: HKU\S-1-5-21-145279209-3776269785-760187474-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{955C1983-5CB6-49C0-A6C7-F57305C77872} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{955C1983-5CB6-49C0-A6C7-F57305C77872} => key removed successfully
C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-145279209-3776269785-760187474-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44692344 B
Java, Flash, Steam htmlcache => 2190 B
Windows/system/drivers => 575538722 B
Edge => 279936938 B
Chrome => 503200511 B
Firefox => 54174768 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 75732 B
systemprofile32 => 9135296 B
LocalService => 84570 B
NetworkService => 10532 B
eliza => 1239022310 B

RecycleBin => 46134287 B
EmptyTemp: => 2.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:02:33 ====
1true3 is offline  
Old 07-07-2017, 09:00 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, 1true3. You're very welcome. Glad to hear it.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-08-2017, 06:24 AM   #8
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Hello Chemist,

The requested logs:

***************MBAM LOG

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/8/17
Scan Time: 4:26 AM
Log File: MBAM log 7-8.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2317
License: Expired

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-22FSQA5\eliza

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374067
Threats Detected: 81
Threats Quarantined: 81
Time Elapsed: 18 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 11
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin\icons, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\_metadata, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\USERS\ELIZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [542], [405070],1.0.2317

File: 70
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\neue-bold.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\neue.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\128.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\16.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\48.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\close.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\favicon.ico, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\01d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\01n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\02d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\02n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\03d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\03n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\04d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\04n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\09d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\09n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\10d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\10n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\11d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\11n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\13d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\13n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\50d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\50n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bing.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bing_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bluesky-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\brush.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bt.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\clock.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\cloud.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\cupcake-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\desk-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\doodle.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\down.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\eyeglass.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\google.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\google_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\hero-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\just-the-box.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\mountain-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\pointer2.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\sea-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\settings.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\bundle.v0.0.1.min.css, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin\icons\16.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\md5.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\react-dom.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\react-with-addons.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\underscore-min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\_metadata\verified_contents.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\background.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\background.v0.0.1.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\client.v0.0.1.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\common.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\e_.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\index.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\manifest.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\popupTab2.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\popupTab2.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\responseConfig.json, Quarantined, [542], [405070],1.0.2317

Physical Sector: 0
(No malicious items detected)


(end)Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/8/17
Scan Time: 4:26 AM
Log File: MBAM log 7-8.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2317
License: Expired

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-22FSQA5\eliza

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374067
Threats Detected: 81
Threats Quarantined: 81
Time Elapsed: 18 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 11
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin\icons, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\_metadata, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\USERS\ELIZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [542], [405070],1.0.2317

File: 70
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\neue-bold.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\neue.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\128.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\16.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\48.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\close.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\favicon.ico, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\01d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\01n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\02d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\02n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\03d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\03n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\04d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\04n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\09d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\09n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\10d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\10n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\11d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\11n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\13d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\13n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\50d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\50n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bing.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bing_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bluesky-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\brush.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bt.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\clock.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\cloud.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\cupcake-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\desk-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\doodle.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\down.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\eyeglass.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\google.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\google_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\hero-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\just-the-box.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\mountain-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\pointer2.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\sea-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\settings.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\bundle.v0.0.1.min.css, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin\icons\16.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\md5.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\react-dom.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\react-with-addons.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\underscore-min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\_metadata\verified_contents.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\background.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\background.v0.0.1.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\client.v0.0.1.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\common.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\e_.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\index.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\manifest.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\popupTab2.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\popupTab2.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\responseConfig.json, Quarantined, [542], [405070],1.0.2317

Physical Sector: 0
(No malicious items detected)


(end)Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/8/17
Scan Time: 4:26 AM
Log File: MBAM log 7-8.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2317
License: Expired

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-22FSQA5\eliza

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374067
Threats Detected: 81
Threats Quarantined: 81
Time Elapsed: 18 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 11
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin\icons, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\_metadata, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\USERS\ELIZA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [542], [405070],1.0.2317

File: 70
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\neue-bold.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\fonts\neue.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\128.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\16.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\48.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\close.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\icons\favicon.ico, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\01d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\01n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\02d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\02n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\03d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\03n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\04d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\04n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\09d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\09n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\10d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\10n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\11d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\11n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\13d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\13n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\50d.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\weather\50n.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bing.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bing_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bluesky-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\brush.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\bt.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\clock.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\cloud.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\cupcake-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\desk-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\doodle.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\down.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\eyeglass.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\google.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\google_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\hero-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\just-the-box.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\mountain-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\pointer2.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\sea-bg.jpg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\settings.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo.svg, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\images\yahoo_large.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\content\bundle.v0.0.1.min.css, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\skin\icons\16.png, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\md5.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\react-dom.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\react-with-addons.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\vendor\underscore-min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\_metadata\verified_contents.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\background.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\background.v0.0.1.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\client.v0.0.1.min.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\common.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\e_.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\index.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\manifest.json, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\popupTab2.html, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\popupTab2.js, Quarantined, [542], [405070],1.0.2317
PUP.Optional.SearchManager, C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.0.70_0\responseConfig.json, Quarantined, [542], [405070],1.0.2317

Physical Sector: 0
(No malicious items detected)


(end)





*****************ESET REPORT

C:\Users\eliza\Downloads\Minecraft_0598071274.exe Win32/InstallCore.Gen.A potentially unwanted application



I await further instruction, if necessary.
Have a great weekend!
1true3 is offline  
Old 07-08-2017, 08:02 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, 1true3. You also.

Sorry, I missed the Search Manager extension in Chrome. Those are the entries remaining after each MBAM run.

---------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-145279209-3776269785-760187474-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
    C:\Users\eliza\Downloads\Minecraft_0598071274.exe
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Open Chrome and copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://extensions

Click the trash can icon by Search Manager.

When prompted, click 'Remove'. Restart Chrome.

Are those entries still detected by MBAM?

---------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-11-2017, 09:36 PM   #10
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Hello Chemist,

Please excuse the lateness of my reply. I am running MBAM now and will post the results upon completion.

Thank you for your assistance!
1true3 is offline  
Old 07-11-2017, 10:12 PM   #11
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Good evening Chemist,

Search Manager was not found in Chrome extensions but Yahoo Search was (deleted). MBAM found nothing. I am running eset now. I made a mistake and didn't delete the previous fixlog before I ran FRST64 (it's been a rough week). Should i run it again?
1true3 is offline  
Old 07-12-2017, 04:58 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Are you sure the Fixlog.txt on your desk is the old one?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-12-2017, 05:13 PM   #13
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Not sure - just a possibility. Here it is:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by eliza (11-07-2017 23:15:49) Run:2
Running from C:\Users\eliza\Desktop
Loaded Profiles: eliza (Available Profiles: eliza)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-145279209-3776269785-760187474-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
C:\Users\eliza\Downloads\Minecraft_0598071274.exe
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKU\S-1-5-21-145279209-3776269785-760187474-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
C:\Users\eliza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => moved successfully
C:\Users\eliza\Downloads\Minecraft_0598071274.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 569577 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9630640 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 133067 B
Edge => 0 B
Chrome => 175679009 B
Firefox => 4426960 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
eliza => 13931808 B

RecycleBin => 42362912 B
EmptyTemp: => 235.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:16:54 ====
1true3 is offline  
Old 07-12-2017, 06:41 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Yep, that is the log from the most recent run. Good job!

Up to you whether to run ESET again.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-12-2017, 07:14 PM   #15
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Thank you for the positive reinforcement, much appreciated - rough week. I ran eset and it just found the same item as the previous run in MBAM quarantine. All good?
1true3 is offline  
Old 07-13-2017, 02:20 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, 1true3. You're very welcome! Glad to hear it.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-13-2017, 08:45 PM   #17
Registered Member
 
Join Date: Oct 2008
Posts: 27
OS: Windows 10 Home



Thank you for your help. I will make sure that she makes sure this doesn't happen again!
1true3 is offline  
Old 07-13-2017, 08:49 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, 1true3! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] help!!!! guy gone crazy with bluscreans!!!:@:@
i have an intel dh55hc motherboard in my pc i built my pc during summertime and at that time i got the patriot ram ... the whole stock had problems .. (they work with onestick bt the pc wont boot with 2 sticks) so i had a stick of 2gigs of that ram .. then i upgraded it with a kingston ram ..and...
avok95 Motherboards, Bios & CPU 21 11-17-2013 06:14 AM
Suspect virus that is undetected
It seems that IE 8 is not loading pages well. As I navigate through websites, I get stuttering and have to wait for the page to load. I am getting many instances where I have unresponsive pages. This is escalating to 10 or more times a day and on various websites. A couple of days ago, I...
Ladysmith94 Resolved HJT Threads 58 09-22-2013 07:56 AM
Suspect audio virus and tool bar removal
Good evening and thank you for your efforts so far. I use an Acer AX1200-B1581A running Win 7 64 bit. Every audio source that I play is interrupted with silence or tone intervention. This includes internet sources as well as CD drive. I am older, my glasses are in the shop and I sincerely hope I...
sonofwilliam Resolved HJT Threads 81 03-19-2013 08:30 AM
BSOD with new vegas
Hi, I usually played this game fine, it BSOD a couple of time during gameplay but they were always isoleted accidents. Now I've re installed it and Every time I go out of the first building it BSOD after the loading screen. I've done a memory check and it came out without errors. Can someone...
Eingya PC Gaming Support 2 11-21-2012 03:31 PM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:05 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts